检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:Xiaobo Xiang Yue Jiang Qingli Guo Xiu Zhang Xiaorui Gong Baoxu Liu
机构地区:[1]School of Cyber Security,University of Chinese Academy of Sciences,Beijing,China [2]Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China
出 处:《Cybersecurity》2023年第4期182-200,共19页网络空间安全科学与技术(英文)
基 金:This work was supported by the Strategic Priority Research Program of Chinese Academy of Sciences(No.XDC02040100).
摘 要:Statistics show that more than 80 applications are installed on each android smartphone.Vulnerability research on Android applications is of critical importance.Recently,academic researchers mainly focus on single bug patterns,while few of them investigate the relations between multiple bugs.Industrial researchers proposed a series of logic exploit chains leveraging multiple logic bugs.However,there is no general model to evaluate the chaining abilities between bugs.This paper presents a formal model to elucidate the relations between multiple bugs in Android applications.To prove the effectiveness of the model,we design and implement a prototype system named AppChainer.AppChainer automatically identifies attack surfaces of Android applications and investigates whether the payloads entering these attack surfaces are“chainable”.Experimental results on 2138 popular Android applications show that AppChainer is effective in identifying and chaining attacker-controllable payloads.It identifies 14467 chainable payloads and constructs 5458 chains both inside a single application and among various applications.The time cost and resource consumption of AppChainer are also acceptable.For each application,the average analysis time is 317 s,and the average memory consumed is 2368 MB.Compared with the most relevant work Jandroid,the experiment results on our custom DroidChainBench show that AppChainer outperforms Jandroid at the precision rate and performs equally with Jandroid at the recall rate.
关 键 词:Android security Vulnerability exploit Payload chain
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.222