Activity Spoofing and Its Defense in Android Smartphones
作者: Brett Cooley , Haining Wang , Angelos Stavrou
DOI: 10.1007/978-3-319-07536-5_29
关键词:
摘要: Smartphones have become ubiquitous in today’s digital world as a mobile platform allowing anytime access to email, social platforms, banking, and shopping. Many providers supply native applications method their services, users login directly through downloadable app. In this paper, we first expose security vulnerability the Android framework that allows for third party apps spoof app activities, or screens. This can lead wide variety of risks including capture silent exfiltration credentials private data. We then compare current defense mechanisms, introduce concept Trusted Activity Chains lightweight protection against common spoofing attacks. develop proof implementation evaluate its effectiveness performance overhead.
springer.com
udel.edu 
sci-hub.st 参考文章(21)
Steve Sheng, Bryant Magnien, Ponnurangam Kumaraguru, Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong, Elizabeth Nunge, Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish symposium on usable privacy and security. pp. 88- 99 ,(2007) , 10.1145/1280680.1280692
Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy, Privilege escalation attacks on android international conference on information security. pp. 346- 360 ,(2010) , 10.1007/978-3-642-18178-8_30
Dongtao Liu, Eduardo Cuervo, Valentin Pistol, Ryan Scudellari, Landon P. Cox, ScreenPass: secure password entry on touchscreen devices international conference on mobile systems, applications, and services. pp. 291- 304 ,(2013) , 10.1145/2462456.2465425
Stuart E. Schechter, Rachna Dhamija, Andy Ozment, Ian Fischer, The Emperor's New Security Indicators ieee symposium on security and privacy. pp. 51- 65 ,(2007) , 10.1109/SP.2007.35
Stephen Farrell, API Keys to the Kingdom IEEE Internet Computing. ,vol. 13, pp. 91- 93 ,(2009) , 10.1109/MIC.2009.100
Andy Ozment, Ian Fischer, Stuart E. Schechter, Rachna Dhamija, The Emperor's New Security Indicators An evaluation of website authentication and the effect of role playing on usability studies † ,(2007)
Giovanni Russello, Bruno Crispo, Earlence Fernandes, Yuri Zhauniarovich, YAASE: Yet Another Android Security Extension privacy security risk and trust. pp. 1033- 1040 ,(2011) , 10.1109/PASSAT/SOCIALCOM.2011.151
William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, Anmol N. Sheth, TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones Communications of The ACM. ,vol. 57, pp. 99- 106 ,(2014) , 10.1145/2494522
Damien Octeau, William Enck, Patrick McDaniel, Swarat Chaudhuri, A study of android application security usenix security symposium. pp. 21- 21 ,(2011)
Tara Whalen, Kori M. Inkpen, Gathering evidence: use of visual security cues in web browsers graphics interface. pp. 137- 144 ,(2005)