Security considerations related to the use of mobile devices in the operation of critical infrastructures
作者: Alessandro Armando , Alessio Merlo , Luca Verderame
DOI: 10.1016/J.IJCIP.2014.10.002
关键词:
摘要: An increasing number of attacks by mobile malware have begun to target critical infrastructure assets. Since attempts defeat the security mechanisms provided an operating system, it is paramount importance understand strengths and weaknesses frameworks device systems such as Android. Many recently discovered vulnerabilities suggest that issues may be hidden in cross-layer interplay between Android layers underlying Linux kernel. This paper presents empirical evaluation interactions layers. The experiments indicate Security Framework does not discriminate callers invocations kernel, thereby enabling applications directly interact with shows how this trait allows adversely affect devices exploiting previously unknown unveiled analyses interplay. impact resulting on infrastructures discussed. Finally, enhancement proposed for detecting preventing direct kernel applications, dramatically reducing malware.
core.ac.uk
acm.org
elsevier.com
ai-lab.it 参考文章(25)
Vassiliki Koufi, Flora Malamateniou, George Vassilacopoulos, Andriana Prentza, An Android-Enabled Mobile Framework for Ubiquitous Access to Cloud Emergency Medical Services ieee international conference on cloud computing technology and science. pp. 95- 101 ,(2012) , 10.1109/NCCA.2012.30
Atsushi Igarashi, Benjamin C. Pierce, Philip Wadler, Featherweight Java ACM Transactions on Programming Languages and Systems. ,vol. 23, pp. 396- 450 ,(2001) , 10.1145/503502.503505
Alessandro Armando, Gabriele Costa, Alessio Merlo, None, Bring your own device, securely acm symposium on applied computing. pp. 1852- 1858 ,(2013) , 10.1145/2480362.2480707
Joms Antony, Bichu Vijayan, Sudhin Joy, G S Santhoshkumar, Nikhil Chandran, Ubiquitous patient monitoring and smart alert generation in an intensive care unit supported by low cost Tablet PC based automation system powered through open source software and hardware platforms global humanitarian technology conference. pp. 334- 339 ,(2013) , 10.1109/GHTC-SAS.2013.6629941
Yang Ishigaki, Yoshinori Matsumoto, Ryo Ichimiya, Kenji Tanaka, Development of Mobile Radiation Monitoring System Utilizing Smartphone and Its Field Tests in Fukushima IEEE Sensors Journal. ,vol. 13, pp. 3520- 3526 ,(2013) , 10.1109/JSEN.2013.2272734
Avik Chaudhuri, Language-based security on Android Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security - PLAS '09. pp. 1- 7 ,(2009) , 10.1145/1554339.1554341
William Enck, Machigar Ongtang, Patrick McDaniel, Understanding Android Security ieee symposium on security and privacy. ,vol. 7, pp. 50- 57 ,(2009) , 10.1109/MSP.2009.26
Alessandro Armando, Gabriele Costa, Alessio Merlo, Formal Modeling and Reasoning about the Android Security Framework trustworthy global computing. pp. 64- 81 ,(2012) , 10.1007/978-3-642-41157-1_5
A.-D. Schmidt, R. Bye, H.-G. Schmidt, J. Clausen, O. Kiraz, K. A. Yuksel, S. A. Camtepe, S. Albayrak, Static Analysis of Executables for Collaborative Malware Detection on Android international conference on communications. pp. 631- 635 ,(2009) , 10.1109/ICC.2009.5199486
Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy, Privilege escalation attacks on android international conference on information security. pp. 346- 360 ,(2010) , 10.1007/978-3-642-18178-8_30