| Android中权限提升漏洞的动态防御技术 |
| |
| 引用本文: | 张一,施勇,薛质.Android中权限提升漏洞的动态防御技术[J].信息安全与通信保密,2013(11):71-74,79. |
| |
| 作者姓名: | 张一 施勇 薛质 |
| |
| 作者单位: | 上海交通大学信息安全工程学院,上海200240 |
| |
| 摘 要: | 在Android操作系统中,权限机制是一项重要的安全机制,它为Android上的应用规定了访问权限,受到了越来越多的关注.文中首先分析了权限的工作机制和它存在的缺陷,然后介绍了权限提升攻击发起的原理,在此基础上提出了动态跟踪防御方法,可以对应用进程间通信(IPC)进行监测,监测是否发生恶意的权限提升.最后,针对Android典型应用进行了实验仿真,结果表明了检测防御方法的有效性.
|
| 关 键 词: | Android 权限提升 进程间通信 动态防御 |
Dynamic Protection Technology for Privilege Escalation Attack on Android |
| |
| ZHANG Yi,SHI Yong,XUE Zhi.Dynamic Protection Technology for Privilege Escalation Attack on Android[J].China Information Security,2013(11):71-74,79. |
| |
| Authors: | ZHANG Yi SHI Yong XUE Zhi |
| |
| Affiliation: | (School of Information Security, Shanghai Jiaotong University, Shanghai 200240, China) |
| |
| Abstract: | Permission-based seeurity policy plays a very important role in Android system, and specifies various access privileges for the application of Android. This paper analyzes the principle and defect of permission-based security policy, and then gives the cause of privilege escalation on Android. And based on this, it proposes a new dynamic protection model, thus to implement the supervision of IPC (Inter- Process Communication) policy and prevent the privilege escalation on Android. Finally, the experiment on the Android platform indicates that the dynamic protection is feasible and effective. |
| |
| Keywords: | Android privilege escalation IPC communication dynamic protection |
| 本文献已被 维普 等数据库收录! |
|
