摘要(中) 在2015年出現的task hijacking攻擊方法,直到最近的Android7.1.2版本都還存在task hijacking的問題。它不需要任何權限就可以進行釣魚攻擊、denial-of-service攻擊等等。惡意程式利用Androidmultitasking的正常功能與目標程式共用同一個task進行攻擊而不是使用系統漏洞。先前的研究對於task hijacking的防禦方法皆為偵測activity的啟動行為。為了能夠完全的解決task hijacking,本篇論文設計了一項新的機制稱作AffinityGuard,開發者可以自行決定是否允許第三方的應用程式共用同一個Task以及使用白名單自行設定允許的應用程式。在activity啟動時AffinityGuard進行檢測,如果發現非法共用Task時馬上將惡意程式抵擋。AffinityGuard能夠完全的阻擋task hijacking攻擊,而且不會影響Android multitasking的功能。本文也分析了大量應用程式,了解AffinityGuard影響一般應用程式的使用程度非常小。 摘要(英) Task hijacking has appeared in the 2015 year but this problem stillexists in Android version 7.1.2 recent years. An attacker can use task hi-jacking to do phishing attack, denial-of-service attack without any permis-sion. The problem of task hijacking is that powerful functions of Androidmultitasking, so malware can share the same task with the victim app.Previous researches’ solutions about defense mechanisms of task hi-jacking are detecting activity attribute and the relation between each activity. We design a new mechanism called AffinityGuard to solve this problem totally. Developers can choose whether to share the same task with a third-party application or not and also add new apps to whitelists.AffinityGuard will protect apps in the launching of the activity. If the activity shares the same task with the victim app illegally, AffinityGuard will stop malicious app to share the task with the victim app.AffinityGuard can completely prevent task hijacking without impact-ing Android multitasking system. We also analyzed a large number apps from google play and Understand that AffinityGuard affects the usage ofAndroid multitasking of general apps is very small. 關鍵字(中) ★ 任務劫持
★ 安卓關鍵字(英) ★ Task Hijacking
★ Android論文目次 摘要 v
Abstract vi
誌謝 vii
目錄 viii
一、 緒論 1
二、 背景介紹 3
2.1 Android App Overview ................................................ 3
2.2 Activity .................................................................... 4
2.2.1 啟動 Activity .................................................... 4
2.2.2 生命週期 (lifecycle) ............................................ 5
2.3 Activity Manage Service (AMS) ..................................... 6
2.4 Task and Back Stack ................................................... 7
2.4.1 實作於 Android 的相關類別................................. 9
2.5 Activity 的相關屬性 .................................................... 10
2.5.1 taskAffinity................................................ 10
2.5.2 launchMode ................................................... 11
2.5.3 allowTaskReparenting ................................. 12
2.6 Task Hijacking Attack.................................................. 13
2.6.1 Back Hijacking .................................................. 14
2.6.2 Spoofing Attack................................................. 16
2.6.3 Monitor App .................................................... 20
三、 系統設計 22
3.1 系統架構 .................................................................. 23
3.1.1 AffinityGuard Attribute ...................................... 24
3.1.2 AffinityGuard ................................................... 26
四、 系統評估 29
4.1 有效性 ..................................................................... 29
4.1.1 Back Hijacking .................................................. 31
4.1.2 Spoofing Attack and Monitor App ......................... 31
4.2 使用性 ..................................................................... 32
4.3 效能評估 .................................................................. 35
五、 相關研究 36
六、 討論 38
七、 總結 40
Using task affinity to launch denial-of-service or phishing attacks in android, https: / / bitbucket . org / secure - it - i / android - app - vulnerability - benchmarks/wiki/Home, (Accessed on December 12, 2017).指導教授 許富皓 審核日期 2018-7-20