隨著智慧型手機的大量普及,智慧型手機已經成為重要的日常工 具,其可以做的事情已經足以比擬一台桌上型電腦。而在智慧型手機 成為提供重要服務的工具,像是存取網路銀行、線上消費、辦公文件 等,其安全性就顯得更加重要。目前Google所開發的Android手機作 業系統是市佔率最高,自然就成為很多惡意攻擊的目標。 在目前眾多針對Android系統的攻擊中,其中一種手法是取得手 機的最高管理者權限(Root Escalation),一旦惡意程式透過系統的 漏洞拿到管理者權限,惡意程式便可以在手機中植入各種惡意的系統 監控,以及任意的資源存取,也可以在暗中安裝各種程式到手機中, 對手機將造成極大的傷害。 本論文提出一個系統RootGuard,透過修改Android底層的Linux Kernl去偵測系統中是否有任何的惡意舉動,以程式行為為基礎去偵測 這些惡意軟體,並而做出防範的行動,來達到阻止惡意程式入侵系統 的行為。;Smartphone has gain a lot of attention in recent years. It pro- vides lots of important features such as checking bank accounts and receive emails. It has been as important as a PC nowadays. As the importance of smartphone arise, the security has became a signi cant consideration. Currently, Google has developed an operating system Android with highest market share. So it has been a main target for attackers. Among the attack methods, Root Escalation is one of the most frequently used method to attack Android system. Once the attacker gain root privilege of system, he or she can do almost anything they want, including accessing user′s private data and inject malicious ap- plications into the phone. This may cause a lot of damage for user. This paper propose a system called RootGuard. It modi es the Linux kernel underlying the Android framework to achieve detecting any illegal behaviours in the system. Further more, it stops the ma- licious applications by applying policies of illegal behaviours. Finally, this system can prevent user from Root Escalation attack.
