Permission re-delegation: attacks and defenses
作者: Alexander Moshchuk , Adrienne Porter Felt , Helen J. Wang , Erika Chin , Steven Hanna
DOI:
关键词:
摘要: Modern browsers and smartphone operating systems treat applications as mutually untrusting, potentially malicious principals. Applications are (1) isolated except for explicit IPC or inter-application communication channels (2) unprivileged by default, requiring user permission additional privileges. Although supports useful collaboration, it also introduces the risk of redelegation. Permission re-delegation occurs when an application with permissions performs a privileged task without permissions. This undermines requirement that approve each application's access to devices data. We discuss demonstrate its launching real-world attacks on Android system applications; several vulnerabilities have been confirmed bugs. We possible ways address redelegation present Inspection, new OS mechanism defending against re-delegation. Inspection prevents opportunities reducing after receives from less application. implemented browser Android, we show found in applications.
acm.org
columbia.edu 参考文章(23)
Joel Weinberger, Dawn Song, Adam Barth, Cross-origin javascript capability leaks: detection, exploitation, and defense usenix security symposium. pp. 187- 198 ,(2009)
Terry Mayfield, John M. Boone, Stephen R. Welke, INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD National Computer Security Center (U.S.). ,(1991) , 10.21236/ADA253989
Shashi Shekhar, Michael Dietz, Anhei Shu, Dan S. Wallach, Yuliy Pisetsky, Quire: lightweight provenance for smart phone operating systems usenix security symposium. pp. 23- 23 ,(2011)
Cédric Fournet, Martín Abadi, Access Control Based on Execution History. network and distributed system security symposium. ,(2003)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner, Analyzing inter-application communication in Android Proceedings of the 9th international conference on Mobile systems, applications, and services - MobiSys '11. pp. 239- 252 ,(2011) , 10.1145/1999995.2000018
William Enck, Machigar Ongtang, Patrick McDaniel, On lightweight mobile phone application certification computer and communications security. pp. 235- 245 ,(2009) , 10.1145/1653662.1653691
Norm Hardy, The Confused Deputy: (or why capabilities might have been invented) Operating Systems Review. ,vol. 22, pp. 36- 38 ,(1988) , 10.1145/54289.871709
Adam Barth, Collin Jackson, John C. Mitchell, Robust defenses for cross-site request forgery Proceedings of the 15th ACM conference on Computer and communications security - CCS '08. pp. 75- 88 ,(2008) , 10.1145/1455770.1455782
Silas Boyd-Wickizer, David Mazières, Nickolai Zeldovich, Eddie Kohler, Making information flow explicit in HiStar operating systems design and implementation. pp. 263- 278 ,(2006) , 10.5555/1298455.1298481