博碩士論文 102522074 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:13 、訪客IP:3.80.218.53
姓名 林良軒(Liang-Hsuan Lin)  查詢紙本館藏   畢業系所 資訊工程學系
論文名稱
(AHA: An Event-Driven Solution to Activity Hijacking Attacks)
相關論文
★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制★ SRA系統防禦ARP欺騙劫持路由器
★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統
★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks
★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection★ Shark: Phishing Information Recycling from Spam Mails
★ FFRTD: Beat Fast-Flux by Response Time Differences★ Antivirus Software Shield against Antivirus Terminators
★ MAC-YURI : My ACcount, YoUr ResponsIbility★ KKBB: Kernel Keylogger Bye-Bye
★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment★ PrivacyGuard:A Kernel-based Solution to Enhance the User Privacy When Using Private Browsing
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   至系統瀏覽論文 (2020-6-30以後開放)
摘要(中) 隨著人們漸漸進入了無線通訊產品的時代,智慧型手機因為它的輕巧、便利以及行動運算能力的改良,大多數的人都選擇隨身攜帶智慧型手機來讓工作或者查詢資訊更加方便,使用者的個人資訊甚至是公司機密就會被保留在使用者的手機上面。因此攻擊者也漸漸將目標轉移到手機平台上,用以竊取個人資訊或者機密。
  近年來,Android系統中的Component Hijacking Attacks被廣泛的討論。當攻擊者主要針對Android元件中的Activity做挾持或者置換攻擊時,這種攻擊被稱為Activity Hijacking Attacks。可能造成的問題為影響應用程式正常功能,亦或者使使用者在不知情的情況,將個人資訊或者機密洩漏出去。
  在這篇論文中,著重在分析Activity Hijacking Attacks的行為,設計出一套防止攻擊者利用Activity Hijacking Attacks來竊取使用者的帳號密碼的機制-AHA。AHA 將會動態的分析系統中的Activity Manager,記錄目前整個系統所有Activities的運作狀況,佐以分析Activities的Layout、View System,比對是否有攻擊者想對於目前前景的Activity進行Activity Hijacking攻擊。一旦發現有此行為即會提醒使用者。
摘要(英) In recent years, the Android Component Hijacking Vulnerabilities are widely discussed. This kind of vulnerabilities may cause tremendous problem in the system. If any of the Android Components has been hijacked, it may disclose user’s personal information or private data to the attacker. To be more precisely, those attacks will redirect or hijack the Android Component’s original workflow to malicious code or even to the extent that execute a malware.
One of the Android Components is Activity, it construct the UI frames for the user. In this paper, we focus on Activity Hijacking Attacks. As the name implies, Activity Hijacking Attacks is to hijack the original activity workflow while users are using. We construct our solution in Android framework called AHA to keep track of every activity workflow and knowing the layout about the activity.
Our solution AHA can stop the attack which using the Activity Hijacking Attacks to steal user’s personal information. Furthermore, AHA can easily patched into existing Android system and with ignorable overhead.
關鍵字(中) ★ Android
★ Malware
★ Activity Hijacking
★ View System
關鍵字(英) ★ Android
★ Malware
★ Activity Hijacking
★ View System
論文目次 中文摘要 I
ABSTRACT II
CONTENTS III
LIST OF FIGURES V
LIST OF TABLES VI
CHAPTER 1 INTRODUCTION 1
1.1 THESIS MOTIVATION AND PURPOSE 2
1.2 THREAT DESCRIPTION 4
1.3 RESEARCH GOALS 5
1.4 CHAPTER ORGANIZATION 6
CHAPTER 2 BACKGROUND 7
2.1 ANDROID ARCHITECTURE 7
2.2 ANDROID COMPONENTS 12
2.3 WINDOW MANAGER 13
2.4 VIEW SYSTEM 14
2.5 ACTIVITY MANAGER SERVICE 15
CHAPTER 3 RELATED WORK 20
CHAPTER 4 SYSTEM DESIGN 22
5.1 DESIGN PRINCIPLES 22
5.2 SYSTEM OVERVIEW 23
5.3 ACTIVITYDETECTOR 24
5.4 TEXTVIEWFINDER 25
5.5 AHASERVICE 27
CHAPTER 5 EVALUATIONS 30
6.1 IMPLEMENTATION 31
6.2 PERFORMANCE 32
CHAPTER 6 CONCLUSIONS 35
REFERENCES 38
參考文獻 [1] I. D. Corporation. Worldwide Quarterly Mobile Phone Tracker. Available: http://www.idc.com/getdoc.jsp?containerId=prUS25450615
[2] Google Play. Available: https://play.google.com/store?hl=zh_TW
[3] E. Owusu, J. Han, S. Das, A. Perrig, and J. Zhang, "ACCessory: password inference using accelerometers on smartphones," in Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications, 2012, p. 9.
[4] C.-C. Lin, H. Li, X. Zhou, and X. Wang, "Screenmilker: How to milk your android screen for secrets," in 21st Annual Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, 2014.
[5] L. Cai and H. Chen, "TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion," in HotSec, 2011.
[6] S. Schulte. TWSL2011-008: Focus Stealing Vulnerability in Android Available: https://www.trustwave.com/Resources/SpiderLabs-Blog/TWSL2011-008--Focus-Stealing-Vulnerability-in-Android/
[7] Android Developer Reference, Fundamental Components. Available: http://developer.android.com/guide/components/fundamentals.html
[8] L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang, "Chex: statically vetting android apps for component hijacking vulnerabilities," in Proceedings of the 2012 ACM conference on Computer and communications security, 2012, pp. 229-240.
[9] Q. A. Chen, Z. Qian, and Z. M. Mao, "Peeking into your app without actually seeing it: Ui state inference and novel android attacks," in Proceedings of the 23rd USENIX Security Symposium, 2014, pp. 1037-1052.
[10] Android Developer Reference, ActivityManager. Available: http://developer.android.com/reference/android/app/ActivityManager.html
[11] Android Developer Reference, View. Available: http://developer.android.com/reference/android/view/View.html
[12] Android Developer Reference, WindowManager. Available: http://developer.android.com/reference/android/view/WindowManager.html
[13] AnTuTu Benchmark. Available: http://www.antutu.com/index.shtml
[14] Android Developer Reference, Surface. Available: http://developer.android.com/reference/android/view/Surface.html
[15] E. Chin, A. P. Felt, K. Greenwood, and D. Wagner, "Analyzing inter-application communication in Android," in Proceedings of the 9th international conference on Mobile systems, applications, and services, 2011, pp. 239-252.
[16] M. Zhang and H. Yin, "Appsealer: Automatic generation of vulnerability-specific patches for preventing component hijacking attacks in android applications," in Proceedings of the 21th Annual Network and Distributed System Security Symposium (NDSS 2014), 2014.
[17] Android Developer Reference, Telephony.Mms. Available: http://developer.android.com/reference/android/provider/Telephony.Mms.html
[18] Android Open Source Project. Available: https://source.android.com/

指導教授 許富皓(Fu-Hau Hsu) 審核日期 2015-7-15
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明