A Systematic Security Evaluation of Android's Multi-User Framework
作者: Yousra Aafer , Amit Ahlawat , Yifei Wang , Wenliang Du , Hao Hao
DOI:
关键词:
摘要: Like many desktop operating systems in the 1990s, Android is now process of including support for multi- user scenarios. Because these scenarios introduce new threats to system, we should have an understanding how well system design addresses them. Since security implications multi-user are truly pervasive, developed a systematic approach studying and identifying problems. Unlike other approaches that focus on specific attacks or threat models, ours systematically identifies critical places where access controls not present do properly identify subject object decision. Finding gives us insight into hypothetical could result, allows experiments test our hypothesis. Following overview features their imple- mentation, describe methodology, partial list most interesting hypotheses, used Our findings indicate current only partially threats, leaving door open number significant vulnerabilities privacy issues. span spectrum root causes, from simple oversights, all way major We conclude there still long go before can be anything more than casual sharing environments.
syr.edu
harvard.edu
arxiv.org参考文章(23)
Damien Octeau, William Enck, Patrick McDaniel, Swarat Chaudhuri, A study of android application security usenix security symposium. pp. 21- 21 ,(2011)
Sven Bugiel, Ahmad-Reza Sadeghi, Stephan Heuser, Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies usenix security symposium. pp. 131- 146 ,(2013)
Shashi Shekhar, Michael Dietz, Anhei Shu, Dan S. Wallach, Yuliy Pisetsky, Quire: lightweight provenance for smart phone operating systems usenix security symposium. pp. 23- 23 ,(2011)
Davide Anguita, Alessandro Ghio, Luca Oneto, Xavier Parra, Jorge L. Reyes-Ortiz, Human activity recognition on smartphones using a multiclass hardware-friendly support vector machine international workshop on ambient assisted living. pp. 216- 223 ,(2012) , 10.1007/978-3-642-35395-6_30
Alexander Moshchuk, Adrienne Porter Felt, Helen J. Wang, Erika Chin, Steven Hanna, Permission re-delegation: attacks and defenses usenix security symposium. pp. 22- 22 ,(2011)
Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee, Guofei Jiang, CHEX Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 229- 240 ,(2012) , 10.1145/2382196.2382223
Jennifer R. Kwapisz, Gary M. Weiss, Samuel A. Moore, Activity recognition using cell phone accelerometers ACM SIGKDD Explorations Newsletter. ,vol. 12, pp. 74- 82 ,(2011) , 10.1145/1964897.1964918
Felix Rohrer, Yuting Zhang, Lou Chitkushev, Tanya Zlateva, DR BACA: dynamic role based access control for Android annual computer security applications conference. pp. 299- 308 ,(2013) , 10.1145/2523649.2523676
Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig, Joy Zhang, ACCessory Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications - HotMobile '12. pp. 9- ,(2012) , 10.1145/2162081.2162095
Patrick P.F. Chan, Lucas C.K. Hui, S. M. Yiu, DroidChecker: analyzing android applications for capability leak wireless network security. pp. 125- 136 ,(2012) , 10.1145/2185448.2185466