دانلود رایگان مقاله انگلیسی تجزیه و تحلیل و کاهش عوامل خطر برنامه های آندروید - الزویر 2018

عنوان فارسی
تجزیه و تحلیل و کاهش عوامل خطر برنامه های آندروید
عنوان انگلیسی
A survey of Android exploits in the wild
صفحات مقاله فارسی
0
صفحات مقاله انگلیسی
21
سال انتشار
2018
نشریه
الزویر - Elsevier
فرمت مقاله انگلیسی
PDF
نوع مقاله
ISI
نوع نگارش
مقالات پژوهشی (تحقیقاتی)
رفرنس
دارد
پایگاه
اسکوپوس
کد محصول
E10140
رشته های مرتبط با این مقاله
مهندسی کامپیوتر، فناوری اطلاعات
گرایش های مرتبط با این مقاله
مهندسی نرم افزار
مجله
کامپیوترها و امنیت - Computers & Security
دانشگاه
Institute for Infocomm Research - Agency for Science - Technology and Research - Singapore
کلمات کلیدی
اندروید، امنیت موبایل، تشدید امتیازات، بهره برداری، نظر سنجی
doi یا شناسه دیجیتال
https://doi.org/10.1016/j.cose.2018.02.019
۰.۰ (بدون امتیاز)
امتیاز دهید
چکیده

ABSTRACT


The Android operating system has been dominating the mobile device market in recent years. Although Android has actively strengthened its security mechanisms and fixed a great number of vulnerabilities as its version evolves, new vulnerabilities still keep emerging. Vulnerability exploitation is a common way to achieve privilege escalation on Android systems. In order to provide a holistic and comprehensive understanding of the exploits, we conduct a survey of publicly available 63 exploits for Android devices in this paper. Based on the analysis of the collected real-world exploits, we construct a taxonomy on Android exploitation and present the similarities/differences and strength/weakness of different types of exploits. On the other hand, we conduct an evaluation on a group of selected exploits on our test devices. Based on both the theoretical analysis and the experimental results of the evaluation, we present our insight into the Android exploitation. The growth of exploit categories along the timeline reflects three trends: (1) the individual exploits are more device specific and operating system version specific; (2) exploits targeting vendors’ customization grow steadily where the increase of other types of exploits slows down; and (3) memory corruption gradually becomes the primary approach to initiate exploitation.

نتیجه گیری

Conclusion


In this paper, we did a survey of publicly released Android exploits and proposed a taxonomy of Android exploits from multiple perspectives by analyzing the collected real-world exploits and conducting an evaluation of these exploits on a set of devices. We analyzed the characteristics of each category and presented the trend view of the Android exploits along the timeline from the technical perspective based on the exploit data. We also shared our discussion and outlook gained from the observation of evaluation.


بدون دیدگاه