Permission re-delegation: attacks and defenses 论文

2011引用 467
Advanced Malware Detection TechniquesSecurity and Verification in ComputingWeb Application Security Vulnerabilities
网络安全Security and Verification in ComputingAdvanced Malware Detection TechniquesWeb Application Security Vulnerabilities
相关技术:Advanced Malware Detection Techniques
关系图谱

5

作者

1

相关技术

0

相关事件

0

相关文章

摘要

Modern browsers and smartphone operating systems treat applications as mutually untrusting, potentially malicious principals. Applications are (1) isolated except for explicit IPC or inter-application communication channels and (2) unprivileged by default, requiring user permission for additional privileges. Although inter-application communication supports useful collaboration, it also introduces the risk of permission redelegation. Permission re-delegation occurs when an application with permissions performs a privileged task for an application without permissions. This undermines the requirement that the user approve each application’s access to privileged devices and data. We discuss permission re-delegation and demonstrate its risk by launching real-world attacks on Android system applications; several of the vulnerabilities have been confirmed as bugs. We discuss possible ways to address permission redelegation and present IPC Inspection, a new OS mechanism for defending against permission re-delegation. IPC Inspection prevents opportunities for permission redelegation by reducing an application’s permissions after it receives communication from a less privileged application. We have implemented IPC Inspection for a browser and Android, and we show that it prevents the attacks we found in the Android system applications. 1

作者查看全部 (5)

E

Erika Chin

S

Steven Hanna

A

Alexander Moshchuk

H

Helen J. Wang

相关技术查看全部 (1)

Advanced Malware Detection Techniques

相关事件

暂无数据

相关文章

暂无数据