RootGuard: A Behavioral-based Solution to Android Root Privilege Escalation

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：16

、訪客IP：3.146.35.203

姓名

曾毓傑(Yu-Chieh Tseng) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

(RootGuard: A Behavioral-based Solution to Android Root Privilege Escalation)

相關論文

★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm	★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制	★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines	★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統	★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks	★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails	★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators	★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye	★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

隨著智慧型手機的大量普及，智慧型手機已經成為重要的日常工
具，其可以做的事情已經足以比擬一台桌上型電腦。而在智慧型手機
成為提供重要服務的工具，像是存取網路銀行、線上消費、辦公文件
等，其安全性就顯得更加重要。目前Google所開發的Android手機作
業系統是市佔率最高，自然就成為很多惡意攻擊的目標。
在目前眾多針對Android系統的攻擊中，其中一種手法是取得手
機的最高管理者權限（Root Escalation），一旦惡意程式透過系統的
漏洞拿到管理者權限，惡意程式便可以在手機中植入各種惡意的系統
監控，以及任意的資源存取，也可以在暗中安裝各種程式到手機中，
對手機將造成極大的傷害。
本論文提出一個系統RootGuard，透過修改Android底層的Linux
Kernl去偵測系統中是否有任何的惡意舉動，以程式行為為基礎去偵測
這些惡意軟體，並而做出防範的行動，來達到阻止惡意程式入侵系統
的行為。

摘要(英)

Smartphone has gain a lot of attention in recent years. It pro-
vides lots of important features such as checking bank accounts and
receive emails. It has been as important as a PC nowadays. As the
importance of smartphone arise, the security has became a signicant
consideration. Currently, Google has developed an operating system
Android with highest market share. So it has been a main target for
attackers.
Among the attack methods, Root Escalation is one of the most
frequently used method to attack Android system. Once the attacker
gain root privilege of system, he or she can do almost anything they
want, including accessing user′s private data and inject malicious ap-
plications into the phone. This may cause a lot of damage for user.
This paper propose a system called RootGuard. It modies the
Linux kernel underlying the Android framework to achieve detecting
any illegal behaviours in the system. Further more, it stops the ma-
licious applications by applying policies of illegal behaviours. Finally,
this system can prevent user from Root Escalation attack.

關鍵字(中)

★ 安卓作業系統
★ 惡意程式
★ 權限提升
★ 行為
★ 行動裝置

關鍵字(英)

★ Android
★ Malware
★ Root Privilege Escalation
★ Behavioural
★ Mobile

論文目次

摘要. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i
Abstract. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii
謝誌. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iv
List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . vi
List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . 1
2 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1 Android Architecture . . . . . . . . . . . . . . . . . 4
2.2 Android Security . . . . . . . . . . . . . . . . . . . 5
2.3 Shell Execution . . . . . . . . . . . . . . . . . . . . 6
2.4 Vulnerabilities . . . . . . . . . . . . . . . . . . . . . 7
2.4.1 Rage Against the Cage . . . . . . . . . . . . . . . . 7
2.4.2 CVE-2011-1823 . . . . . . . . . . . . . . . . . . . . . 8
2.4.3 CVE-2013-2094 . . . . . . . . . . . . . . . . . . . . . 8
2.5 Known Malwares . . . . . . . . . . . . . . . . . . . 9
2.5.1 DroidKungFu . . . . . . . . . . . . . . . . . . . . . . 9
2.5.2 DroidDream . . . . . . . . . . . . . . . . . . . . . . 10
2.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . 10
3 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . 11
4 System Design . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.1 General Pattern in Root Privilege Escalation Attack 13
4.2 Behaviour-based Detection . . . . . . . . . . . . . . 14
4.3 Shell Detection . . . . . . . . . . . . . . . . . . . . 15
4.3.1 Standard Input . . . . . . . . . . . . . . . . . . . . . 15
4.3.2 Command String . . . . . . . . . . . . . . . . . . . . 15
4.3.3 Interactive . . . . . . . . . . . . . . . . . . . . . . . 16
4.4 RootGuard . . . . . . . . . . . . . . . . . . . . . . 16
4.4.1 System Calls . . . . . . . . . . . . . . . . . . . . . . 17
4.4.2 Whitelisting . . . . . . . . . . . . . . . . . . . . . . 18
5 Evaluation. . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
5.1 Implementation . . . . . . . . . . . . . . . . . . . . 19
5.2 Eectiveness . . . . . . . . . . . . . . . . . . . . . 19
5.2.1 False Negative . . . . . . . . . . . . . . . . . . . . . 19
5.2.2 False Positive . . . . . . . . . . . . . . . . . . . . . . 20
5.3 Performance . . . . . . . . . . . . . . . . . . . . . . 22
5.4 Limitation . . . . . . . . . . . . . . . . . . . . . . . 23
6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

參考文獻

[1] BI Intellengence. Chart of the day: Smartphone sales
are on the verge of overtaking feature phone sales.
http://www.businessinsider.com/chart-of-the-day-
smartphones-to-beat-feature-phone-sales-2013-6, June
2013.
[2] Google Inc. Google I/O 2013 keynote. https://developers.
google.com/live/shows/517795853, May 2013.
[3] TrendMicro Inc. 2012 mobile threat and security roundup. http:
//www.trendmicro.com/cloud-content/us/pdfs/security-
intelligence/reports/rpt-repeating-history.pdf, 2013.
[4] Google Inc. Android architecture. http://developer.android.
com/images/system-architecture.jpg, May 2013.
[5] The IEEE and The Open Group. sh - shell, the standard
command language interpreter. http://pubs.opengroup.org/
onlinepubs/9699919799/utilities/sh.html.
[6] Intrepidus Group. Android root source code: Looking at
the c-skills. https://intrepidusgroup.com/insight/2010/09/
android-root-source-code-looking-at-the-c-skills/.
[7] C-Skills. Droid2. http://c-skills.blogspot.tw/2010/08/
droid2.html.
[8] National Vulnerability Database. Vulnerability summary for
cve-2011-1823. http://web.nvd.nist.gov/view/vuln/detail?
vulnId=CVE-2011-1823.
[9] Xuxian Jiang. Gingermaster: First android malware utilizing
a root exploit on android 2.3 (gingerbread). http://www.csc.
ncsu.edu/faculty/jiang/GingerMaster/.
[10] C-Skills. yummy yummy, gingerbreak! http://c-skills.
blogspot.tw/2011/04/yummy-yummy-gingerbreak.htmll.
[11] National Vulnerability Database. Vulnerability summary for
cve-2013-2094. http://web.nvd.nist.gov/view/vuln/detail?
vulnId=CVE-2013-2094.
[12] Joe Damato. A closer look at a recent privilege escalation bug
in linux (cve-2013-2094). http://timetobleed.com/a-closer-
look-at-a-recent-privilege-escalation-bug-in-linux-
cve-2013-2094/.
[13] Xuxian Jiang. Security alert: New sophisticated android malware
droidkungfu found in alternative chinese app markets. http://
www.csc.ncsu.edu/faculty/jiang/DroidKungFu.html.
[14] Lookout. Security alert: Droiddream malware found in ocial
android market. https://blog.lookout.com/blog/2011/03/
01/security-alert-malware-found-in-official-android-
market-droiddream/.
[15] Lookout. Android malware droiddream: How it works.
https://blog.lookout.com/blog/2011/03/02/android-
malware-droiddream-how-it-works/.
[16] Lookout. Security alert: Droiddreamlight, new malware from
the developers of droiddream. https://blog.lookout.com/
blog/2011/05/30/security-alert-droiddreamlight-new-
malware-from-the-developers-of-droiddream/.
[17] William Enck, Peter Gilbert, Byung-Gon Chun, Landon P Cox,
Jaeyeon Jung, Patrick McDaniel, and Anmol N Sheth. Taint-
droid: An information-
ow tracking system for realtime privacy
monitoring on smartphones.
[18] Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer,
and Ahmad-Reza Sadeghi. Xmandroid: A new android evolution
to mitigate privilege escalation attacks. Technische Universitat
Darmstadt, Technical Report TR-2011-04, 2011.
[19] Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, and
Marcel Winandy. Privilege escalation attacks on android. In In-
formation Security, pages 346{360. Springer, 2011.
[20] Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer,
Ahmad-Reza Sadeghi, and Bhargava Shastry. Towards taming
privilege-escalation attacks on android.
[21] Yajin Zhou, Zhi Wang, Wu Zhou, and Xuxian Jiang. Hey, you,
get o of my market: Detecting malicious apps in ocial and
alternative android markets. In NDSS, 2012.
[22] Yeongung Park, ChoongHyun Lee, Chanhee Lee, J Lim, Sangchul
Han, Minkyu Park, and Seong-Je Cho. Rgbdroid: a novel
response-based approach to android privilege escalation attacks.
In Proceedings of the 5th USENIX conference on Large-Scale Ex-
ploits and Emergent Threats, LEET, volume 12, pages 9{9, 2012.
[23] Oracle vm virtualbox. https://www.virtualbox.org/.
[24] Contagio mobile. http://contagiominidump.blogspot.com/.
[25] Androidrank market analysis, stats and rankings. http://www.
androidrank.org/.
[26] Antutu benchmark. https://play.google.com/store/apps/
details?id=com.antutu.ABenchMark.
[27] Andebench. https://play.google.com/store/apps/details?
id=com.eembc.coremark.

指導教授

許富皓(Fu-Hau Hsu)

審核日期

2014-8-28

推文