Systematic Detection of Capability Leaks in Stock Android Smartphones.
作者: Xuxian Jiang , Yajin Zhou , Michael C. Grace , Zhi Wang
DOI:
关键词:
摘要: Recent years have witnessed a meteoric increase in the adoption of smartphones. To manage information and features on such phones, Android provides permission-based security model that requires each application to explicitly request permissions before it can be installed run. In this paper, we analyze eight popular smartphones discover stock phone images do not properly enforce permission model. Several privileged are unsafely exposed other applications which need them for actual use. identify these leaked or capabilities, developed tool called Woodpecker. Our results with show among 13 examined so far, 11 were leaked, individual phones leaking up permissions. By exploiting them, an untrusted wipe out user data, send SMS messages, record conversation affected – all without asking any permission.
fsu.edu 
columbia.edu 
ndss-symposium.org 参考文章(31)
Yajin Zhou, Xinwen Zhang, Xuxian Jiang, Vincent W. Freeh, Taming information-stealing smartphone applications (on Android) trust and trustworthy computing. pp. 93- 107 ,(2011) , 10.1007/978-3-642-21599-5_7
Damien Octeau, William Enck, Patrick McDaniel, Swarat Chaudhuri, A study of android application security usenix security symposium. pp. 21- 21 ,(2011)
Jong Youl Choi, Ninghui Li, Zhuowei Li, XiaoFeng Wang, PRECIP: Towards Practical and Retrofittable Confidential Information Protection. network and distributed system security symposium. ,(2008)
Raja Vallee-Rai, Patrick Lam, Vijay Sundaresan, Laurie Hendren, Phong Co, Etienne M. Gagnon, Soot---a java optimization framework conference of the centre for advanced studies on collaborative research. ,(1999)
Manuel Egele, Christopher Kruegel, Engin Kirda, Giovanni Vigna, PiOS : Detecting privacy leaks in iOS applications network and distributed system security symposium. ,(2011)
Shashi Shekhar, Michael Dietz, Anhei Shu, Dan S. Wallach, Yuliy Pisetsky, Quire: lightweight provenance for smart phone operating systems usenix security symposium. pp. 23- 23 ,(2011)
Alexander Moshchuk, Adrienne Porter Felt, Helen J. Wang, Erika Chin, Steven Hanna, Permission re-delegation: attacks and defenses usenix security symposium. pp. 22- 22 ,(2011)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Wu Zhou, Yajin Zhou, Xuxian Jiang, Peng Ning, Detecting repackaged smartphone applications in third-party android marketplaces Proceedings of the second ACM conference on Data and Application Security and Privacy - CODASKY '12. pp. 317- 326 ,(2012) , 10.1145/2133601.2133640
William Enck, Machigar Ongtang, Patrick McDaniel, On lightweight mobile phone application certification computer and communications security. pp. 235- 245 ,(2009) , 10.1145/1653662.1653691