ZHANG Wen, SU Ningning, NIU Shaozhang, et al., “A Novel Hotfix Scheme for System Vulnerability Based on the Android Application Layer,” Chinese Journal of Electronics, vol. 28, no. 2, pp. 408-415, 2019, doi: 10.1049/cje.2019.01.002
Citation: ZHANG Wen, SU Ningning, NIU Shaozhang, et al., “A Novel Hotfix Scheme for System Vulnerability Based on the Android Application Layer,” Chinese Journal of Electronics, vol. 28, no. 2, pp. 408-415, 2019, doi: 10.1049/cje.2019.01.002

A Novel Hotfix Scheme for System Vulnerability Based on the Android Application Layer

doi: 10.1049/cje.2019.01.002
Funds:  This work is supported by the National Natural Science Foundation of China (No.U1536121,No.61370195)
More Information
  • Corresponding author: NIU Shaozhang (corresponding author) was born in 1963, is a professor of School of Computer Science, Beijing University of Posts and Telecommunications, Beijing, China. His research interests include steganography, digital forensics and information security. (Email:szniu@bupt.edu.cn)
  • Received Date: 2018-09-25
  • Rev Recd Date: 2018-12-20
  • Publish Date: 2019-03-10
  • At present, fixing Android system vulnerabilities relies on official Android support and various equipment manufacturers, and it is mainly implemented by system upgrades. This situation causes many problems, such as high costs and delayed fixing of vulnerabilities. This study is performed to design a novel fixing policy construction model targeting Android system vulnerabilities, which can be used for vulnerability feature quantification and fixing policy customization. On this basis, a novel security vulnerability solution called DroidHFix is proposed and implemented. This solution constructs security policies and loads security policy files during the risky application startup. The system helps to fix Android system vulnerabilities dynamically and defend against attacks on the risky application depending on system vulnerability exploitation. Experimental results show that DroidHFix fixes the Android system vulnerabilities effectively, with good performance and compatibility.
  • loading
  • Internet Society of China, “China Mobile Internet development and security reports(2017)”. 2017.
    OpenSignal. Android Fragmentation 2015. 2015.
    Wang K, Zhang Y and Liu P, “Call me back!: Attacks on system server and system apps in android through synchronous callback”, ACM Sigsac Conference on Computer and Communications Security, ACM, pp.92-103, 2016.
    Zhang X, Aafer Y, Ying K, et al., “Hey, you, get off of my image: Detecting data residue in android images”, European Symposium on Research in Computer Security, Springer International Publishing: pp.401-421, 2016.
    Aafer Y, Zhang X and Du W, “Harvesting inconsistent security configurations in custom android ROMs via differential analysis”, USENIX Security Symposium, pp.1153-1168, 2016.
    Sounthiraraj D, Sahs J, Greenwood G, et al., “SMVHUNTER: Large scale, automated detection of SSL/TLS man-in-the-middle vulnerabilities in android apps”, Network and Distributed System Security Symposium, 2014.
    Chen Yue, “Adaptive android kernel live patching”, Usenix Security, 2017.
    Zhang H., She D. and Qian Z., “Android ION hazard: The curse of customizable memory management system”, ACM Sigsac Conference on Computer and Communications Security, pp.1663-1674, 2016.
    Zhang X, et al., “Embroidery: Patching vulnerable binary code of fragmentized android devices”, IEEE International Conference on Software Maintenance and Evolution IEEE, pp.47-57, 2017.
    Huang H., Zhu S., Chen K., et al., “From system services freezing to system server shutdown in android: All you need is a loop in an app” ACM Sigsac Conference on Computer and Communications Security, ACM, pp.1236-1247, 2015.
    Lee B, Lu L, Wang T, et al., “From Zygote to Morula: Fortifying Weakened ASLR on Android”, Security and Privacy, IEEE, pp.424-439, 2014.
    Xu W, Li J, Shu J, et al., “From collision to exploitation: Unleashing use-after-free vulnerabilities in Linux kernel”, ACM Conference on Computer and Communications Security, pp.414-425, 2015.
    Fang Z, Han W and Li Y, “Permission based android security: Issues and countermeasures”, Computers & Security, Vol.43, No.6, pp.205-218, 2014.
    Aafer Y, Zhang N, Zhang Z, et al., “Hare hunting in the wild android: A study on the threat of hanging attribute references”, ACM Sigsac Conference on Computer and Communications Security, ACM, pp.1248-1259, 2015.
    http://cve.mitre.org/
    Google. Android Security Official, https://source.android.com/security/advisory/.
    Zhang Y, Li Z, Dong G, et al., “Novel taxonomy of security weakness in source code based on three-dimension tree model”, Computer Science, Vol.43, No.5, pp.76-79, 2016.
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Article Metrics

    Article views (583) PDF downloads(186) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return