首页 > 最新文献

Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security最新文献

英文 中文
Detecting Inter-App Information Leakage Paths 检测应用间信息泄露路径
S. Bhandari, F. Herbreteau, V. Laxmi, A. Zemmari, P. Roop, M. Gaur
Sensitive (private) information can escape from one app to another using one of the multiple communication methods provided by Android for inter-app communication. This leakage can be malicious. In such a scenario, individual benign app, in collusion with other conspiring apps, if present, can leak the private information. In this work in progress, we present, a new model-checking based approach for inter-app collusion detection. The proposed technique takes into account simultaneous analysis of multiple apps. We are able to identify any set of conspiring apps involved in the collusion. To evaluate the efficacy of our tool, we developed Android apps that exhibit collusion through inter-app communication. Eight demonstrative sets of apps have been contributed to widely used test dataset named DroidBench. Our experiments show that proposed technique can accurately detect the presence/absence of collusion among apps. To the best of our knowledge, our proposal has improved detection capability than other techniques.
使用Android提供的用于应用间通信的多种通信方法之一,敏感(私有)信息可以从一个应用转移到另一个应用。这种泄漏可能是恶意的。在这种情况下,如果存在单个良性应用程序与其他共谋应用程序串通,则可以泄露私人信息。在这项正在进行的工作中,我们提出了一种新的基于模型检查的应用程序间合谋检测方法。提出的技术考虑到多个应用程序的同时分析。我们能够识别任何一组参与共谋的应用程序。为了评估我们的工具的有效性,我们开发了通过应用间通信表现出串通的Android应用程序。八组示范性的应用程序已经被贡献给广泛使用的名为DroidBench的测试数据集。我们的实验表明,所提出的技术可以准确地检测应用程序之间是否存在共谋。据我们所知,我们的提议比其他技术提高了检测能力。
{"title":"Detecting Inter-App Information Leakage Paths","authors":"S. Bhandari, F. Herbreteau, V. Laxmi, A. Zemmari, P. Roop, M. Gaur","doi":"10.1145/3052973.3055163","DOIUrl":"https://doi.org/10.1145/3052973.3055163","url":null,"abstract":"Sensitive (private) information can escape from one app to another using one of the multiple communication methods provided by Android for inter-app communication. This leakage can be malicious. In such a scenario, individual benign app, in collusion with other conspiring apps, if present, can leak the private information. In this work in progress, we present, a new model-checking based approach for inter-app collusion detection. The proposed technique takes into account simultaneous analysis of multiple apps. We are able to identify any set of conspiring apps involved in the collusion. To evaluate the efficacy of our tool, we developed Android apps that exhibit collusion through inter-app communication. Eight demonstrative sets of apps have been contributed to widely used test dataset named DroidBench. Our experiments show that proposed technique can accurately detect the presence/absence of collusion among apps. To the best of our knowledge, our proposal has improved detection capability than other techniques.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"22 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76236845","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
DroidForensics: Accurate Reconstruction of Android Attacks via Multi-layer Forensic Logging DroidForensics:通过多层取证日志准确重建Android攻击
Xingzi Yuan, Omid Setayeshfar, Hongfei Yan, Pranav Panage, Xuetao Wei, K. H. Lee
The goal of cyber attack investigation is to fully reconstruct the details of an attack, so we can trace back to its origin, and recover the system from the damage caused by the attack. However, it is often difficult and requires tremendous manual efforts because attack events occurred days or even weeks before the investigation and detailed information we need is not available anymore. Consequently, forensic logging is significantly important for cyber attack investigation. In this paper, we present DroidForensics, a multi-layer forensic logging technique for Android. Our goal is to provide the user with detailed information about attack behaviors that can enable accurate post-mortem investigation of Android attacks. DroidForensics consists of three logging modules. API logger captures Android API calls that contain high-level semantics of an application. Binder logger records interactions between applications to identify causal relations between processes, and system call logger efficiently monitors low-level system events. We also provide the user interface that the user can compose SQL-like queries to inspect an attack. Our experiments show that Droid Forensics has low runtime overhead (2.9% on average) and low space overhead (105 ~ 169 MByte during 24 hours) on real Android devices. It is effective in the reconstruction of realworld Android attacks we have studied.
网络攻击调查的目标是全面重建攻击的细节,从而追溯到攻击的起源,并从攻击造成的损害中恢复系统。然而,这通常是困难的,需要大量的手工工作,因为攻击事件发生在调查前几天甚至几周,我们需要的详细信息已经无法获得。因此,法医日志记录对网络攻击调查非常重要。在本文中,我们提出了DroidForensics,一种针对Android的多层取证日志技术。我们的目标是为用户提供有关攻击行为的详细信息,以便对Android攻击进行准确的事后调查。DroidForensics由三个日志模块组成。API记录器捕获包含应用程序高级语义的Android API调用。绑定记录器记录应用程序之间的交互,以确定进程之间的因果关系,系统调用记录器有效地监视低级系统事件。我们还提供了用户界面,用户可以编写类似sql的查询来检查攻击。我们的实验表明,在真实的Android设备上,Droid Forensics具有较低的运行时开销(平均2.9%)和较低的空间开销(24小时内105 ~ 169 MByte)。它在我们研究的真实世界的Android攻击重建中是有效的。
{"title":"DroidForensics: Accurate Reconstruction of Android Attacks via Multi-layer Forensic Logging","authors":"Xingzi Yuan, Omid Setayeshfar, Hongfei Yan, Pranav Panage, Xuetao Wei, K. H. Lee","doi":"10.1145/3052973.3052984","DOIUrl":"https://doi.org/10.1145/3052973.3052984","url":null,"abstract":"The goal of cyber attack investigation is to fully reconstruct the details of an attack, so we can trace back to its origin, and recover the system from the damage caused by the attack. However, it is often difficult and requires tremendous manual efforts because attack events occurred days or even weeks before the investigation and detailed information we need is not available anymore. Consequently, forensic logging is significantly important for cyber attack investigation. In this paper, we present DroidForensics, a multi-layer forensic logging technique for Android. Our goal is to provide the user with detailed information about attack behaviors that can enable accurate post-mortem investigation of Android attacks. DroidForensics consists of three logging modules. API logger captures Android API calls that contain high-level semantics of an application. Binder logger records interactions between applications to identify causal relations between processes, and system call logger efficiently monitors low-level system events. We also provide the user interface that the user can compose SQL-like queries to inspect an attack. Our experiments show that Droid Forensics has low runtime overhead (2.9% on average) and low space overhead (105 ~ 169 MByte during 24 hours) on real Android devices. It is effective in the reconstruction of realworld Android attacks we have studied.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"51 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77613814","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Control-Flow Hijacking: Are We Making Progress? 控制流劫持:我们在进步吗?
Mathias Payer
Memory corruption errors in C/C++ programs remain the most common source of security vulnerabilities in today's systems. Over the last 10+ years the security community developed several defenses [4]. Data Execution Prevention (DEP) protects against code injection -- eradicating this attack vector. Yet, control-flow hijacking and code reuse remain challenging despite wide deployment of Address Space Layout Randomization (ASLR) and stack canaries. These defenses are probabilistic and rely on information hiding. The deployed defenses complicate attacks, yet control-flow hijack attacks (redirecting execution to a location that would not be reached in a benign execution) are still prevalent. Attacks reuse existing gadgets (short sequences of code), often leveraging information disclosures to learn the location of the desired gadgets. Strong defense mechanisms have not yet been widely deployed due to (i) the time it takes to roll out a security mechanism, (ii) incompatibility with specific features, and (iii) performance overhead. In the meantime, only a set of low-overhead but incomplete mitigations has been deployed in practice. Control-Flow Integrity (CFI) [1,2] and Code-Pointer Integrity (CPI) [3] are two promising upcoming defense mechanisms, protecting against control-flow hijacking. CFI guarantees that the runtime control flow follows the statically determined control-flow graph. An attacker may reuse any of the valid transitions at any control-flow transfer. We compare a broad range of CFI mechanisms using a unified nomenclature based on (i) a qualitative discussion of the conceptual security guarantees, (ii) a quantitative security evaluation, and (iii)~an empirical evaluation of their performance in the same test environment. For each mechanism, we evaluate (i) protected types of control-flow transfers, (ii) the precision of the protection for forward and backward edges. For open-source compiler-based implementations, we additionally evaluate (iii) the generated equivalence classes and target sets, and (iv) the runtime performance. CPI on the other hand is a dynamic property that enforces selective memory safety through bounds checks for code pointers by separating code pointers from regular data.
C/ c++程序中的内存损坏错误仍然是当今系统中最常见的安全漏洞来源。在过去的10多年里,安全社区开发了几种防御措施。数据执行预防(DEP)防止代码注入——根除这种攻击向量。然而,尽管地址空间布局随机化(ASLR)和堆栈金丝雀得到了广泛部署,控制流劫持和代码重用仍然具有挑战性。这些防御是概率性的,依赖于信息隐藏。部署的防御使攻击复杂化,但控制流劫持攻击(将执行重定向到良性执行中无法到达的位置)仍然普遍存在。攻击重用现有的小工具(短代码序列),通常利用信息披露来了解所需小工具的位置。由于(i)推出安全机制需要时间,(ii)与特定功能不兼容,以及(iii)性能开销,强大的防御机制尚未得到广泛部署。与此同时,在实践中只部署了一组低开销但不完整的缓解措施。控制流完整性(CFI)[1,2]和代码指针完整性(CPI)[3]是两种很有前途的防御机制,可以防止控制流劫持。CFI保证运行时控制流遵循静态确定的控制流图。攻击者可以在任何控制流传输中重用任何有效的转换。我们使用统一的命名法,基于(i)对概念安全保证的定性讨论,(ii)定量安全评估,以及(iii)在相同测试环境中对其性能的经验评估,对广泛的CFI机制进行了比较。对于每种机制,我们评估(i)控制流传输的保护类型,(ii)向前和向后边缘保护的精度。对于基于开源编译器的实现,我们会额外评估(iii)生成的等价类和目标集,以及(iv)运行时性能。另一方面,CPI是一个动态属性,它通过将代码指针与常规数据分离,对代码指针进行边界检查,从而强制执行选择性内存安全。
{"title":"Control-Flow Hijacking: Are We Making Progress?","authors":"Mathias Payer","doi":"10.1145/3052973.3056127","DOIUrl":"https://doi.org/10.1145/3052973.3056127","url":null,"abstract":"Memory corruption errors in C/C++ programs remain the most common source of security vulnerabilities in today's systems. Over the last 10+ years the security community developed several defenses [4]. Data Execution Prevention (DEP) protects against code injection -- eradicating this attack vector. Yet, control-flow hijacking and code reuse remain challenging despite wide deployment of Address Space Layout Randomization (ASLR) and stack canaries. These defenses are probabilistic and rely on information hiding. The deployed defenses complicate attacks, yet control-flow hijack attacks (redirecting execution to a location that would not be reached in a benign execution) are still prevalent. Attacks reuse existing gadgets (short sequences of code), often leveraging information disclosures to learn the location of the desired gadgets. Strong defense mechanisms have not yet been widely deployed due to (i) the time it takes to roll out a security mechanism, (ii) incompatibility with specific features, and (iii) performance overhead. In the meantime, only a set of low-overhead but incomplete mitigations has been deployed in practice. Control-Flow Integrity (CFI) [1,2] and Code-Pointer Integrity (CPI) [3] are two promising upcoming defense mechanisms, protecting against control-flow hijacking. CFI guarantees that the runtime control flow follows the statically determined control-flow graph. An attacker may reuse any of the valid transitions at any control-flow transfer. We compare a broad range of CFI mechanisms using a unified nomenclature based on (i) a qualitative discussion of the conceptual security guarantees, (ii) a quantitative security evaluation, and (iii)~an empirical evaluation of their performance in the same test environment. For each mechanism, we evaluate (i) protected types of control-flow transfers, (ii) the precision of the protection for forward and backward edges. For open-source compiler-based implementations, we additionally evaluate (iii) the generated equivalence classes and target sets, and (iv) the runtime performance. CPI on the other hand is a dynamic property that enforces selective memory safety through bounds checks for code pointers by separating code pointers from regular data.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"33 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81014775","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Session details: Malware & Machine Learning 1 会议详情:恶意软件与机器学习
I. Martinovic
{"title":"Session details: Malware & Machine Learning 1","authors":"I. Martinovic","doi":"10.1145/3248557","DOIUrl":"https://doi.org/10.1145/3248557","url":null,"abstract":"","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"14 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81656989","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Session details: Mobile Security 2 会议详情:移动安全
Andrew J. Paverd
{"title":"Session details: Mobile Security 2","authors":"Andrew J. Paverd","doi":"10.1145/3248561","DOIUrl":"https://doi.org/10.1145/3248561","url":null,"abstract":"","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"94 3 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87671672","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications 合谋数据泄露等:应用间通信的大规模威胁分析
Amiangshu Bosu, Fang Liu, D. Yao, G. Wang
Inter-Component Communication (ICC) provides a message passing mechanism for data exchange between Android applications. It has been long believed that inter-app ICCs can be abused by malware writers to launch collusion attacks using two or more apps. However, because of the complexity of performing pairwise program analysis on apps, the scale of existing analyses is too small (e.g., up to several hundred) to produce concrete security evidence. In this paper, we report our findings in the first large-scale detection of collusive and vulnerable apps, based on inter-app ICC data flows among 110,150 real-world apps. Our system design aims to balance the accuracy of static ICC resolution/data-flow analysis and run-time scalability. This large-scale analysis provides real-world evidence and deep insights on various types of inter-app ICC abuse. Besides the empirical findings, we make several technical contributions, including a new open-source ICC resolution tool with improved accuracy over the state-of-the-art, and a large database of inter-app ICCs and their attributes.
组件间通信(Inter-Component Communication, ICC)为Android应用程序之间的数据交换提供了一种消息传递机制。长期以来,人们一直认为,恶意软件编写者可能会滥用应用程序间的icc,利用两个或更多应用程序发动串通攻击。然而,由于在应用程序上执行成对程序分析的复杂性,现有分析的规模太小(例如,多达几百个),无法产生具体的安全证据。在本文中,我们报告了我们在第一次大规模检测串通和易受攻击的应用程序中的发现,基于110,150个现实世界应用程序的应用间ICC数据流。我们的系统设计旨在平衡静态ICC分辨率/数据流分析的准确性和运行时可扩展性。这种大规模的分析提供了真实世界的证据和对各种类型的应用程序间滥用ICC的深刻见解。除了实证研究结果,我们还在技术上做出了一些贡献,包括一个新的开源ICC分辨率工具,该工具的精度比最新技术更高,以及一个大型的应用程序间ICC及其属性数据库。
{"title":"Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications","authors":"Amiangshu Bosu, Fang Liu, D. Yao, G. Wang","doi":"10.1145/3052973.3053004","DOIUrl":"https://doi.org/10.1145/3052973.3053004","url":null,"abstract":"Inter-Component Communication (ICC) provides a message passing mechanism for data exchange between Android applications. It has been long believed that inter-app ICCs can be abused by malware writers to launch collusion attacks using two or more apps. However, because of the complexity of performing pairwise program analysis on apps, the scale of existing analyses is too small (e.g., up to several hundred) to produce concrete security evidence. In this paper, we report our findings in the first large-scale detection of collusive and vulnerable apps, based on inter-app ICC data flows among 110,150 real-world apps. Our system design aims to balance the accuracy of static ICC resolution/data-flow analysis and run-time scalability. This large-scale analysis provides real-world evidence and deep insights on various types of inter-app ICC abuse. Besides the empirical findings, we make several technical contributions, including a new open-source ICC resolution tool with improved accuracy over the state-of-the-art, and a large database of inter-app ICCs and their attributes.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"18 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86761991","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 124
Session details: Encryption 会话详细信息:加密
Di Ma
{"title":"Session details: Encryption","authors":"Di Ma","doi":"10.1145/3248551","DOIUrl":"https://doi.org/10.1145/3248551","url":null,"abstract":"","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"109 3 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79418526","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Session details: Side Channel Attacks 会话详细信息:侧通道攻击
Hoda A. Khezaimy
{"title":"Session details: Side Channel Attacks","authors":"Hoda A. Khezaimy","doi":"10.1145/3248562","DOIUrl":"https://doi.org/10.1145/3248562","url":null,"abstract":"","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"102 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75706761","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Secure Integration of Web Content and Applications on Commodity Mobile Operating Systems 商品移动操作系统上Web内容和应用程序的安全集成
Drew Davidson, Yaohui Chen, F. George, Long Lu, S. Jha
A majority of today's mobile apps integrate web content of various kinds. Unfortunately, the interactions between app code and web content expose new attack vectors: a malicious app can subvert its embedded web content to steal user secrets; on the other hand, malicious web content can use the privileges of its embedding app to exfiltrate sensitive information such as the user's location and contacts. In this paper, we discuss security weaknesses of the interface between app code and web content through attacks, then introduce defenses that can be deployed without modifying the OS. Our defenses feature WIREframe, a service that securely embeds and renders external web content in Android apps, and in turn, prevents attacks between em- bedded web and host apps. WIREframe fully mediates the interface between app code and embedded web content. Un- like the existing web-embedding mechanisms, WIREframe allows both apps and embedded web content to define simple access policies to protect their own resources. These policies recognize fine-grained security principals, such as origins, and control all interactions between apps and the web. We also introduce WIRE (Web Isolation Rewriting Engine), an offline app rewriting tool that allows app users to inject WIREframe protections into existing apps. Our evaluation, based on 7166 popular apps and 20 specially selected apps, shows these techniques work on complex apps and incur acceptable end-to-end performance overhead.
今天的大多数移动应用程序都集成了各种各样的网络内容。不幸的是,应用程序代码和网页内容之间的交互暴露了新的攻击媒介:恶意应用程序可以破坏其嵌入的网页内容以窃取用户机密;另一方面,恶意的网络内容可以利用其嵌入的应用程序的特权来泄露用户的位置和联系人等敏感信息。在本文中,我们通过攻击讨论了应用程序代码和web内容之间的接口的安全弱点,然后介绍了无需修改操作系统即可部署的防御措施。我们的防御功能是WIREframe,一种在Android应用程序中安全地嵌入和呈现外部web内容的服务,反过来,防止嵌入式web和主机应用程序之间的攻击。线框完全协调了应用程序代码和嵌入式web内容之间的接口。与现有的web嵌入机制不同,WIREframe允许应用程序和嵌入的web内容定义简单的访问策略来保护它们自己的资源。这些策略识别细粒度的安全原则,例如来源,并控制应用程序和web之间的所有交互。我们还介绍了WIRE (Web Isolation重写引擎),这是一个离线应用重写工具,允许应用用户将线框保护注入到现有应用中。我们基于7166个流行应用程序和20个特别挑选的应用程序进行了评估,结果显示,这些技术在复杂的应用程序上也能起作用,并且会产生可接受的端到端性能开销。
{"title":"Secure Integration of Web Content and Applications on Commodity Mobile Operating Systems","authors":"Drew Davidson, Yaohui Chen, F. George, Long Lu, S. Jha","doi":"10.1145/3052973.3052998","DOIUrl":"https://doi.org/10.1145/3052973.3052998","url":null,"abstract":"A majority of today's mobile apps integrate web content of various kinds. Unfortunately, the interactions between app code and web content expose new attack vectors: a malicious app can subvert its embedded web content to steal user secrets; on the other hand, malicious web content can use the privileges of its embedding app to exfiltrate sensitive information such as the user's location and contacts. In this paper, we discuss security weaknesses of the interface between app code and web content through attacks, then introduce defenses that can be deployed without modifying the OS. Our defenses feature WIREframe, a service that securely embeds and renders external web content in Android apps, and in turn, prevents attacks between em- bedded web and host apps. WIREframe fully mediates the interface between app code and embedded web content. Un- like the existing web-embedding mechanisms, WIREframe allows both apps and embedded web content to define simple access policies to protect their own resources. These policies recognize fine-grained security principals, such as origins, and control all interactions between apps and the web. We also introduce WIRE (Web Isolation Rewriting Engine), an offline app rewriting tool that allows app users to inject WIREframe protections into existing apps. Our evaluation, based on 7166 popular apps and 20 specially selected apps, shows these techniques work on complex apps and incur acceptable end-to-end performance overhead.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"2009 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82590569","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Session details: Malware & Machine Learning 2 会议详情:恶意软件与机器学习
R. Deng
{"title":"Session details: Malware & Machine Learning 2","authors":"R. Deng","doi":"10.1145/3248559","DOIUrl":"https://doi.org/10.1145/3248559","url":null,"abstract":"","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"52 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82747299","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
期刊
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1