基于自动代码生成的Android服务层测试框架

Android是应用广泛的移动操作系统,正面临着非法提权、资源耗尽攻击等威胁。许多攻击都利用了Android系统服务中的漏洞,如JNI全局引用耗尽攻击(JGRE)、Android重击漏洞(ASV)和权限泄漏,这些漏洞会导致系统冻结、重新启动和未经授权的权限升级。本文中提出了一个Android服务层自动测试框架,扫描Android服务中存在的漏洞,并命名为Android服务自动测试工具。Android服务自动测试工具可以根据系统服务接口(Service API)自动生成测试代码来自动验证漏洞,大幅度减少人工验证的工作量。将Android服务自动测试工具应用于Android 9上,自动生成了720套测试代码,在137个系统服务中,总共发现了33个漏洞,其中的19个系统服务有28个JGRE漏洞,其中3个系统服务有5个权限提升漏洞。     

基于联邦学习的第三方库流量识别

第三方库(Third-party Library,TPL)已经成为移动应用开发的重要组成部分,开发者通常在应用中集成TPL以实现诸如广告、消息推送、移动支付等特定功能,从而提高开发效率并降低研发成本。然而,由于TPL与其所在的移动应用(宿主应用)共享相同的系统权限,且开发者对TPL自身的安全隐患缺乏了解,导致近年来由TPL引起的安全问题频发,给公众造成了严重的信息与隐私安全困扰。TPL的流量识别对于精细化流量管理与安全威胁检测具有重要意义,是支撑对宿主应用与TPL之间进行安全责任判定的重要能力,同时也是促进TPL安全合规发展的重要检测方法。然而目前关于TPL的研究主要集中于TPL检测、TPL引起的隐私泄漏问题等,关于TPL流量识别的研究十分少见。为此,本文提出并实现了一种用于TPL流量识别的框架——LibCapture,该框架首先基于动态插桩技术与TPL检测技术设计了自动生成TPL加密流量数据集的方法。其次,针对隐私保护以及数据共享的问题,构建了基于卷积神经网络的联邦学习模型,用于识别TPL流量。最后,通过对2327个真实应用的流量测试证明了本文所提框架具有较高的流量识别准确率。此外,本文分析了联邦学习参与方本地样本数据差异性给全局模型聚合带来的具体影响,指出了不同场景下的进一步研究方向。     

基于攻击模式的攻击图自动生成方法研究

基于攻击图的网络漏洞分析是加强网络安全的重要方法。然而,当研究大规模网络时,怎样提高攻击图生成效率是当今研究的热点问题。该文在漏洞分析模型的基础上,提出一种攻击图自动生成方法的模型。从研究攻击者行为的角度入手,定义了攻击模式和相应的Prolog规则,来自动生成基本子攻击和攻击图,很大地提高了漏洞分析的效率。     

安全协议类型漏洞攻击研究

类型漏洞攻击是对安全协议攻击的方法之一。当协议主体将所接收消息中的一种类型数据解释成其他类型数据时,就会发生类型漏洞攻击。该文描述了几种典型的类型漏洞攻击实例,结合实例指出了J.Heather等人提出的在消息中添加标识消息类型的附加信息以防止类型漏洞攻击的tag方法的局限性,并提出在协议实现中通过检测消息长度防止类型漏洞攻击的方法。     

基于异常诊断的代码注入攻击自动分析和响应系统

提出了一种基于进程异常场景分析的代码注入攻击自动分析和响应系统.该系统根据进程异常场景自动分析攻击载荷句法,并生成面向漏洞的攻击特征,由该攻击特征,可以识别和阻断基于同一未知漏洞同种利用方式的各种代码注入攻击的变形.通过在生成攻击特征以及响应攻击的过程中结合网络协议和进程的状态,可以在不升高检测漏警概率的前提下显著地降低响应虚警概率和系统对外服务的响应时间.另外,还简要介绍了基于Linux和Windows 2000的原型系统,并给出了功能和性能的实验结果.     

面向智能攻击的行为预测研究

人工智能的迅速发展和广泛应用促进了数字技术的整体跃升,然而基于人工智能技术的智能攻击也逐渐成为一种新型的攻击手段,传统的攻击防护方式已经不能满足安全防护的实际需求.通过预测攻击行为的未来步骤,提前部署针对性的防御措施,可以在智能攻击的对抗中取得先机和优势,有效保护系统安全.首先界定了智能攻击和行为预测的问题域,对相关研究领域进行了概述;然后梳理了面向智能攻击的行为预测的研究方法,对相关工作进行分类和详细介绍;之后分别阐述了不同种类的预测方法的原理机制,并从特征及适应范围等角度对各个种类的方法做进一步对比和分析;最后展望了智能攻击行为预测的挑战和未来研究方向.     

基于漏洞关联攻击代价的攻击图生成算法

在已有的网络攻击图生成方法的基础上,从漏洞关联的攻击代价出发,设计了一种攻击图生成基本框架,提出了一种基于漏洞关联攻击代价的网络攻击图的自动生成算法。该算法能有效结合漏洞之间的相关性,科学地评估攻击代价,有效删除了攻击代价过高、现实意义不大的攻击路径,简化了攻击图,并通过实验检验了该算法的合理性和有效性。     

基于内存更新记录的漏洞攻击错误定位方法

软件漏洞攻击威胁日益严重.其中基于内存腐败漏洞的攻击最为普遍,如缓冲区溢出和格式化串漏洞.提出一种针对内存腐败漏洞攻击的自动错误定位方法.基于内存更新操作记录,可以回溯找到程序源代码中腐败关键数据的语句,从而提供有益的信息修复漏洞并生成最终补丁.     

IIS漏洞原理及防护措施分析

针对微软的因特网信息服务器 (IIS)系统 ,从WindowsNT和IIS的安全机制入手 ,剖析了漏洞的原理和利用漏洞进行攻击的实质 ,并详细分析了几个典型的IIS漏洞及其攻击方法。最后 ,提出了IIS漏洞的基本防护措施     

基于Android虚拟化框架的隐私保护方案

Android插件，是在Android系统中一个全新的应用级虚拟化技术。这种虚拟化技术已经广泛应用于热门应用的开发，因为宿主系统对于宿主系统中的被多开的应用具有不弱于Root权限的权限，能够方便地、快捷有效地介入应用的运行过程，也能够实时动态检测宿主系统中应用的运行状况。应用级虚拟化框架的引入，打破了Android原有的安全机制，引入了一定威胁，例如特权提升攻击、代码注入攻击、勒索软件攻击、系统服务漏洞和网络钓鱼攻击，恶意应用软件可以利用虚拟化框架的漏洞进行隐私数据的获取。因此，本文针对以上漏洞在虚拟化框架中进行修复，通过本文中的方案，提供了一个比较安全可靠的虚拟化框架供应用在其中运行，并且不会对Android原生系统进行修改，保证用户的隐私数据能够免受恶意APP的窃取。     

An automatically vetting mechanism for SSL error-handling vulnerability in android hybrid Web apps

A large set of diverse hybrid mobile apps, which use both native Android app UIs and Web UIs, are widely available in today’s smartphones. These hybrid apps usually use SSL or TLS to secure HTTP based communication. However, researchers show that incorrect implementation of SSL or TLS may lead to serious security problems, such as Man-In-The-Middle (MITM) attacks and phishing attacks. This paper investigates a particular SSL vulnerability that results from error-handling code in the hybrid mobile Web apps. Usually such error-handling code is used to terminate an ongoing communication, but the vulnerability of interest is able to make the communication proceed regardless of SSL certificate verification failures, eventually lead to MITM attacks. To identify those vulnerable apps, we develop a hybrid approach, which combines both static analysis and dynamic analysis to (1) automatically distinguish the native Android UIs and Web UIs, and execute the Web UIs to trigger the error-handling code; (2) accurately select the correct paths from the app entry-point to the targeted code, meanwhile avoiding the crash of apps, and populate messaging objects for the communication between components. Specifically, we construct inter-component call graphs to model the connections, and design algorithms to select the paths from the established graph and determine the parameters by backtracing. To evaluate our approach, we have implemented and tested it with 13,820 real world mobile Web apps from Google Play. The experimental results demonstrate that 1,360 apps are detected as potentially vulnerable ones solely using the static analysis. The dynamic analysis process further confirms that 711 apps are truly vulnerable among the potentially vulnerable set.     

面向Android生态系统中的第三方SDK安全性分析

现如今,许多Android开发人员为了缩短开发时间,选择在其应用程序中内置第三方SDK.第三方SDK是一种由广告平台,数据提供商,社交网络和地图服务提供商等第三方服务公司开发的工具包,它已经成为Android生态系统的重要组成部分.令人担心的是,一个SDK有安全漏洞,会导致所有包含该SDK的应用程序易受攻击,这严重影响了Android生态系统的安全性.因此,我们在市场上选取了129个流行的第三方SDK并对其安全性进行了全面分析.为了提高分析的准确性,我们将第三方SDK的demo应用作为分析对象并使用了在分析Android应用中有效的分析方法（例如静态污点追踪、动态污点追踪、动态二进制插桩等）和分析工具（例如flowdroid、droidbox等）.结果显示,在选取的这些SDK中,超过60%含有各种漏洞（例如：HTTP的误用, SSL/TLS的不正确配置, 敏感权限滥用,身份识别, 本地服务,通过日志造成信息泄露,开发人员的失误）.这对于相关应用程序的使用者构成了威胁.     

Component-based permission management of Android applications

Most Android applications include third-party libraries (3PLs) to make revenues, to facilitate their development, and to track user behaviors. 3PLs generally require specific permissions to realize their functionalities. Current Android systems manage permissions in app (process) granularity. As a result, the permission sets of apps with 3PLs (3PL-apps) may be augmented, introducing overprivilege risks. In this paper, we firstly study how severe the problem is by analyzing the permission sets of 27 718 real-world Android apps with and without 3PLs downloaded in both 2016 and 2017. We find that the usage of 3PLs and the permissions required by 3PL-apps have increased over time. As a result, the possibility of overprivilege risks increases. We then propose Perman, a fine-grained permission management mechanism for Android. Perman isolates the permissions of the host app and those of the 3PLs through dynamic code instrumentation. It allows users to manage permission requests of different modules of 3PL-apps during app runtime. Unlike existing tools, Perman does not need to redesign Android apps and systems. Therefore, it can be applied to millions of existing apps and various Android devices. We conduct experiments to evaluate the effectiveness and efficiency of Perman. The experimental results verify that Perman is capable of managing permission requests of the host app and those of the 3PLs. We also confirm that the overhead introduced by Perman is comparable to that by existing commercial permission management tools.     

Personalized app recommendation based on app permissions

With the development of science and technology, the popularity of smart phones has made exponential growth in mobile phone application market. How to help users to select applications they prefer has become a hot topic in recommendation algorithm. As traditional recommendation algorithms are based on popularity and download, they inadvertently fail to recommend the desirable applications. At the same time, many users tend to pay more attention to permissions of those applications, because of some privacy and security reasons. There are few recommendation algorithms which take account of apps’ permissions, functionalities and users’ interests altogether. Some of them only consider permissions while neglecting the users’ interests, others just perform linear combination of apps’ permissions, functionalities and users’ interests to implement top-N recommendation. In this paper, we devise a recommendation method based on both permissions and functionalities. After demonstrating the correlation of apps’ permissions and users’ interests, we design an app risk score calculating method ARSM based on app-permission bipartite graph model. Furthermore, we propose a novel matrix factorization algorithm MFPF based on users’ interests, apps’ permissions and functionalities to handle personalized app recommendation. We compare our work with some of the state-of-the-art recommendation algorithms, and the results indicate that our work can improve the recommendation accuracy remarkably.     

Using ontologies to perform threat analysis and develop defensive strategies for mobile security

Existing studies on the detection of mobile malware have focused mainly on static analyses performed to examine the code-structure signature of viruses, rather than the dynamic behavioral aspects. By contrast, the unidentified behavior of new mobile viruses using the self-modification, polymorphic, and mutation techniques for variants have largely been ignored. The problem of precision regarding malware variant detection has become one of the key concerns in mobile security. Accordingly, the present study proposed a threat risk analysis model for mobile viruses, using a heuristic approach incorporating both malware behavior analysis and code analysis to generate a virus behavior ontology associated with the Protégé platform. The proposed model can not only explicitly identify an attack profile in accordance with structural signature of mobile viruses, but also overcome the uncertainty regarding the probability of an attack being successful. This model is able to achieve this by extending frequent episode rules to investigate the attack profile of a given malware, using specific event sequences associated with the sandbox technique for mobile applications (apps) and hosts. For probabilistic analysis, defense evaluation metrics for each node were used to simulate the results of an attack. The simulations focused specifically on the attack profile of a botnet to assess the threat risk. The validity of the proposed approach was demonstrated numerically by using two malware cyber-attack examples. Overall, the results presented in this paper prove that the proposed scheme offers an effective countermeasure, evaluated using a set of security metrics, for mitigating network threats by considering the interaction between the attack profiles and defense needs.     

大数据环境下威胁的协作式检测综述

恶意的不法分子采用直接或间接的方法攻击个人、机构、国家,从而使其遭受不同程度的威胁。此类信息的形式多种多样,数据量巨大,而且需要被高速地处理。因此,首先对5种典型的协作式检测模型Esper,Hadoop,Agilis,Storm和Spark进行分析、比较,阐述不同模型所适用的网络环境;然后对网络环境中常用的攻击手段DDoS,MITM,APT进行分析,说明检测这些攻击适合采用的模型;最后给出威胁的协作式检测架构模型部署方案,该方案包括发送和接收处理两个组件,并指出可根据实际需要进行不同模型的架构部署;特别地,给出了对等 网络、分等级的安全域网络、分层结构网络中架构模型的部署方案。     

Secure authentication using ciphertext policy attribute-based encryption in mobile multi-hop networks

With the dramatic increase of the number of mobile devices such as smartphones and tablet PCs, mobile traffic has increased enormously. Especially, the multimedia data accounts for bulk of the traffic transmitted in mobile networks. To accommodate this growth, device-to-device connection (D2D), which provides infra-connection off-loading, is receiving significant attention. However, we have observed that the majority of the current D2D protocols including Bluetooth and Wi-Fi Direct are vulnerable to man-in-the-middle (MITM) and replay attacks in mobile multi-hop networks. To resolve this problem, in this paper, we propose a novel D2D authentication protocol with a secure initial key establishment using ciphertext-policy attribute-based encryption (CP-ABE). By leveraging CP-ABE, the proposed scheme allows the communicating parties to mutually authenticate and derive the link key in an expressive and secure manner in a multi-hop network environment. We also propose several variations of the proposed scheme for different scenarios in a multi-hop networks without network infrastructure. We prove that the proposed scheme is secure against MITM and replay attack in D2D mobile multi-hop networks. Experimental results indicate that the proposed scheme incurs reasonable computation cost in the real world.     

Detecting plagiarized mobile apps using API birthmarks

This paper addresses the problem of detecting plagiarized mobile apps. Plagiarism is the practice of building mobile apps by reusing code from other apps without the consent of the corresponding app developers. Recent studies on third-party app markets have suggested that plagiarized apps are an important vehicle for malware delivery on mobile phones. Malware authors repackage official versions of apps with malicious functionality, and distribute them for free via these third-party app markets. An effective technique to detect app plagiarism can therefore help identify malicious apps. Code plagiarism has long been a problem and a number of code similarity detectors have been developed over the years to detect plagiarism. In this paper we show that obfuscation techniques can be used to easily defeat similarity detectors that rely solely on statically scanning the code of an app. We propose a dynamic technique to detect plagiarized apps that works by observing the interaction of an app with the underlying mobile platform via its API invocations. We propose API birthmarks to characterize unique app behaviors, and develop a robust plagiarism detection tool using API birthmarks.     

FSH scheme for high-speed handover and anti-MITM on mobile computing

As an IEEE 802.11-based mobile computing system has been established as the base structure of high-speed wireless network, interest in mobility and security of mobile terminal has increased. To reinforce security, 802.1x and 802.11i using EAP were used in standardized instrument. But it was found to be unsuitable for real time multimedia service because of the time delay. In this paper, we suggest Fast and Secure Handover (FSH) scheme which minimizes time delay in handover authentication process and prevents MITM (Man in the Middle) attack. This scheme carries out re-association process which is necessary for high-speed handover using Inter Access Point Protocol (IAPP) and Old_MSK. To make existing 802.1x-based user certification procedure suitable for high-speed handover, the terminal and pre-handover-accessed Old_AP make Rough_AP to prevent MITM. To do this, Old_AP uses the Old_MSK-used encrypted method which was used to encrypt MAC information of the mobile terminal and Old_AP. Hereby, FSH has been developed to become high-speed handover which has the 802.1x-supported security level and the skill of preventing MITM. In this paper, by simulation (NS-2), we confirmed the superiority in streaming service such as decreased handover time delay and VoIP.     

Formal analysis of seamless application execution in mobile cloud computing

Mobile cloud computing augments the resource-constrained mobile devices to run rich mobile applications by leveraging the cloud resources and services. Compute-intensive mobile apps require significant communication resources for migrating the code from mobile devices to the cloud. For such apps, distributed application execution frameworks (DAEF) have been proposed in the literature. These frameworks either migrate the mobile app code during runtime or keep the app synchronized with another remotely executed app on the cloud. Frameworks also support mobile app live migration to cater for compute node mobility. One key research question arises is how successful are these DAEFs in achieving the seamless application execution under various network conditions? The answer to this question entails formal analysis of the DAEFs to determine the realistic bounds on propagation delay, bandwidth and application interaction with mobile device for various types and sizes of apps. In this research, we apply formal analysis techniques to define the execution time of the app and the time required for code migration. We also define three conditions for seamless application execution. Given realistic values for processor speed, application executable size, possible number of executed instructions, network propagation delay and transmission delay, we show what components of the mobile app need to be migrated during execution to the cloud. Finally, we compute realistic bounds for the app size (that can be executed seamlessly) based on important features which include cloud and device resources, bandwidth and latency profile.