• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>International Conference on Malicious and Unwanted Software >PRAST: Using Logic Bombs to Exploit the Android Permission Model and a Module Based Solution
【24h】

PRAST: Using Logic Bombs to Exploit the Android Permission Model and a Module Based Solution

机译:PRAST:使用逻辑炸弹利用Android权限模型和基于模块的解决方案

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Android security implements a permission model to protect a user's most sensitive data. These permissions regulate an app's access to different aspects of the device, however, a fatal flaw of Android's permission model is that it relies on the discretion of the user to determine which apps are granted permissions and which are not with limited assistance in their choice from the device. As a result, a specialized type of malware known as a logic bomb has affected Android devices. These logic bombs are designed to execute malicious code when activated by triggers, and can be designed to take advantage of users who poorly vet their applications or even hide themselves inside applications that appear to be benign. On Android, logic bombs usually carry out malicious intent by violating permissions, using a permission for some activity the user never intended. We have found 18 different permissions that applications can violate to carry out some form of malicious intent, and have developed an app, called HyenaDroid, to violate each of these permissions and create logic bombs. This provides evidence that the current Android security revolving around permissions is in need of either an update to the permissions model, or an additional system to assist the user with navigating the Android permissions model. Our research also proposes such a system, PRAST. PRAST is designed as a modular system, combining a level of efficiency that can be run during the download on an Android device, along with the effectiveness and accuracy of external analysis systems.
机译:Android安全性实现了一种权限模型来保护用户最敏感的数据。这些权限会限制应用对设备不同方面的访问,但是,Android权限模型的一个致命缺陷是,它取决于用户的判断力来确定哪些应用被授予了权限,哪些应用在选择方面没有受到有限的帮助装置。结果,一种称为逻辑炸弹的特殊类型的恶意软件已经影响了Android设备。这些逻辑炸弹旨在通过触发器激活后执行恶意代码,并且可以利用恶意审查其应用程序甚至将自己隐藏在看似良性的应用程序中的用户加以利用。在Android上,逻辑炸弹通常通过违反权限来使用恶意行为,使用用户从未打算进行的某些活动的权限。我们发现了18种不同的权限,应用程序可能会违反18种权限来执行某种形式的恶意意图,并开发了一种名为HyenaDroid的应用程序来违反这些权限并创建逻辑炸弹。这提供了证据,表明当前围绕权限的Android安全性需要更新权限模型,或者需要其他系统来帮助用户浏览Android权限模型。我们的研究还提出了PRAST这样的系统。 PRAST被设计为模块化系统,结合了可以在Android设备上下载期间运行的效率水平,以及外部分析系统的有效性和准确性。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号