| 摘要(英) |
In recent years, the Android Component Hijacking Vulnerabilities are widely discussed. This kind of vulnerabilities may cause tremendous problem in the system. If any of the Android Components has been hijacked, it may disclose user’s personal information or private data to the attacker. To be more precisely, those attacks will redirect or hijack the Android Component’s original workflow to malicious code or even to the extent that execute a malware.
One of the Android Components is Activity, it construct the UI frames for the user. In this paper, we focus on Activity Hijacking Attacks. As the name implies, Activity Hijacking Attacks is to hijack the original activity workflow while users are using. We construct our solution in Android framework called AHA to keep track of every activity workflow and knowing the layout about the activity.
Our solution AHA can stop the attack which using the Activity Hijacking Attacks to steal user’s personal information. Furthermore, AHA can easily patched into existing Android system and with ignorable overhead.
|
| 參考文獻 |
[1] I. D. Corporation. Worldwide Quarterly Mobile Phone Tracker. Available: http://www.idc.com/getdoc.jsp?containerId=prUS25450615
[2] Google Play. Available: https://play.google.com/store?hl=zh_TW
[3] E. Owusu, J. Han, S. Das, A. Perrig, and J. Zhang, "ACCessory: password inference using accelerometers on smartphones," in Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications, 2012, p. 9.
[4] C.-C. Lin, H. Li, X. Zhou, and X. Wang, "Screenmilker: How to milk your android screen for secrets," in 21st Annual Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, 2014.
[5] L. Cai and H. Chen, "TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion," in HotSec, 2011.
[6] S. Schulte. TWSL2011-008: Focus Stealing Vulnerability in Android Available: https://www.trustwave.com/Resources/SpiderLabs-Blog/TWSL2011-008--Focus-Stealing-Vulnerability-in-Android/
[7] Android Developer Reference, Fundamental Components. Available: http://developer.android.com/guide/components/fundamentals.html
[8] L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang, "Chex: statically vetting android apps for component hijacking vulnerabilities," in Proceedings of the 2012 ACM conference on Computer and communications security, 2012, pp. 229-240.
[9] Q. A. Chen, Z. Qian, and Z. M. Mao, "Peeking into your app without actually seeing it: Ui state inference and novel android attacks," in Proceedings of the 23rd USENIX Security Symposium, 2014, pp. 1037-1052.
[10] Android Developer Reference, ActivityManager. Available: http://developer.android.com/reference/android/app/ActivityManager.html
[11] Android Developer Reference, View. Available: http://developer.android.com/reference/android/view/View.html
[12] Android Developer Reference, WindowManager. Available: http://developer.android.com/reference/android/view/WindowManager.html
[13] AnTuTu Benchmark. Available: http://www.antutu.com/index.shtml
[14] Android Developer Reference, Surface. Available: http://developer.android.com/reference/android/view/Surface.html
[15] E. Chin, A. P. Felt, K. Greenwood, and D. Wagner, "Analyzing inter-application communication in Android," in Proceedings of the 9th international conference on Mobile systems, applications, and services, 2011, pp. 239-252.
[16] M. Zhang and H. Yin, "Appsealer: Automatic generation of vulnerability-specific patches for preventing component hijacking attacks in android applications," in Proceedings of the 21th Annual Network and Distributed System Security Symposium (NDSS 2014), 2014.
[17] Android Developer Reference, Telephony.Mms. Available: http://developer.android.com/reference/android/provider/Telephony.Mms.html
[18] Android Open Source Project. Available: https://source.android.com/
|
[Endnote RIS 格式]
[相關文章]
[文章引用]
[完整記錄]
[館藏目錄]
[檢視]
plurk
funp
live
udn
HD
myshare
netvibes
friend
youpush
delicious
baidu
Google bookmarks
del.icio.us
hemidemi
facebook
twitter
google
reddit