검색 상세

A Privilege Escalation Attack Detection Framework for Android using IPC Tracking

권나경

원문보기

초록 moremore
Malicious applications can access and send out sensitive resources through a network. To detect this unwanted data access and leakages, Android system enforce the per- missions mechanism to applications to access sensitive resources. However, because of the vulnerability of the inter-process comm...
Malicious applications can access and send out sensitive resources through a network. To detect this unwanted data access and leakages, Android system enforce the per- missions mechanism to applications to access sensitive resources. However, because of the vulnerability of the inter-process communications(IPC) structure in the exist- ing Android framework, malicious third-party applications can trick the permissions system and access sensitive resources (Privilege Escalation Attack). Consequently, non-permitted applications can access sensitive resources by making a route through the permitted applications. In this thesis, we proposed an ecient detection scheme for handling these privacy issues by modifying the Android framework. We created call-chains of requests for resources by hooking all the IPCs. With the call-chains, we can track the requests for sensitive resources and nd out the provenance of request. By checking the permissions of the caller application, we can detect access to sensi- tive resources from non-permitted applications. In this way we can provide a secure framework for preventing the unwanted data leakage from malicious application
목차 moremore
I Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
II Background Information . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1 Android . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
...
I Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
II Background Information . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1 Android . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.1 Application Components . . . . . . . . . . . . . . . . . . . . 5
2.1.2 Intents and Inter-process communication . . . . . . . . . . . 6
2.1.3 Security and Permissions . . . . . . . . . . . . . . . . . . . . 8
2.2 Threats Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
III Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
IV Motivation and Research Goal . . . . . . . . . . . . . . . . . . . . . 17
4.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.2 Research Goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
{ I {
V Proposed Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
5.1 System Design Overview . . . . . . . . . . . . . . . . . . . . . . . . 20
5.1.1 IPC Provenance and Call-chain . . . . . . . . . . . . . . . . 21
5.1.2 Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.2 Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
5.2.1 Communication Message Hooking . . . . . . . . . . . . . . . 24
5.2.2 Call-chain Creations . . . . . . . . . . . . . . . . . . . . . . 25
5.2.3 Authority Checking . . . . . . . . . . . . . . . . . . . . . . 30
VI Experimental Results . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
6.1 Experiment Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
6.2 Application dependency . . . . . . . . . . . . . . . . . . . . . . . . 32
6.3 Call-chain Tracking and Detection Accuracy . . . . . . . . . . . . . 33
6.4 Performance Overhead . . . . . . . . . . . . . . . . . . . . . . . . . 35
6.4.1 Data access Roundtrip Time . . . . . . . . . . . . . . . . . 35
6.4.2 Memory Consumption . . . . . . . . . . . . . . . . . . . . . 37
VII Conclusion and Future Work . . . . . . . . . . . . . . . . . . . . . 38
7.1 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
7.2 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
”}8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41