臺灣博碩士論文加值系統

在眾多的手機作業系統中,Android 是最受歡迎的手機作業系統。在 2014 年的 Google I/O 開發者會議中,Google 宣稱在 2014 年六月,已經有超過 10 憶的使 用者在使用 Android 系統。然而,Android 系統允許安裝第三方的手機應用程式, 進而導致手機惡意程式數量的增長。在 Android 中,主要是透過內部元件通訊 當作通訊機制 (Inter-Component Communication)。手機應用程式若是不當的使 用 ICC,則可能遭受到越權攻擊。一個手機惡意程式可以透過 ICC 傳送個人資 料給其它的手機應用程式或是網路。因此,在本論文中,我們提出一個工具叫做 Multiple Layer Collusion Tracker,簡稱 MLC Tracker。MLC Tracker 檢查意圖物 件 (Intent) 特權,識別功能洩漏與代理洩漏,以預防多層次共謀型攻擊。

Among the various smartphone operating systems, Android is highly popular the mobile operating system. In Google I/O 2014 developer conference [22], Google announces that there are 1 billion active Android users on June 2014. However, Android allows installing third-party applications that may increase the spread of Android malware. The inter-component communication (ICC) is a communication mechanism in Android. The applications, improperly use ICC for communication that lead to privilege escalation attacks A malicious application can transmit per- sonal information to the internet or another malicious application. Therefore, in this thesis, we propose Multiple Layer Collusion Tracker that is named as MLC Tracker. MLC Tracker checks Intent privilege to identify vulnerabilities of deputy or capability for preventing multiple layer collusion attack.

中文摘要...................................... I
ABSTRACT .................................... III
ACKNOWLEDGEMENT ............................. V
TableofContents.................................. VI
ListofFigures ................................... X
List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . XII
INTRODUCTION ............................... 1
1.1 Motivation................................. 3
1.2 ChallengesandGoals........................... 4
1.3 Contributions............................... 4
1.4 TheOutlineofThesis .......................... 5
2 BACKGROUND ................................ 6
2.1 Android.................................. 6
2.1.1 Background............................ 6
2.1.2 InterComponentCommunication ............... 7
2.1.3 Intent ............................... 9
2.2 PotentialPermissionsofAPIsandURI................. 10
2.2.1 Permission ............................ 10
2.2.2 APIs................................ 12
2.2.3 URI................................ 12
2.2.4 PermissionsMappingAPIsandURIs . . . . . . . . . . . . . . 13
2.3 PrivilegeEscalationAttacks....................... 14
2.3.1 KernelExploitAttacks...................... 15
2.3.2 ConfusedDeputyAttacks .................... 15
2.3.3 CollusionAttacks......................... 16
2.3.4 MultipleLayerCollusionAttacks ................ 17
2.4 AndroidSecurityExtensionsandTools................. 18
2.4.1 New Android Framework for Preventing Privilege Escalation Attacks .............................. 20
2.4.2 CapabilityLeak.......................... 20
2.5 CurrentProblem ............................. 21
3 MLCTracker .................................. 23
3.1 APKConfigurationParser........................ 24
3.1.1 EntryPoint............................ 24
3.1.2 Uses-Permission.......................... 24
3.1.3 ExportedComponent ...................... 25
3.2 CorrelationStructureConstructor.................... 25
3.2.1 CapabilityLeak.......................... 25
3.2.2 InstructionExtraction ...................... 27
3.2.3 StructureGeneration....................... 28
3.3 PotentialPathMatcher ......................... 28
3.3.1 PotentialDeputyPath...................... 29
3.3.2 PotentialCapabilityPath .................... 29
3.3.3 TheCheckingStrategy...................... 30
3.3.4 TheCheckingAlgorithm..................... 31
3.3.5 Decision Tree of Deputy Leak for Deputy Path . . . . . . . . 32
3.4 APIsandURIMappingPermissions .................. 34
3.4.1 APIsMappingPermissions ................... 35
3.4.2 URIMappingPermissions.................... 35
4 Experiment ................................... 37
4.1 EnvironmentandDataset ........................ 37
4.1.1 Dataset .............................. 37
4.1.2 Environment ........................... 38
4.2 ExperimentResults............................ 38
4.2.1 CapabilityLeaksFound ..................... 39
4.2.2 DeputyLeaksFound....................... 40
4.3 EvaluationMetrics ............................ 42
4.4 EffectivenessAnalysis .......................... 43
4.5 SampleAttack .............................. 44
4.6 Discussion................................. 45
4.6.1 Limitation............................. 46
4.6.2 Discussion............................. 46
5 CONCLUSION ................................. 47
5.1 Conclusion................................. 47
5.2 FurtherWork............................... 47
References...................................... 49

[1] S. Arzt, S. Rasthofer, and E. Bodden. Susi: A tool for the fully automated classification and categorization of android sources and sinks, 2013.
[2] K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie. Pscout: analyzing the android permission specification. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 217–228, 2012.
[3] brut.all http://code.google.com/p/android apktool. android-apktool.
[4] S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shas- try. Towards taming privilege-escalation attacks on android. In 19th Annual Network &; Distributed System Security Symposium (NDSS), volume 17, pages 18–25, 2012.
[5] S. Bugiel, S. Heuser, and A.-R. Sadeghi. Flexible and fine-grained mandatory access control on android for diverse security and privacy policies. In Usenix security, pages 131–146, 2013.
[6] P. P. Chan, L. C. Hui, and S.-M. Yiu. Droidchecker: analyzing android ap- plications for capability leak. In Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks, pages 125–136, 2012.
[7] E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. Analyzing inter-application communication in android. In Proceedings of the 9th international conference on Mobile systems, applications, and services, MobiSys ’11, page 239–252, New York, NY, USA, 2011.
[8] E. Chin and D. Wagner. Bifocals: Analyzing webview vulnerabilities in android applications. In Information Security Applications, pages 138–159, 2014.
[9] I. Cisco Systems. Cisco 2014 annual security report. Technical report, Cisco Systems, Inc., 2014.
[10] X. Cui, D. Yu, P. Chan, L. C. Hui, S. Yiu, and S. Qing. Cochecker: Detect- ing capability and sensitive data leaks from component chains in android. In Information Security and Privacy, pages 446–453, 2014.
[11] L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy. Privilege escalation attacks on android. In Proceedings of the 13th International Conference on Information Security, ISC’10, pages 346–360, Berlin, Heidelberg, 2011.
[12] dex2jar http://code.google.com/p/dex2jar. dex2jar, 2014.
[13] M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D. S. Wallach. Quire: Lightweight provenance for smart phone operating systems. In USENIX Secu- rity Symposium, 2011.
[14] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. 2010.
[15] W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone appli- cation certification. In Proceedings of the 16th ACM conference on Computer and communications security, pages 235–245, 2009.
[16] EugenioDelfa. Smali-cfgs. Technical report, EugenioDelfa, 2014.
[17] A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. In Proceedings of the 18th ACM conference on Computer and communications security, pages 627–638, 2011.
[18] A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin. Permission re-delegation: Attacks and defenses. In USENIX Security Symposium, 2011.
[19] C. Fritz, S. Arzt, S. Rasthofer, E. Bodden, A. Bartel, J. Klein, Y. le Traon, D. Octeau, and P. McDaniel. Highly precise taint analysis for android applica- tions. EC SPRIDE, TU Darmstadt, Tech. Rep, 2013.
[20] H. Gascon, F. Yamaguchi, D. Arp, and K. Rieck. Structural detection of android malware using embedded call graphs. In Proceedings of the 2013 ACM workshop on Artificial intelligence and security, pages 45–54, 2013.
[21] C. Gibler, J. Crussell, J. Erickson, and H. Chen. AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. 2012.
[22] Google. Google i/o 2014 developer conference. Technical report, Google, 2014.
[23] google https://play.google.com/store. Google play, 2014.
[24] M. C. Grace, Y. Zhou, Z. Wang, and X. Jiang. Systematic detection of capa- bility leaks in stock android smartphones. In NDSS, 2012.
[25] H. Gunadi and A. Tiu. Efficient runtime monitoring with metric temporal logic: A case study in the android operating system. In FM 2014: Formal Methods, pages 296–311, 2014.
[26] K. S. Han, Y. Lee, B. Jiang, and E. G. Im. Android permission system violation: Case study and refinement. International Journal of E-Entrepreneurship and Innovation (IJEEI), 4(1):16–27, 2013.
[27] jd-gui http://jd.benow.ca/. Java decompiler, 2014.
[28] J. Jeon, K. K. Micinski, J. A. Vaughan, A. Fogel, N. Reddy, J. S. Foster, and T. Millstein. Dr. android and mr. hide: fine-grained permissions in android applications. In Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices, pages 3–14, 2012.
[29] M. Lange, S. Liebergeld, A. Lackorzynski, A. Warg, and M. Peter. L4android: a generic operating system framework for secure smartphones. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, pages 39–50, 2011.
[30] L. Li, A. Bartel, J. Klein, and Y. Le Traon. Using a path matching algorithm to detect inter-component leaks in android apps, 2014.
[31] L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang. Chex: statically vetting android apps for component hijacking vulnerabilities. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 229–240, 2012.
[32] C. Marforio, A. Francillon, S. Capkun, S. Capkun, and S. Capkun. Application collusion attack on the permission-based security model and its implications for modern smartphone systems. 2011.
[33] C. Marforio, H. Ritzdorf, A. Francillon, and S. Capkun. Analysis of the commu- nication between colluding applications on modern smartphones. In Proceedings of the 28th Annual Computer Security Applications Conference, pages 51–60, 2012.
[34] V. Moonsamy, M. Alazab, and L. Batten. Towards an understanding of the impact of advertising on data leaks. International journal of security and net- works, 7(3):181–193, 2012.
[35] D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden, J. Klein, and Y. Le Traon. Effective inter-component communication mapping in android with epicc: An essential step towards holistic security analysis, 2013.
[36] Y. Park, C. Lee, C. Lee, J. Lim, S. Han, M. Park, and S.-J. Cho. Rgbdroid: a novel response-based approach to android privilege escalation attacks. In Pro- ceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats, LEET, volume 12, pages 9–9, 2012.
[37] M. Rangwala, P. Zhang, X. Zou, and F. Li. A taxonomy of privilege escalation attacks in android applications. International Journal of Security and Networks, 9(1):40–55, 2014.
[38] A. Research. Q1 2014 smartphone os results: Android dominates high growth developing markets. Technical report, ABI Research, 2014.
[39] D. Sbirlea, M. G. Burke, S. Guarnieri, M. Pistoia, and V. Sarkar. Automatic detection of inter-application permission leaks in android applications. IBM Journal of Research and Development, 57(6):10–1, 2013.
[40] R. Schlegel, K. Zhang, X.-y. Zhou, M. Intwala, A. Kapadia, and X. Wang. Soundcomber: A stealthy and context-aware sound trojan for smartphones. In NDSS, volume 11, pages 17–33, 2011.
[41] A. Shabtai, Y. Fledel, and Y. Elovici. Securing android-powered mobile devices using selinux. IEEE Security &; Privacy, 8(3):36–44, 2010.
[42] S. Smalley and R. Craig. Security enhanced (se) android: Bringing flexible mac to android. In NDSS, 2013.
[43] Sophos. Sophos mobile security threat report. Technical report, Sophos, 2014.
[44] L. D. Sven Bugiel. Xmandroid: A new android evolution to mitigate privilege
escalation attacks. In Harvard University, 2011.
[45] Symantec. 2013 symantec security response - mobile adware and malware anal-
ysis. Technical report, Symantec, 2013.
[46] M. Zhang and H. Yin. Appsealer: Automatic generation of vulnerability-specific patches for preventing component hijacking attacks in android applications. In Proceedings of the 21th Annual Network and Distributed System Security Symposium (NDSS’14), 2014.
[47] Y. Zhongyang, Z. Xin, B. Mao, and L. Xie. Droidalarm: an all-sided static analysis tool for android privilege-escalation malware. In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, pages 353–358, 2013.
[48] W. Zhou, Y. Zhang, and X. Liu. Poster: A new framework against privilege escalation attacks on android. In Proceedings of the 2013 ACM SIGSAC con- ference on Computer &; communications security, pages 1411–1414, 2013.
[49] W. Zhou, Y. Zhou, M. Grace, X. Jiang, and S. Zou. Fast, scalable detection of piggybacked mobile applications. In Proceedings of the third ACM conference on Data and application security and privacy, pages 185–196, 2013.
[50] W. Zhou, Y. Zhou, X. Jiang, and P. Ning. Detecting repackaged smartphone applications in third-party android marketplaces. In Proceedings of the second ACM conference on Data and Application Security and Privacy, pages 317–326, 2012.
[51] X. Zhou, S. Demetriou, D. He, M. Naveed, X. Pan, X. Wang, C. A. Gunter, and K. Nahrstedt. Identity, location, disease and more: Inferring your secrets from android public resources. In Proceedings of the 2013 ACM SIGSAC conference on Computer &; communications security, pages 1017–1028, 2013.
[52] Y. Zhou and X. Jiang. Dissecting android malware: Characterization and evolution. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 95–109, 2012.