Using Labeling to Prevent Cross-Service Attacks Against Smart Phones
作者: Collin Mulliner , Giovanni Vigna , David Dagon , Wenke Lee
DOI: 10.1007/11790754_6
关键词:
摘要: Wireless devices that integrate the functionality of PDAs and cell phones are becoming commonplace, making different types network services available to mobile applications. However, integration allows an attacker cross service boundaries. For example, attack carried out through wireless interface may eventually provide access phone functionality. This type attacks can cause considerable damage because some (e.g., GSM-based services) charge user based on traffic or time use. In this paper, we demonstrate feasibility these by developing a proof-of-concept exploit crosses To address security issues, developed solution resource labeling. We modified kernel integrated device so processes files marked in way one regulate system resources. Labels set when certain accessed. The labeling is then transferred between resources as result either execution. also defined language for creating rules, demonstrated how be used prevent attempt Experimental evaluation shows implementation introduces little overhead. Our orthogonal other protection schemes provides critical defense growing problem viruses worms
springer.com
core.ac.uk
springerlink.com
ucsb.edu 参考文章(12)
Robert N. M. Watson, TrustedBSD: Adding Trusted Operating System Features to FreeBSD usenix annual technical conference. pp. 15- 28 ,(2001)
Chris Anley, David Litchfield, Dave Aitel, Riley Hassell, Jack Koziol, Sinan Eren, Neel Mehta, The Shellcoder's Handbook: Discovering and Exploiting Security Holes ,(2004)
Timothy Fraser, LOMAC: MAC You Can Live With usenix annual technical conference. pp. 1- 13 ,(2001)
Perry Wagle, Jonathan Walpole, Calton Pu, Steve Beattie, Aaron Grier, Crispin Cowan, Heather Hintony, Qian Zhang, Peat Bakke, Dave Maier, StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks usenix security symposium. pp. 5- 5 ,(1998)
J A R I Hämäläinen, General packet radio service Springer, Boston, MA. pp. 65- 80 ,(1998) , 10.1007/0-306-47045-4_4
Peter Loscocco, Stephen Smalley, Integrating Flexible Support for Security Policies into the Linux Operating System usenix annual technical conference. pp. 29- 42 ,(2001)
Ravi Sandhu, David Ferraiolo, Richard Kuhn, The NIST model for role-based access control: towards a unified standard Proceedings of the fifth ACM workshop on Role-based access control. pp. 47- 63 ,(2000) , 10.1145/344287.344301
SIP: Session Initiation Protocol RFC3261. ,vol. 2543, pp. 1- 151 ,(2002) , 10.1201/9781420070910-13
Guy Edjlali, Anurag Acharya, Vipin Chaudhary, History-based access control for mobile code computer and communications security. pp. 38- 48 ,(1998) , 10.1145/288090.288102
A. Sabelfeld, A.C. Myers, Language-based information-flow security IEEE Journal on Selected Areas in Communications. ,vol. 21, pp. 5- 19 ,(2003) , 10.1109/JSAC.2002.806121