LaChouTi: kernel vulnerability responding framework for the fragmented Android devices
作者: Jingzheng Wu , Mutian Yang
关键词:
摘要: The most criticized problem in the Android ecosystem is fragmentation, i.e., 24,093 devices wild are made by 1,294 manufacturers and installed with extremely customized operating systems. existence of so many different active versions makes security updates vulnerability responses across whole range difficult. In this paper, we seek to respond unpatched kernel vulnerabilities for fragmented devices. Specifically, propose implement LaChouTi, which an automated update framework consisting cloud service end application update. LaChouTi first tracks identifies exposed according CVE-Patch map target kernels. Then, it generates differential binary patches identified results. Finally, pushes applies We evaluate using 12 Nexus that have versions, series manufacturers, find 1922 these results show that: (1) risk caused fragmentation serious; (2) proposed effective responding such risk. on new commercial collaborating four internationally renowned manufacturers. demonstrate manufacturers'security updates.
acm.org
sci-hub.se 参考文章(20)
Damien Octeau, William Enck, Patrick McDaniel, Swarat Chaudhuri, A study of android application security usenix security symposium. pp. 21- 21 ,(2011)
Sven Bugiel, Ahmad-Reza Sadeghi, Stephan Heuser, Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies usenix security symposium. pp. 131- 146 ,(2013)
Michalis Polychronakis, Angelos D. Keromytis, Vasileios P. Kemerlis, ret2dir: rethinking kernel isolation usenix security symposium. pp. 957- 972 ,(2014)
Chuangang Ren, Hui Xue, Yulong Zhang, Peng Liu, Tao Wei, Towards discovering and understanding task hijacking in android usenix security symposium. pp. 945- 959 ,(2015)
Georgios Portokalidis, Angelos D. Keromytis, Vasileios P. Kemerlis, kGuard: lightweight kernel protection against return-to-user attacks usenix security symposium. pp. 39- 39 ,(2012)
Anil Kurmus, Robby Zippel, A Tale of Two Kernels: Towards Ending Kernel Hardening Wars with Split Kernel computer and communications security. pp. 1366- 1377 ,(2014) , 10.1145/2660267.2660331
Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Ahmad-Reza Sadeghi, Bhargava Shastry, Practical and lightweight domain isolation on Android Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices - SPSM '11. pp. 51- 62 ,(2011) , 10.1145/2046614.2046624
Tianyue Luo, Chen Ni, Qing Han, Mutian Yang, Jingzheng Wu, Yanjun Wu, POSTER: PatchGen: Towards Automated Patch Detection and Generation for 1-Day Vulnerabilities computer and communications security. pp. 1656- 1658 ,(2015) , 10.1145/2810103.2810122
Yousra Aafer, Nan Zhang, Zhongwen Zhang, Xiao Zhang, Kai Chen, XiaoFeng Wang, Xiaoyong Zhou, Wenliang Du, Michael Grace, Hare Hunting in the Wild Android: A Study on the Threat of Hanging Attribute References computer and communications security. pp. 1248- 1259 ,(2015) , 10.1145/2810103.2813648
Enrico Bacis, Simone Mutti, Stefano Paraboschi, AppPolicyModules: Mandatory Access Control for Third-Party Apps computer and communications security. pp. 309- 320 ,(2015) , 10.1145/2714576.2714626