參考文獻 |
[1] R. R. Beck, A. Vijeev, and V. Ganapathy, “Privaros: A framework for privacycompliant
delivery drones,” ACM SIGSAC Conference on Computer and Communications
Security, 2020.
[2] Information flow control. [Online]. Available: https://en.wikipedia.org/
wikiInformation_flow_(information_theory)
[3] M. Krohn, A. Yip, M. Brodsky, N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris,
“Information flow control for standard os abstractions,” ACM SIGOPS Symposium
on Operating Systems Principles, pp. 321––334, 2007.
[4] N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières, “Making information
flow explicit in histar,” Commun. ACM, vol. 54, no. 11, pp. 93––101, 2011.
[5] W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. Mc-
Daniel, and A. N. Sheth, “Taintdroid: An information-flow tracking system for realtime
privacy monitoring on smartphones,” ACM Trans. Comput. Syst., vol. 32, no. 2,
Jun. 2014.
[6] A. Nadkarni, B. Andow, W. Enck, and S. Jha, “Practical DIFC enforcement on android,”
USENIX Security Symposium (USENIX Security 16), pp. 1119–1136, 2016.
[7] Y. Xu and E. Witchel, “Maxoid: Transparently confining mobile applications with
custom views of state,” European Conference on Computer Systems, 2015.
[8] Mandatory Access Control. [Online]. Available: https://en.wikipedia.org/wiki/
Mandatory_access_control
[9] Discretionary Access Control. [Online]. Available: https://en.wikipedia.org/wiki/
Discretionary_access_control
[10] CentOS.org, “Security-enhanced linux,” 2021. [Online]. Available: https://wiki.
centos.org/HowTos/SELinux
[11] Apparmor.org, “An effective and easy-to-use linux application security system,”
2021. [Online]. Available: https://gitlab.com/apparmor/apparmor/-/wikis/home
[12] R. Wang, A. M. Azab, W. Enck, N. Li, P. Ning, X. Chen, W. Shen, and Y. Cheng,
“Spoke: Scalable knowledge collection and attack surface analysis of access control
policy for security enhanced android,” ACM on Asia Conference on Computer and
Communications Security, pp. 612––624, 2017.
[13] R. Wang, W. Enck, D. Reeves, X. Zhang, P. Ning, D. Xu, W. Zhou, and A. M.
Azab, “Easeandroid: Automatic policy analysis and refinement for security enhanced
android via large-scale semi-supervised learning,” USENIX Security Symposium
(USENIX Security 15), pp. 351–366, 2015.
[14] S. Bugiel, S. Heuser, and A.-R. Sadeghi, “Flexible and fine-grained mandatory access
control on android for diverse security and privacy policies,” USENIX Security
Symposium (USENIX Security 13), pp. 131–146, 2013.
[15] F. Roesner, D. Molnar, A. Moshchuk, T. Kohno, and H. J. Wang, “World-driven
access control for continuous sensing,” ACM SIGSAC Conference on Computer and
Communications Security, pp. 1169––1181, 2014.
[16] Trusted Execution Environment. [Online]. Available: https://en.wikipedia.org/wiki/
Trusted_execution_environment
[17] Intel SGX. [Online]. Available: https://en.wikipedia.org/wiki/Trusted_execution_
environment
[18] ARM.org, “Arm trustzone technology,” 2021. [Online]. Available: https:
//developer.arm.com/ip-products/security-ip/trustzone
[19] Qualcomm.org, “Qualcomm's “secure world",” 2021. [Online]. Available:
https://www.qualcomm.com/media/documents/files/guard-your-data-withthe-
qualcomm-snapdragon-mobile-platform.pdf
[20] OP-TEE.org, “Open portable trusted execution environment,” 2021. [Online].
Available: https://www.optee.org
[21] Paul W. Frields, “Infrastructure report,” 2008. [Online]. Available: https:
//listman.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html
[22] RedHat.org, “Critical: openssh security update,” 2008. [Online]. Available:
http://rhn.redhat.com/errata/RHSA-2008-0855.html
[23] CERT/CC, “Cert advisory ca-2000-09 flaw in pgp 5.0 key generation,” 2000.
[Online]. Available: http://www.cert.org/advisories/CA-2000-09.html
[24] Werner Koch, “[announce] gnupg's elgamal signing keys compromised,” 2003. [Online].
Available: https://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000160.
html
[25] Florian Weimer, “[security] [dsa 1571-1] new openssl packages fix predictable
random number generator,” 2008. [Online]. Available: https://lists.debian.org/
debian-security-announce/2008/msg00152.html
[26] M. M. E. A. Mahmoud, J. Misic, and X. Shen, “Efficient public-key certificate revocation
schemes for smart grid,” IEEE Global Communications Conference (GLOBECOM),
pp. 778–783, 2013.
[27] J. Samuel, N. Mathewson, J. Cappos, and R. Dingledine, “Survivable key compromise
in software update systems,” ACM Conference on Computer and Communications
Security, pp. 61––72, 2010.
[28] K. Suzaki, A. Tsukamoto, A. Green, and M. Mannan, “Reboot-oriented iot: Life
cycle management in trusted execution environment for disposable iot devices,” Annual
Computer Security Applications Conference, pp. 428––441, 2020.
[29] J. Reardon, Á. Feal, P. Wijesekera, A. E. B. On, N. Vallina-Rodriguez, and S. Egelman,
“50 ways to leak your data: An exploration of apps’ circumvention of the
android permissions system,” USENIX Security Symposium (USENIX Security 19),
pp. 603–620, 2019.
[30] Common Vulnerabilities and Exposures, “Cve in android,” 2021. [Online].
Available: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Android
[31] CVE Details, “Google's android vulnerability statistics,” 2021. [Online]. Available:
https://www.cvedetails.com/product/19997/Google-Android.html?vendorid=1224
[32] CVE Details, “Linux kernel vulnerability statistics,” 2021. [Online]. Available:
https://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendorid=33
[33] OMTP.org, “Omtp advanced trusted environment omtp tr1 v1.1,” 2021. [Online].
Available: http://www.omtp.org/OMTP_Advanced_Trusted_Environment_
OMTP_TR1_v1_1.pdf
[34] GlobalPlatform.org, 2021. [Online]. Available: https://globalplatform.org/
[35] GlobalPlatform.org, “Tee system architecture v1.2,” 2018. [Online]. Available:
https://globalplatform.org/specs-library/tee-system-architecture-v1-2/
[36] GlobalPlatform.org, “Tee client api specification v1.0,” 2010. [Online]. Available:
https://globalplatform.org/specs-library/tee-client-api-specification/
[37] GlobalPlatform.org, “Tee internal core api specification v1.2.1,” 2019. [Online].
Available: https://globalplatform.org/specs-library/tee-internal-core-apispecification-
v1-2/
[38] V. Costan and S. Devadas, “Intel sgx explainedm.”
[39] David Kaplanm Jeremy Powell, and Tom Wollerg, “Amd memory encryption,”
2016. [Online]. Available: https://developer.amd.com/wordpress/media/2013/12/
AMDMemoryEncryptionWhitepaperv7-Public.pdf
[40] ARM Limited, “Arm trustzone technology,” 2021. [Online]. Available: https:
//developer.arm.com/ip-products/security-ip/trustzone
[41] ARM Limited, “Building a secure system using trustzone technology,” 2009,
[Online; accessed 20-July-2021]. [Online]. Available: https://static.docs.arm.com/
genc009492/c/PRD29-GENC-009492Ctrustzonesecuritywhitepaper.pdf
[42] ARM Limited, “Smc calling convention system software on arm platforms,” 2016.
[Online]. Available: https://developer.arm.com/documentation/den0028/b/
[43] Certificate revocation lists, 2016. [Online]. Available: https://tools.ietf.org/html/
rfc3280
[44] A. Kolehmainen, “Secure firmware updates for iot: a survey,” IEEE International
Conference on Internet of Things (iThings) and IEEE Green Computing and Communications
(GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom)
and IEEE Smart Data (SmartData), pp. 112–117, 2018.
[45] Software updates for internet of things, 2021. [Online]. Available: https:
//datatracker.ietf.org/doc/rfc9019/
[46] D. K. Nilsson, L. Sun, and T. Nakajima, “A framework for self-verification of
firmware updates over the air in vehicle ecus,” IEEE Globecom Workshops, pp. 1–5,
2008.
[47] P. Thakur, V. Bodade, A. Achary, M. Addagatla, N. Kumar, and Y. Pingle, “Universal
firmware upgrade over-the-air for iot devices with security,” International
Conference on Computing for Sustainable Global Development (INDIACom), pp.
27–30, 2019.
[48] R. Dhobi, S. Gajjar, D. Parmar, and T. Vaghela, “Secure firmware update over the
air using trustzone,” Innovations in Power and Advanced Computing Technologies
(i-PACT), vol. 1, pp. 1–4, 2019.
[49] Stack overflow. [Online]. Available: https://en.wikipedia.org/wiki/Stack_Overflow
[50] Heap Overflow. [Online]. Available: https://en.wikipedia.org/wiki/Heap_overflow
[51] Shellcode. [Online]. Available: https://en.wikipedia.org/wiki/Shellcode
[52] Y. Yang, J. Moon, K. Jung, and J. Kim, “Downloadable trusted applications on tizen
™ tv: Trustware™ extension: As a downloadable application framework,” IEEE
International Conference on Consumer Electronics (ICCE), pp. 1–4, 2018.
[53] N. Tarate, “Using arm trustzone to implement downloadable cas framework and secure
media pipeline in iptv client devices,” IEEE International Symposium on Broadband
Multimedia Systems and Broadcasting (BMSB), pp. 1–11, 2018.
[54] Teep protocol. [Online]. Available: https://datatracker.ietf.org/doc/draft-ietf-teepprotocol
[55] I. JSON. [Online]. Available: https://www.json.org/jsonen.html
[56] T. Yamauchi, Y. Akao, R. Yoshitani, Y. Nakamura, and M. Hashimoto, “Additional
kernel observer: privilege escalation attack prevention mechanism focusing on system
call privilege changes,” International Journal of Information Security, pp. 1–13,
2020.
[57] LSM vulnerability. [Online]. Available: http://blog.siphos.be/2013/05/looking-atthe-
local-linux-kernel-privilegeescalation/
[58] J. Morris, S. Smalley, and G. Kroah-Hartman, “Linux security modules: General security
support for the linux kernel,” USENIX Security Symposium, pp. 17–31, 2002.
[59] J. Wei and C. Pu, “Tocttou vulnerabilities in unix-style file systems: An anatomical
study.” FAST, vol. 5, pp. 12–12, 2005.
[60] X. Cai, Y. Gui, and R. Johnson, “Exploiting unix file-system races via algorithmic
complexity attacks,” IEEE Symposium on Security and Privacy, pp. 27–41, 2009.
[61] S. Parkinson, V. Somaraki, and R. Ward, “Auditing file system permissions using
association rule mining,” Expert Systems with Applications, vol. 55, pp. 274–283,
2016.
[62] H. Chen, Y. Mao, X. Wang, D. Zhou, N. Zeldovich, and M. F. Kaashoek, “Linux
kernel vulnerabilities: State-of-the-art defenses and open problems,” Asia-Pacific
Workshop on Systems, pp. 1–5, 2011.
[63] IPC method. [Online]. Available: https://tutorialspoint.dev/computer-science/
operating-systems/interprocess-communication-methods
[64] Absolute path. [Online]. Available: https://www.linux.com/training-tutorials/
absolute-path-vs-relative-path-linuxunix
[65] Covert channel. [Online]. Available: https://en.wikipedia.org/wiki/Covert_channel
[66] Buffer overflow. [Online]. Available: https://en.wikipedia.org/wiki/Buffer_
overflow
[67] Kernel Self-Protection. [Online]. Available: https://www.kernel.org/doc/html/latest/
security/self-protection.html
[68] Shared memory. [Online]. Available: https://optee.readthedocs.io/en/latest/
architecture/core.html#noncontiguous-shared-buffers
[69] OP-TEE development keypair. [Online]. Available: https://optee.readthedocs.io/en/
latest/architecture/porting_guidelines.html
[70] Mbed TLS. [Online]. Available: https://tls.mbed.org/api
[71] STMicroelectronics. [Online]. Available: https://www.st.com/content/st_com/en.
html
[72] OP-TEE example. [Online]. Available: https://optee.readthedocs.io/en/latest/
building/gits/optee_examples/optee_examples.html
[73] OP-TEE File Encryption Key. [Online]. Available: https://optee.readthedocs.io/en/
latest/architecture/secure_storage.html |