一种基于Android系统漏洞的通用攻击模型

doi:10.11959/j.issn.1000-0801.2016254

Telecommunications Science ›› 2016, Vol. 32 ›› Issue (10): 42-49.doi: 10.11959/j.issn.1000-0801.2016254

• Topic: terminal security based on Android system • Previous Articles Next Articles

A general attack model based on Android system vulnerability

Xihai DENG,Weimiao FENG,Luping MA,Ying LI

Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China

Online:2016-10-15 Published:2017-04-27
Supported by:
Strategy Pilot Project of Chinese Academy of Sciences

Abstract

Abstract:

Various kinds of vulnerabilities in Android system bring great threats to the platform. The vulnerability exploitation technology,the security of mobile operating systems and the security of Android ecosystem have become a research focus in both industry and academia. The exploitation of several typical system vulnerabilities was analyzed, a general model of Android system vulnerability exploitation was proposed, and a novel evaluation framework for the effectiveness of vulnerability exploitation was presented. The experiment result shows that the general model is able to accurately describe the process of hacker attacks using Android system vulnerabilities. Furthermore, the evaluation framework can assess the influence of system vulnerabilities on the security of Android ecosystem.

Key words: Android operating system, system vulnerability, vulnerability exploitation, effectiveness evaluation

Xihai DENG,Weimiao FENG,Luping MA,Ying LI. A general attack model based on Android system vulnerability[J]. Telecommunications Science, 2016, 32(10): 42-49.

Figures/Tables 8

References 9

[1]	GARTNER . Gartner says worldwide smart phone sales grew 3.9 percent in first quarter of 2016[EB/OL]. (2016-05-19]) [2016-07-01]. .
[2]	CVE. Google android vulnerability statistics[EB/OL]. (2016-07-29]) [2016-07-29]. .
[3]	张嘉宾 . Android 应用的安全性研究[J]. 北京：北京邮电大学， 2013. ZHANG J B . Security research of the Android Apps[J]. Beijing:Beijing University of Posts and Telecommunications, 2013.
[4]	WEI X , GOMEZ L , NEAMTIU I , et al. Permission evolution in the android ecosystem[C]// 28th Annual Computer Security Applications Conference, Dec 3-7,2012, Orlando, Florida, USA. New York:ACM Press, 2012:31-40.
[5]	THOMAS D R , BERESFORD A R , RICE A . Security metrics for the android ecosystem[C]// 5th Annual ACM CCS Workshopon Security and Privacy in Smartphones and Mobile Devices, October 12-15,2015, Denver, Colorado, USA. New York:ACM Press, 2015:87-98.
[6]	CVE. Calculating the score[EB/OL]. [2016-07-29]. .
[7]	Android-VTS. Android vulnerability test suite[EB/OL]. [2016-07-29]. .
[8]	PERLA E , OLDANI M . A guide to Kernel exploitation:attacking the core[M]. New York:Syngress Publishing, 2010.
[9]	蒋绍林，王金双，张涛，等. Android 安全研究综述[J]. 计算机应用与软件， 2012,29(10):205-210. JIANG S L , WANG J S , ZHANG T , et al. Overview of the Android safety research[J]. Computer Application and Software, 2012,29(10):205-210.

Metrics

Recommended 0

No Suggested Reading articles found!

漏洞编号	受影响Android版本	实际验证终端数量/台	威胁等级
CVE-2015-3864	5.0～5.1	3	远程执行代码
CVE-2014-7911/2014-4322	4.4.4以下版本	15	提权至root
CVE-2013-6282	2.x～4.3	11	提权至root

漏洞编号	依赖系数D	实施复杂度C	漏洞利用覆盖范围F	威胁等级S	V-A有效性评估E=D×（1-C）×F×S
CVE-2013-6282	1	0.5	11/28	10	1.96
CVE-2015-3864	1	0.5	3/28	8	0.42
CVE-2014-7911/2014-4322	0.5	0.5	15/28	10	1.33

A general attack model based on Android system vulnerability

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 8

References 9

Related Articles 1

Metrics

Recommended 0