期刊文献+
共找到1篇文章
< 1 >
每页显示 20 50 100
AppChainer:investigating the chainability among payloads in android applications
1
作者 Xiaobo Xiang Yue Jiang +3 位作者 Qingli Guo Xiu Zhang Xiaorui Gong Baoxu Liu 《Cybersecurity》 EI CSCD 2023年第4期182-200,共19页
Statistics show that more than 80 applications are installed on each android smartphone.Vulnerability research on Android applications is of critical importance.Recently,academic researchers mainly focus on single bug... Statistics show that more than 80 applications are installed on each android smartphone.Vulnerability research on Android applications is of critical importance.Recently,academic researchers mainly focus on single bug patterns,while few of them investigate the relations between multiple bugs.Industrial researchers proposed a series of logic exploit chains leveraging multiple logic bugs.However,there is no general model to evaluate the chaining abilities between bugs.This paper presents a formal model to elucidate the relations between multiple bugs in Android applications.To prove the effectiveness of the model,we design and implement a prototype system named AppChainer.AppChainer automatically identifies attack surfaces of Android applications and investigates whether the payloads entering these attack surfaces are“chainable”.Experimental results on 2138 popular Android applications show that AppChainer is effective in identifying and chaining attacker-controllable payloads.It identifies 14467 chainable payloads and constructs 5458 chains both inside a single application and among various applications.The time cost and resource consumption of AppChainer are also acceptable.For each application,the average analysis time is 317 s,and the average memory consumed is 2368 MB.Compared with the most relevant work Jandroid,the experiment results on our custom DroidChainBench show that AppChainer outperforms Jandroid at the precision rate and performs equally with Jandroid at the recall rate. 展开更多
关键词 Android security vulnerability exploit Payload chain
原文传递
上一页 1 下一页 到第
使用帮助 返回顶部