AffinityGuard: A Defense Mechanism to Task Hijacking in Android

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：6

、訪客IP：3.138.114.94

姓名

楊文君(Wen-Chun Yang) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

(AffinityGuard: A Defense Mechanism to Task Hijacking in Android)

相關論文

★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm	★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制	★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines	★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統	★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks	★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails	★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators	★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye	★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

在2015年出現的task hijacking攻擊方法，直到最近的Android7.1.2版本都還存在task hijacking的問題。它不需要任何權限就可以進行釣魚攻擊、denial-of-service攻擊等等。惡意程式利用Androidmultitasking的正常功能與目標程式共用同一個task進行攻擊而不是使用系統漏洞。先前的研究對於task hijacking的防禦方法皆為偵測activity的啟動行為。為了能夠完全的解決task hijacking，本篇論文設計了一項新的機制稱作AffinityGuard，開發者可以自行決定是否允許第三方的應用程式共用同一個Task以及使用白名單自行設定允許的應用程式。在activity啟動時AffinityGuard進行檢測，如果發現非法共用Task時馬上將惡意程式抵擋。AffinityGuard能夠完全的阻擋task hijacking攻擊，而且不會影響Android multitasking的功能。本文也分析了大量應用程式，了解AffinityGuard影響一般應用程式的使用程度非常小。

摘要(英)

Task hijacking has appeared in the 2015 year but this problem stillexists in Android version 7.1.2 recent years. An attacker can use task hi-jacking to do phishing attack, denial-of-service attack without any permis-sion. The problem of task hijacking is that powerful functions of Androidmultitasking, so malware can share the same task with the victim app.Previous researches’ solutions about defense mechanisms of task hi-jacking are detecting activity attribute and the relation between each activity. We design a new mechanism called AffinityGuard to solve this problem totally. Developers can choose whether to share the same task with a third-party application or not and also add new apps to whitelists.AffinityGuard will protect apps in the launching of the activity. If the activity shares the same task with the victim app illegally, AffinityGuard will stop malicious app to share the task with the victim app.AffinityGuard can completely prevent task hijacking without impact-ing Android multitasking system. We also analyzed a large number apps from google play and Understand that AffinityGuard affects the usage ofAndroid multitasking of general apps is very small.

關鍵字(中)

★ 任務劫持
★ 安卓

關鍵字(英)

★ Task Hijacking
★ Android

論文目次

摘要 v
Abstract vi
誌謝 vii
目錄 viii

一、緒論 1
二、背景介紹 3
2.1 Android App Overview ................................................ 3
2.2 Activity .................................................................... 4
2.2.1 啟動 Activity .................................................... 4
2.2.2 生命週期 (lifecycle) ............................................ 5
2.3 Activity Manage Service (AMS) ..................................... 6
2.4 Task and Back Stack ................................................... 7
2.4.1 實作於 Android 的相關類別................................. 9
2.5 Activity 的相關屬性 .................................................... 10
2.5.1 taskAffinity................................................ 10
2.5.2 launchMode ................................................... 11
2.5.3 allowTaskReparenting ................................. 12
2.6 Task Hijacking Attack.................................................. 13
2.6.1 Back Hijacking .................................................. 14
2.6.2 Spoofing Attack................................................. 16
2.6.3 Monitor App .................................................... 20
三、系統設計 22
3.1 系統架構 .................................................................. 23
3.1.1 AffinityGuard Attribute ...................................... 24
3.1.2 AffinityGuard ................................................... 26
四、系統評估 29
4.1 有效性 ..................................................................... 29
4.1.1 Back Hijacking .................................................. 31
4.1.2 Spoofing Attack and Monitor App ......................... 31
4.2 使用性 ..................................................................... 32
4.3 效能評估 .................................................................. 35
五、相關研究 36
六、討論 38
七、總結 40
參考文獻 41

參考文獻

[1] Tasks and back stack, https://developer.android.com/guide/components/ activities/tasks-and-back-stack, (Accessed on April 15, 2018).
[2] C. Ren, Y. Zhang, H. Xue, T. Wei, and P. Liu, “Towards discovering and un- derstanding task hijacking in android.,” in USENIX Security Symposium, 2015, pp. 945–959.
[3] Y. Xiao, G. Bai, J. Mao, Z. Liang, and W. Cheng, “Privilege leakage and informa- tion stealing through the android task mechanism,” in Privacy-Aware Computing (PAC), 2017 IEEE Symposium on, IEEE, 2017, pp. 152–163.
[4] L. Yang, L. Wang, and D. Zhang, “Malicious behavior analysis of android gui based on adb,” in Computational Science and Engineering (CSE) and Embedded and Ubiquitous Computing (EUC), 2017 IEEE International Conference on, IEEE, vol. 2, 2017, pp. 147–153.
[5] Z. Wang, C. Li, Y. Guan, Y. Xue, and Y. Dong, “Activityhijacker: Hijacking the android activity component for sensitive data,” in Computer Communication and Networks (ICCCN), 2016 25th International Conference on, IEEE, 2016, pp. 1–9.
[6] A. P. Felt and D. Wagner, Phishing on mobile devices. na, 2011.
[7] C. Ren, P. Liu, and S. Zhu, “Windowguard: Systematic protection of gui security in android,” in Proc. of the Annual Symposium on Network and Distributed System Security (NDSS), 2017.
[8] S. Lee, S. Hwang, and S. Ryu, “All about activity injection: Threats, semantics, and detection,” in Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering, IEEE Press, 2017, pp. 252–262.
[9] S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel, “Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps,” Acm Sigplan Notices, vol. 49, no. 6, pp. 259–269, 2014.
[10] Class intent, https://developer.android.com/reference/android/ content/Intent, (Accessed on June 6, 2018).
41
[11] Understand the activity lifecycle, https://developer.android.com/guide/ components/activities/activity-lifecycle, (Accessed on April 25, 2018).
[12] Android open source project, https://source.android.com/, (Accessed on May 1, 2018).
[13] Androguard, https://github.com/androguard/androguard, (Accessed on April 18, 2018).
[14] Q. A. Chen, Z. Qian, and Z. M. Mao, “Peeking into your app without actually seeing it: Ui state inference and novel android attacks.,” in USENIX Security Symposium, 2014, pp. 1037–1052.
[15] A. Bianchi, J. Corbetta, L. Invernizzi, Y. Fratantonio, C. Kruegel, and G. Vigna, “What the app is that? deception and countermeasures in the android user in- terface,” in 2015 IEEE Symposium on Security and Privacy (SP), IEEE, 2015, pp. 931–948.
[16] G. Essl, J. A. Halderman, Z. M. Mao, and A. Prakash, “Android ui deception revisited: Attacks and defenses,” in Financial Cryptography and Data Security: 20th International Conference, FC 2016, Christ Church, Barbados, February 22– 26, 2016, Revised Selected Papers, Springer, vol. 9603, 2017, p. 41.
[17] B. Cooley, H. Wang, and A. Stavrou, “Activity spoofing and its defense in android smartphones,” in International Conference on Applied Cryptography and Network Security, Springer, 2014, pp. 494–512.
[18] S. Afroz and R. Greenstadt, “Phishzoo: Detecting phishing websites by looking at them,” in Semantic Computing (ICSC), 2011 Fifth IEEE International Conference on, IEEE, 2011, pp. 368–375.
[19] X. Qiang, L. Bin, Y. Wei, and S. Wenchang, “Detecting android malware phishing login interface based on surf algorithm,” Journal of Tsinghua University (Science and Technology), vol. 56, no. 1, pp. 77–82, 2016.
[20] Using task affinity to launch denial-of-service or phishing attacks in android, https: / / bitbucket . org / secure - it - i / android - app - vulnerability - benchmarks/wiki/Home, (Accessed on December 12, 2017).

指導教授

許富皓

審核日期

2018-7-20

推文