| Recent years, mobile Internet has gain its tremendous development changing the way of people’s lives dramatically especially after 2008. Many could be done on the Internet, online news, shopping online, online payment, etc. can be done on the smart phones. Smart phones are playing more and more important role in people’s daily lives. The development of smart phone is due to the evolvement of mobile operating system. Android OS of Google has gain the fastest development among the smart phone OSs. It starts from none and occupies more than 70% share of the market from 2008 to now. Recently, it develops even faster and becomes the biggest store in the world with the most applications and developers. The enrichment of people’s lives, the change of lifestyle and way of thinking and the usability of phone are all well presented by all kinds of Android applications. However, like two sides of a corn, there are many security problems along with these convenience. Poorly designed apps maybe exploited by hackers, which is able to wiretap or steal the account of banks. People have to worry about the trash message and the security of their information.A measured should be taken to eliminate the worry and bother of the users according to the features of Android framework. In Android framework, permission management is very important which plays a virtual role of Android security framework. However, because of the design of permission management, lots of apps are easy to be affected leading to the leak of permissions which could lead to unauthorized data access and other operations because of which the information is stolen. Confused deputy attack is a very common manner of privilege escalation attack.Confused deputy attack was well studied on traditional PC platform, however, on Android, it haven’t been studied well rather than mature detection system. Currently, there is a coarse way of detecting by analyzing the manifest file of the app. But this approach has a rather high false positive ratio for the absence of binary analysis.One of the main contributions of this work is the new detection algorithm with binary analysis based on manifest file analyzing. Firstly, the control flow graph of inter and intra components of Android apps is constructed based on which the checking algorithm is designed. Secondly, the checking algorithm check whether there is a path from the entry to unauthorized invoke and if a dynamic permission check function is called. This detection algorithm reduces the false positive ration for that it is able to recognize the case with an exported component which is detected as vulnerable in manifest analysis and without an unauthorized operation.Another one of the main contributions of this work is the design of an online detection system which is able to detect the Android app and return to the user the result. The app needs to be uploaded to detect or query from the detected results. We tested the system with 7190 apps from HiApk and Anzhi market. The result shows that the system is able to handle large scale of detection. We checked part of the tested apps manually at the same time and the result were same. |
PDF Full Text Request