12 0

Ghost installer in the shadow: Security analysis of app installation on android

Title
Ghost installer in the shadow: Security analysis of app installation on android
Author
이연준
Issue Date
2017-06
Publisher
IEEE
Citation
2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Page. 403-414
Abstract
Android allows developers to build apps with app installation functionality themselves with minimal restriction and support like any other functionalities. Given the critical importance of app installation, the security implications of the approach can be significant. This paper reports the first systematic study on this issue, focusing on the security guarantees of different steps of the App Installation Transaction (AIT). We demonstrate the serious consequences of leaving AIT development to individual developers: most installers (e.g., Amazon AppStore, DTIgnite, Baidu) are riddled with various security-critical loopholes, which can be exploited by attackers to silently install any apps, acquiring dangerous-level permissions or even unauthorized access to system resources. Surprisingly, vulnerabilities were found in all steps of AIT. The attacks we present, dubbed Ghost Installer Attack (GIA), are found to pose a realistic threat to Android ecosystem. Further, we developed both a user-app-level and a system-level defense that are innovative and practical.
URI
https://ieeexplore.ieee.org/document/8023140http://repository.hanyang.ac.kr/handle/20.500.11754/121594
ISSN
2158-3927
DOI
10.1109/DSN.2017.33
Appears in Collections:
COLLEGE OF COMPUTING[E] > COMPUTER SCIENCE(소프트웨어학부) > Articles
Files in This Item:
There are no files associated with this item.
Export
RIS (EndNote)
XLS (Excel)
XML


qrcode

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

BROWSE