Full metadata record
DC Field | Value | Language |
---|---|---|
dc.contributor.author | 이연준 | - |
dc.date.accessioned | 2020-01-07T04:34:49Z | - |
dc.date.available | 2020-01-07T04:34:49Z | - |
dc.date.issued | 2017-06 | - |
dc.identifier.citation | 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Page. 403-414 | en_US |
dc.identifier.issn | 2158-3927 | - |
dc.identifier.uri | https://ieeexplore.ieee.org/document/8023140 | - |
dc.identifier.uri | https://repository.hanyang.ac.kr/handle/20.500.11754/121594 | - |
dc.description.abstract | Android allows developers to build apps with app installation functionality themselves with minimal restriction and support like any other functionalities. Given the critical importance of app installation, the security implications of the approach can be significant. This paper reports the first systematic study on this issue, focusing on the security guarantees of different steps of the App Installation Transaction (AIT). We demonstrate the serious consequences of leaving AIT development to individual developers: most installers (e.g., Amazon AppStore, DTIgnite, Baidu) are riddled with various security-critical loopholes, which can be exploited by attackers to silently install any apps, acquiring dangerous-level permissions or even unauthorized access to system resources. Surprisingly, vulnerabilities were found in all steps of AIT. The attacks we present, dubbed Ghost Installer Attack (GIA), are found to pose a realistic threat to Android ecosystem. Further, we developed both a user-app-level and a system-level defense that are innovative and practical. | en_US |
dc.description.sponsorship | We thank our reviewers for their valuable comments. This work was supported in part by National Science Foundation under grants 1223477, 1223495, 1527141, 1618493. Kai Chen was supported in part by NSFC U1536106, 61100226, Youth Innovation Promotion Association CAS, and strategic priority research program of CAS (XDA06010701). Yeonjoon Lee thanks Samsung Research America for supporting this project during his internship. | en_US |
dc.language.iso | en_US | en_US |
dc.publisher | IEEE | en_US |
dc.title | Ghost installer in the shadow: Security analysis of app installation on android | en_US |
dc.type | Article | en_US |
dc.identifier.doi | 10.1109/DSN.2017.33 | - |
dc.relation.page | 403-414 | - |
dc.contributor.googleauthor | Lee, Yeonjoon | - |
dc.contributor.googleauthor | Li, Tongxin | - |
dc.contributor.googleauthor | Zhang, Nan | - |
dc.contributor.googleauthor | Demetriou, Soteris | - |
dc.contributor.googleauthor | Zha, Mingming | - |
dc.contributor.googleauthor | Wang, XiaoFeng | - |
dc.contributor.googleauthor | Chen, Kai | - |
dc.contributor.googleauthor | Zhou, Xiaoyong | - |
dc.contributor.googleauthor | Han, Xinhui | - |
dc.contributor.googleauthor | Grace, Michael | - |
dc.relation.code | 20170167 | - |
dc.sector.campus | E | - |
dc.sector.daehak | COLLEGE OF COMPUTING[E] | - |
dc.sector.department | DIVISION OF COMPUTER SCIENCE | - |
dc.identifier.pid | yeonjoonlee | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.