Blender: Self-randomizing Address Space Layout for Android Apps
作者: Mingshen Sun , John C. S. Lui , Yajin Zhou
DOI: 10.1007/978-3-319-45719-2_21
关键词:
摘要: In this paper, we first demonstrate that the newly introduced Android RunTime (ART) in latest versions (Android 5.0 or above) exposes a new attack surface, namely, “return-to-art” (ret2art) attack. Unlike traditional return-to-library attacks, ret2art abuses framework APIs (e.g., API to send SMS) as payloads conveniently perform malicious operations. This along with weakened ASLR implementation system, makes successful exploiting of vulnerable apps much easier. To mitigate threat and provide self-protection for apps, propose user-level solution called Blender, which is able self-randomize address space layout apps. Specifically, an app using our Blender randomly rearranges loaded libraries runtime executable code app’s process, achieving higher memory entropy compared vanilla app. requires no changes nor underlying Linux kernel, thus non-invasive easy-to-deploy solution. Our evaluation shows only incurs around 6 MB footprint increase does not affect other without system. It increases 0.3 s starting delay, imposes negligible CPU battery overheads.
springer.com
sci-hub.st 参考文章(41)
Damien Octeau, William Enck, Patrick McDaniel, Swarat Chaudhuri, A study of android application security usenix security symposium. pp. 21- 21 ,(2011)
Timothy Vidas, Nicolas Christin, Daniel Votipka, All your droid are belong to us: a survey of current android attacks WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies. pp. 10- 10 ,(2011)
Victor van der Veen, Nitish dutt-Sharma, Lorenzo Cavallaro, Herbert Bos, Memory Errors: The Past, the Present, and the Future Research in Attacks, Intrusions, and Defenses. pp. 86- 106 ,(2012) , 10.1007/978-3-642-33338-5_5
Chuangang Ren, Hui Xue, Yulong Zhang, Peng Liu, Tao Wei, Towards discovering and understanding task hijacking in android usenix security symposium. pp. 945- 959 ,(2015)
Roee Hay, Or Peles, One class to rule them all 0-day deserialization vulnerabilities in android WOOT'15 Proceedings of the 9th USENIX Conference on Offensive Technologies. pp. 5- 5 ,(2015)
Úlfar Erlingsson, Low-level software security: attacks and defenses Foundations of security analysis and design IV. pp. 92- 134 ,(2007) , 10.1007/978-3-540-74810-6_4
Ross Anderson, Hassen Saïdi, Rubin Xu, Aurasium: practical policy enforcement for Android applications usenix security symposium. pp. 27- 27 ,(2012)
Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna, What the App is That? Deception and Countermeasures in the Android User Interface 2015 IEEE Symposium on Security and Privacy. pp. 931- 948 ,(2015) , 10.1109/SP.2015.62
Lok Kwong Yan, Heng Yin, DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis usenix security symposium. pp. 29- 29 ,(2012)
Alexander Moshchuk, Adrienne Porter Felt, Helen J. Wang, Erika Chin, Steven Hanna, Permission re-delegation: attacks and defenses usenix security symposium. pp. 22- 22 ,(2011)