Exfiltrating Data from Managed Profiles in Android for Work
作者: Ruben de Vries , Tom Curran
DOI:
关键词:
摘要: In this paper we address whether it is possible to access data between managed and unmanaged profiles on Android devices enrolled Mobiel Device Management platforms. To answer question analyse the implementation of separation a Nexus 7 (2013) tablet with root privileges. During course our research were able move due lack file-based encryption device, provide simple application for demonstration. Another attack scenario via Binder IPC also proposed. Finally, recommendations mitigate such scenarios are given help improve upon these issues.
delaat.net参考文章(5)
Yousra Aafer, Amit Ahlawat, Yifei Wang, Wenliang Du, Hao Hao, E. Paul Ratazzi, A Systematic Security Evaluation of Android's Multi-User Framework arXiv: Cryptography and Security. ,(2014)
Chuangang Ren, Hui Xue, Yulong Zhang, Peng Liu, Tao Wei, Towards discovering and understanding task hijacking in android usenix security symposium. pp. 945- 959 ,(2015)
Nathan S. Evans, Azzedine Benameur, Yun Shen, All your Root Checks are Belong to Us Proceedings of the 13th ACM International Symposium on Mobility Management and Wireless Access. pp. 81- 88 ,(2015) , 10.1145/2810362.2810364
Nikolay Elenkov, Android Security Internals: An In-Depth Guide to Android's Security Architecture ,(2014)
Stephen Smalley, Robert Craig, Security Enhanced (SE) Android: Bringing Flexible MAC to Android. network and distributed system security symposium. ,(2013)