期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种针对AOSP公开签名漏洞的快速检测方法 被引量:1

A Fast Detection Method for Public AOSP Signature Vulnerability
下载PDF
导出
摘要 随着Andorid手机越来越流行,Android系统的安全问题也越来越受到重视。对于Android系统,隐私泄露是一种重要的安全问题。文中发现一种潜在的获取手机中隐私信息的攻击方法。该方法针对Android应用程序自签名的机制,利用AOSP( Android Open Source Project)公开签名漏洞,获取预装软件权限,窃取手机的隐私信息。针对此漏洞,文中提出了一种快速检测方法,可以同时逆向多个应用程序,并检查签名信息,快速检测漏洞。实验结果表明,在市场上较为流行的Android ROM中,几款重要的系列均存在AOSP漏洞,如CM、MIUI等。文中提出的方法,检测一个ROM仅需9-10分钟,可以快速有效地检测出ROM是否存在漏洞,并且通过有效的方法,证明漏洞可以被直接利用。 With the growing popularity of smartphones in Android,the issues on Android system security attracts more and more atten-tion. For Android system,privacy leakage is an important security problem. In this paper,find a potential attacking method to get privacy information from smartphones. This attack utilizes the self-signed mechanism for Android application,takes advantage of public AOSP ( Android Open Source Project) signature vulnerability,gets permissions of pre-installed software and steals the users’ private informa-tion. Against this vulnerability,propose a fast detection method,which can reverse multiple applications at the same time,and check the signature information. The vulnerability can be detected quickly. The results find that the popular Android ROM in the market,a few im-portant series have AOSP vulnerability,such as CM,MIUI,etc. The method proposed in this paper only needs 9-10 minutes to detect a ROM,which can quickly and efficiently detect the ROM. And the holes can be used directly through the effective method.
作者 高迪 陈伟 吴震雄
机构地区 南京邮电大学计算机学院
出处 《计算机技术与发展》 2015年第9期149-153,共5页 Computer Technology and Development
基金 国家自然科学基金资助项目(61202353 61272084) 江苏省高校自然科学基金(12KJB520008)
关键词 安卓固件 AOSP签名 隐私泄露 快速检测 Android ROM AOSP signature privacy leakage fast detection
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献17

  • 1Wu L,Grace M ,Zhou Y ,et al. The impact of vendor customi- zations on Android security [ C ]//Proceedings of the 2013 ACM SIGSAC conference on computer & communications se-eurity. Is. 1. ] :ACM,2013:623-634.
  • 2Grace M C,Zhou W,Jiang X,et al. Unsafe exposure analysis of mobile in-app advertisements [ C ]//Proceedings of the fifth ACM conference on security and privacy in wireless and mo- bile networks. [ s. 1. ] :ACM ,2012:101-112.
  • 3Zhou Y ,Jiang X. Detecting passive content leaks and pollution in Android applications[ C ]//Proceedings of the 20th annual symposium on network and distributed system security. [ s. 1. ] :Is. n. ],2013.
  • 4Zhou W,Zhang X, Jiang X. AppInk:watermarking Android apps for repackaging deterrence [ C ]//Proceedings of the 8th ACM SIGSAC symposium on information, computer and com- munications security. [ s. 1. ] : ACM,2013 : 1 - 12.
  • 5Zheng M, Sun M, Lui J. DroidRay :a security evaluation system for customized Android firmwares[ C ]//Proceedings of the 9th ACM symposium on information, computer and communica- tions security. [ s. 1. ] : ACM ,2014:471-482.
  • 6Enck W, Ongtang M, McDaniel P. UnderstandingAndroid se- curity[ J]. IEEE Security and Privacy ,2009,7( 1 ) :50-57.
  • 7Enck W,Octeau D, McDaniel P,et al. A study of Android ap- plication security[ C]//Proc of USENIX security symposium. [s. 1. ]:[s. n. ] ,2011.
  • 8Zhou Y,Jiang X. Dissecting Android malware:characterization and evolution[ C]//Proc of IEEE symposium on security and privacy. [ s. 1. ] : IEEE ,2012:95-109.
  • 9Grace M,Zhou Y, Zhang Q,et al. Riskranker :scalable and ac- curate zero-day Android malware detection[ C l//Proceedings of the 10th international conference on mobile systems, appli- cations, and services. [ s. 1. ] : ACM ,2012:281-294.
  • 10Giblet C, Crussell J, Erickson J, et al. AndroidLeaks : automati- cally detecting potential privacy leaks in Android applications on a large scale[ M ]//Trust and trustworthy computing. Ber- lin : Springer, 2012 : 291-307.

二级参考文献35

  • 1Shabtai A, Fledek Y, Kanonov U, et al. Google android:a comprehensive security assessment. IEEE Security & Privacy, 2010.
  • 2符易阳周丹平.Android安全机制分析.第26次全国计算机安全学术交流会论文集.2011.
  • 3期廖明华,郑力明.Android安全机制分析与解决方案初探.科学技术与工程,2009,26(11):6351-6354.
  • 4Enck W,Ongtang M,McDaniel P. Understanding android security. IEEE Security & Piracy, 2009,7(1):53-54.
  • 5Shabtai A, Wiess Y, Kanonov U, et al. Andromaly:a behavioral malware detection framework for Android devices. Intelligent Information Systems,2011.
  • 6Shabtai A, Kanonov U, Elovici Y. Detection, alert and responseto malicious behavior in mobile devices: knowledge- based approach.RAID, 2009.
  • 7Shabtai A, Kanonov U, Elovici Y. Intrusion detection on mobile devices using the knowledge based temporal-abstraction method. Systems and Software,2010,83(8):l 527-1 536.
  • 8Shabtai A, Fledel Y, Elovici Y, et al. Using the KBTA method for inferring computer and network security alerts from timestamped,rawsystem metrics. Computer Virology, 2009,8 (3): 267-298.
  • 9Davi L, Dmitrienko A, Sadeghi A-R, et al. Privilege escalation attacks on Android. Proceedings of the 13th Information Security Conference (ISC),2010.
  • 10Enck W, Ongtang M, McDaniel P. Mitigating android software misuse before it happens. Technical Report NAS-TR-0094-2008, Pennsylvania State University, 2008.

共引文献75

同被引文献12

引证文献1

二级引证文献1

计算机技术与发展
2015年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部