博碩士論文 105522073 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:8 、訪客IP:18.219.22.169
姓名 林婉婷(Wan-Ting Lin)  查詢紙本館藏   畢業系所 資訊工程學系
論文名稱
(INPR: A Mechanism to protect installation process on Android adb)
相關論文
★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   [檢視]  [下載]
  1. 本電子論文使用權限為同意立即開放。
  2. 已達開放權限電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。
  3. 請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。

摘要(中) 隨著Android智慧型手機的市占率提高,加上多數使用者對於安全的意識不高,可能會在公共場合使用公用充電器,或連接免費的網路,如果此時手機裝置的某些設定被開啟,如Android Debug Bridge (adb),使用者的裝置將曝露在危險環境中。攻擊者可以透過這項Android提供給開發者的功能,來取得使用者的個人資訊,或甚至安裝惡意的應用程式到使用者的裝置上。這項功能雖然對開發者來說非常方便,但同時也存在著許多安全上的疑慮。先前有許多的論文,也都探討過此功能的安全問題。
本篇論文實作一個防禦工具Installation Protector (INPR),當手機要透過adb指令進行APK檔案安裝時,INPR會針對此動作再次做確認,跳出警告訊息視窗,提醒使用者,並讓其決定是否要進行接下來的動作。INPR為使用者提供有效的防禦機制,並過濾出具有風險的訊息才進行通知,大大的減化了訊息的干擾,為開發者提供具有良好使用者經驗的adb環境,同時也為使用者提供更安全的adb使用環境。
摘要(英) With high market share of Android devices, more and more researchers are focusing on their security issues. Android provides many useful tools for developers, like Android Debug Bridge (adb). Developers can use adb for debugging Application and accessing many kind of resources on Android devices. Although adb is so powerful and convenient for developers, it is able to become an approach to a terrible attack. With most users’ lack of security awareness and insufficient protection on Android adb, the attacker can obtain some personal information from users or even to inject malicious Application in users’ devices. These attacks can lead to a disaster situation.
In this paper, we design and implement a tool named Installation Protector (INPR) to prevent installation of malicious APK through adb. It will show up the confirmation Dialog while adb launches the installation command, and block the action on users’ acconunt. INPR only alerts the user when the potential risk comes from adb for installation, which makes the interference as less as possible to provide developer an undisturbed environment, and users obtain a safe environment when using adb.
關鍵字(中) ★ Android Security
★ Android adb
關鍵字(英) ★ Android Security
★ Android adb
論文目次 摘要 i
Abstract ii
誌謝 iii
Table of Contents iv
List of Figures v
List of Tables vi
Chapter 1 Introduction 1
Chapter 2 Background 3
2.1 Android Debug Bridge (adb) 3
2.2 Installation API in Android 9
2.3 Installation Process in Android 10
2.4 Threat Model Based on adb 15
Chapter 3 Related Work 17
Chapter 4 System Design 21
4.1 System Overview 21
4.2 Design Principal 23
4.3 System Architecture 24
Chapter 5 Evaluation 27
5.1 Experiment 27
5.2 Comparison between the defense tools 29
Chapter 6 Discussion and Future Work 31
Chapter 7 Conclusion 32
References 33
參考文獻 [1]
“Smartphone OS,” IDC, [線上 ]. Available: https://www.idc.com/promo/smartphone-market-share/os. [存取日期 : 6 7 2018].
[2]
A. Studio, "Android Debug Bridge (adb)," [Online]. Available: https://developer.android.com/studio/command-line/adb. [Accessed 3 7 2018].
[3]
F. Chung, "Security Enhancements in Jelly Bean," 14 2 2013. [Online]. Available: https://android-developers.googleblog.com/2013/02/security-enhancements-in-jelly-bean.html. [Accessed 6 7 2018].
[4]
“ADB Shell,” 2015. [線上 ]. [存取日期 : 6 7 2018].
[5]
J. S. Marcus Niemietz, "UI Redressing Attacks on Android Devices," in blackhat ASIA, 2014.
[6]
G. Developers, "PackageManager," [Online]. Available: https://developer.android.com/reference/android/content/pm/PackageManager. [Accessed 6 7 2018].
[7]
G. Developers, "PackageInstaller," [Online]. Available: https://developer.android.com/reference/android/content/pm/PackageInstaller. [Accessed 6 7 2018].
[8]
Cstsinghua, "Android安? APK?解 ," 13 6 2016. [Online]. Available: https://cstsinghua.github.io/2016/06/13/Android%E5%AE%89%E8%A3%85APK%E8%AF%A6%E8%A7%A3/. [Accessed 6 7 2018].
[9]
"Android6.0 Framework分析 ——應用程序 APP的安裝過程 ," 6 11 2016. [Online]. Available: http://www.itread01.com/articles/1478404538.html. [Accessed 6 7 2018].
[10]
"Google Play," Google, [Online]. Available: https://play.google.com/store?hl=zh_TW. [Accessed 6 7 2018].
[11]
G. I. I. P. LIMITED, "Free Fire," Google Play, [Online]. Available: https://play.google.com/store/apps/details?id=com.dts.freefireth. [Accessed 6 7 2018].
[12]
E. ARTS, "FIFA Soccer," APKpure, [Online]. Available: https://apkpure.com/fifa-17-fifa-mobile-soccer/com.ea.gp.fifamobile. [Accessed 5 7 2018].
[13]
"APKPure," APKPure, [Online]. Available: https://apkpure.com/. [Accessed 6 7 2018].
[14]
G. Developers, "Permissions overview," [Online]. Available: https://developer.android.com/guide/topics/permissions/overview. [Accessed 6 7 2018].
[15]
T. Vidas, D. Votipka and N. Christin, "All Your Droid Are Belong To Us: A Survey of
34
Current Android Attacks," in WOOT′11 Proceedings of the 5th USENIX conference on Offensive technologies, 2011.
[16]
Z. Wei, Y. Chao and C. Yunfang, "Android’s External Device Attack: Demonstration and Security Suggestions," International Journal of Security and Its Applications, pp. 317-326, 2015.
[17]
J. Amarante and J. P. Barros, "Exploring USB Connection Vulnerabilities on Android Devices - Breaches using the Android Debug Bridge," Proceedings of the 14th International Joint Conference on e-Business and Telecommunications (ICETE), pp. 572-577, 2017.
[18]
A. Pereira, M. Correia and P. Brandao, "USB Connection Vulnerabilities on Android Smartphones: Default and Vendors’ Customizations," IFIP International Conference on Communications and Multimedia Security, pp. 19-32, 2014.
[19]
"AVG Free," AVG Technologies, [Online]. Available: http://free.avgtaiwan.com/. [Accessed 6 7 2018].
[20]
C.-C. Lin, H. Li, X. Zhou and X. Wang, "Screenmilker: How to Milk Your Android Screen for Secrets," in NDSS, 2014.
[21]
L. Yang, L. Wang and D. Zhang, "Malicious Behavior Analysis of Android GUI Based on ADB," in IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC), 2017.
[22]
S. Hwang, S. Lee, Y. Kim and S. Ryu, "Bittersweet ADB: Attacks and Defenses," Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 579-584, 2017.
[23]
M. Xu, W. Sun and M. Alam, "Security enhancement of secure USB debugging in Android system," in Proceedings of the 12th Annual IEEE Consumer Communications and Networking Conference (CCNC), 2015.
[24]
J. Oberheide, E. Cooke and F. Jahanian, "CloudAV: N-Version Antivirus in the Network Cloud," in USENIX Security ′08, 2008.
指導教授 許富皓(Fu-Hau Hsu) 審核日期 2018-7-26
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明