全部 标题 作者
关键词 摘要

OALib Journal期刊
ISSN: 2333-9721
费用:99美元

查看量下载量

相关文章

更多...
-  2018 

一种新的基于APP启动模式的劫持攻击方案

Keywords: 安卓,劫持攻击,launchMode,taskAffinity

Full-Text   Cite this paper   Add to My Lib

Abstract:

针对Android任务及Activity处理机制上的问题,通过对与launchMode及taskAffinity相关的Activity启动判定流程进行源码分析,发现APP启动流程上具有的设计缺陷,提出了可行的劫持攻击模型及对应检测防护方案.对国内多个知名应用商店中60款社交软件、金融软件、生活服务、系统工具等类别的高人气软件(下载量超过100万、类别排名前20)进行攻击测试,结果表明58款均可被成功攻击.另外实验结果显示本文提出的检测方案具有100%的检出率、1.67%的误报率,以及仅5.3%的性能损耗

References

[1]  GOLD S.Android insecurity[J].Network Security,2011,2011(10):5-7.DOI:10.1016/S1353-4858(11)70104-0.
[2]  REN C G,ZHANG Y L,XUE H,et al.Towards discovering and understanding task hijacking in Android[C]//24th USENIX Security Symposium(USENIX Secrity15).Berkeley:USENIX Association,2015:945-959.
[3]  CHIN E,FELT A P,GREENWOOD K,et al.Analyzing inter-application communication in Android[C]//Proceedings of the 9th International Conference on Mobile Systems,Applications,and Services.New York:ACM,2011:239-252.DOI:10.1145/1999995.2000018.
[4]  BILLIAUWS I,BONJEAN K.Image Recognition on an Android Mobile Phone[DB/OL].[2017-05-06].https://iiw.kuleuven.be/onderzoek/eavise/mastertheses/billiauwsbonjean.pdf.
[5]  BIANCHI A,CORBETTA J,INVERNIZZI L,et al.What the App is That?Deception and Countermeasures in the Android User Interface[DB/OL].[2017-05-02].https://www.cs.ucsb.edu/~chris/research/doc/oakland15_uideception.pdf.DOI:10.1109/SP.2015.62.
[6]  MARKMANN T,GESSNER D,WESTHOFF D.QuantDroid:Quantitative Approach Towards Mitigating Privilege Escalation on Android[DB/OL].[2017-04-02].http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=6654844.DOI:10.1109/ICC.2013.6654844.
[7]  彭国军,李晶雯,孙润雯,康,等.Android恶意软件检测研究与进展[J].武汉大学学报(理学版),2015,61(1):21-33.DOI:10.14188/j.1671-8836.2015.01.003.PENG G J,LI J W,SUN R K,et al.Android malware detection research and development[J].Journal of Wuhan University(Natural Science Edition),2015,61(1):21-33.DOI:10.14188/j.1671-8836.2015.01.003(Ch).
[8]  LIU Y P,XU C,CHEUNG S C.Diagnosing energy efficiency and performance for mobile internetware applications:Challenges and opportunities[J].IEEE Software,2015,32(1):67-75.DOI:10.1109/MS.2015.4.
[9]  DEVELOPERS A.Tasks and BackStack[DB/OL].[2017-04-28].http://developer.android.com/guide/components/tasks-and-back-stack.html.
[10]  CUI X M,HE R Y,HUI L C K,et al.Reconstruction of task lists from Android applications[C]//International Con ference on Information Science and Applications(LNEE 424).Singapore:Springer,2017:396-403.DOI:10.1007/978-981-10-4154-9_46.
[11]  IDC.Smartphone OS Market Share 2016,2015[DB/OL].[2017-04-14].http://www.idc.com/promo/smartphone-market-share/os.
[12]  彭国军,邵玉如,郑祎.移动智能终端安全威胁分析与防护研究[J].信息网络安全,2012(1):58-63.DOI:10.3969/j.issn.1671-1122.2012.01.016.PENG G J,SHAO Y R,ZHENG Y.Mobile intelligent terminal security threat analysis and protection research[J].Netin fo Security,2012(1):58-63.DOI:10.3969/j.issn.1671-1122.2012.01.016(Ch).

Full-Text

Contact Us

service@oalib.com

QQ:3279437679

WhatsApp +8615387084133