Before Unrooting your Android Phone, Patching up Permission System First!
作者: Zhongwen Zhang
DOI: 10.1007/978-3-319-15087-1_4
关键词:
摘要: A common attack goal on Android phones is to steal private data, which primarily protected by permission system. Therefore, system more vulnerable attackers, especially when a phone rooted (which nowadays). On phones, malware able run with root privilege. Three weak points of have been identified, can be used carry out various escalation attacks Unrooting make lose privilege, but it cannot solve the security issues caused these attacks. In this paper, we present scheme that aims at patching up three We expect in scenario where user wants unroot his and get under protection. The apply any version order facilitate scheme’s deployment, develop an app automatically do work. Moreover, evaluation result shows small-footprint only introduces 1.8 % overhead.
springer.com
sci-hub.se 参考文章(18)
Yajin Zhou, Xinwen Zhang, Xuxian Jiang, Vincent W. Freeh, Taming information-stealing smartphone applications (on Android) trust and trustworthy computing. pp. 93- 107 ,(2011) , 10.1007/978-3-642-21599-5_7
Zhongwen Zhang, Yuewu Wang, Jiwu Jing, Qiongxiao Wang, Lingguang Lei, Once Root Always a Threat: Analyzing the Security Threats of Android Permission System Information Security and Privacy. pp. 354- 369 ,(2014) , 10.1007/978-3-319-08344-5_23
Mauro Conti, Vu Thien Nga Nguyen, Bruno Crispo, CRePE: context-related policy enforcement for android international conference on information security. ,vol. 6531, pp. 331- 345 ,(2010) , 10.1007/978-3-642-18178-8_29
Machigar Ongtang, Stephen McLaughlin, William Enck, Patrick McDaniel, Semantically rich application-centric security in Android Security and Communication Networks. ,vol. 5, pp. 658- 673 ,(2012) , 10.1002/SEC.360
Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner, Analyzing inter-application communication in Android Proceedings of the 9th international conference on Mobile systems, applications, and services - MobiSys '11. pp. 239- 252 ,(2011) , 10.1145/1999995.2000018
William Enck, Machigar Ongtang, Patrick McDaniel, On lightweight mobile phone application certification computer and communications security. pp. 235- 245 ,(2009) , 10.1145/1653662.1653691
Patrick P.F. Chan, Lucas C.K. Hui, S.M. Yiu, A privilege escalation vulnerability checking system for android applications international conference on communication technology. pp. 681- 686 ,(2011) , 10.1109/ICCT.2011.6157963
Norm Hardy, The Confused Deputy: (or why capabilities might have been invented) Operating Systems Review. ,vol. 22, pp. 36- 38 ,(1988) , 10.1145/54289.871709
Mohammad Nauman, Sohail Khan, Xinwen Zhang, Apex: extending Android permission model and enforcement with user-defined runtime constraints computer and communications security. pp. 328- 332 ,(2010) , 10.1145/1755688.1755732
Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner, Android permissions demystified Proceedings of the 18th ACM conference on Computer and communications security - CCS '11. pp. 627- 638 ,(2011) , 10.1145/2046707.2046779