Using IM-Visor to stop untrusted IME apps from stealing sensitive keystrokes  

作　　者：Chen Tian Yazhe Wang Peng Liu Qihui Zhou Chengyi Zhang 

机构地区：[1]State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,People’s Republic of China [2]School of Cyber Security,University of Chinese Academy of Sciences,Beijing,People’s Republic of China [3]College of Information Sciences and Technology,Pennsylvania State University,University Park 16802,PA,USA

出　　处：《Cybersecurity》2018年第1期143-159,共17页网络空间安全科学与技术（英文）

基　　金：supported by the National Key Research and Development Program of China NO.2017YFB0801900;Youth Innovation Promotion Association of CAS;supported by NSF CNS-1422594,NSF CNS-1505664,and NSF SBE-1422215(social).

摘　　要：Third-party IME(Input Method Editor)apps are often the preference means of interaction for Android users’input.In this paper,we first discuss the insecurity of IME apps,including the Potentially Harmful Apps(PHAs)and malicious IME apps,which may leak users’sensitive keystrokes.The current defense system,such as I-BOX,is vulnerable to the prefix substitution attack and the colluding attack due to the post-IME nature.We provide a deeper understanding that all the designs with the post-IME nature are subject to the prefix-substitution and colluding attacks.To remedy the above post-IME system’s flaws,we propose a new idea,pre-IME,which guarantees that“Is this touch event a sensitive keystroke?”analysis will always access user touch events prior to the execution of any IME app code.We design an innovative TrustZone-based framework named IM-Visor which has the pre-IME nature.Specifically,IM-Visor creates the isolation environment named STIE as soon as a user intends to type on a soft keyboard,then the STIE intercepts,Android event sub translates and analyzes the user’s touch input.If the input is sensitive,the translation of keystrokes will be delivered to user apps through a trusted path.Otherwise,IM-Visor replays non-sensitive keystroke touch events for IME apps or replays non-keystroke touch events for other apps.A prototype of IM-Visor has been implemented and tested with several most popular IMEs.The experimental results show that IM-Visor has small runtime overheads.

关 键 词：TRUSTZONE Android app security User privacy 

分 类 号：TP3[自动化与计算机技术—计算机科学与技术]