Reference Hijacking: Patching, Protecting and Analyzing on Unmodified and Non-Rooted Android Devices.

Saved in:
Bibliographic Details
Title: Reference Hijacking: Patching, Protecting and Analyzing on Unmodified and Non-Rooted Android Devices.
Authors: Wei You1,2 youwei@ruc.edu.cn, Bin Liang1,2 liangb@ruc.edu.cn, Wenchang Shi1,2 wenchang@ruc.edu.cn, Shuyang Zhu1,2 zhushuyang@ruc.edu.cn, Peng Wang1,2 pengwang@ruc.edu.cn, Sikefu Xie1,2 decadall@ruc.edu.cn, Xiangyu Zhang3 xyzhang@cs.purdue.edu
Source: ICSE: International Conference on Software Engineering. 5/14/2016, p959-970. 12p.
Subjects: Software engineering, Mobile operating systems, Android (Operating system), Hijacking, Communication, Security systems
Abstract: Many efforts have been paid to enhance the security of Android. However, less attention has been given to how to practically adopt the enhancements on off-the-shelf devices. In particular, securing Android devices often requires modifying their write-protected underlying system component files (especially the system libraries) by flashing or rooting devices, which is unacceptable in many realistic cases. In this paper, a novel technique, called reference hijacking, is presented to address the problem. By introducing a specially designed reset procedure, a new execution environment is constructed for the target application, in which the reference to the underlying system libraries will be redirected to the securityenhanced alternatives. The technique can be applicable to both the Dalvik and Android Runtime (ART) environments and to almost all mainstream Android versions (2.x to 5.x). To demonstrate the capability of reference hijacking, we develop three prototype systems, PatchMan, ControlMan, and TaintMan, to enforce specific security enhancements, involving patching vulnerabilities, protecting inter-component communications, and performing dynamic taint analysis for the target application. These three prototypes have been successfully deployed on a number of popular Android devices from different manufacturers, without modifying the underlying system. The evaluation results show that they are effective and do not introduce noticeable overhead. They strongly support that reference hijacking can substantially improve the practicability of many security enhancement efforts for Android. [ABSTRACT FROM AUTHOR]
Copyright of ICSE: International Conference on Software Engineering is the property of Association for Computing Machinery and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
FullText Links:
  – Type: pdflink
Text:
  Availability: 0
Header DbId: egs
DbLabel: Engineering Source
An: 125519997
AccessLevel: 6
PubType: Conference
PubTypeId: conference
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: Reference Hijacking: Patching, Protecting and Analyzing on Unmodified and Non-Rooted Android Devices.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Wei+You%22">Wei You</searchLink><relatesTo>1,2</relatesTo><i> youwei@ruc.edu.cn</i><br /><searchLink fieldCode="AR" term="%22Bin+Liang%22">Bin Liang</searchLink><relatesTo>1,2</relatesTo><i> liangb@ruc.edu.cn</i><br /><searchLink fieldCode="AR" term="%22Wenchang+Shi%22">Wenchang Shi</searchLink><relatesTo>1,2</relatesTo><i> wenchang@ruc.edu.cn</i><br /><searchLink fieldCode="AR" term="%22Shuyang+Zhu%22">Shuyang Zhu</searchLink><relatesTo>1,2</relatesTo><i> zhushuyang@ruc.edu.cn</i><br /><searchLink fieldCode="AR" term="%22Peng+Wang%22">Peng Wang</searchLink><relatesTo>1,2</relatesTo><i> pengwang@ruc.edu.cn</i><br /><searchLink fieldCode="AR" term="%22Sikefu+Xie%22">Sikefu Xie</searchLink><relatesTo>1,2</relatesTo><i> decadall@ruc.edu.cn</i><br /><searchLink fieldCode="AR" term="%22Xiangyu+Zhang%22">Xiangyu Zhang</searchLink><relatesTo>3</relatesTo><i> xyzhang@cs.purdue.edu</i>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22ICSE%3A+International+Conference+on+Software+Engineering%22">ICSE: International Conference on Software Engineering</searchLink>. 5/14/2016, p959-970. 12p.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Software+engineering%22">Software engineering</searchLink><br /><searchLink fieldCode="DE" term="%22Mobile+operating+systems%22">Mobile operating systems</searchLink><br /><searchLink fieldCode="DE" term="%22Android+%28Operating+system%29%22">Android (Operating system)</searchLink><br /><searchLink fieldCode="DE" term="%22Hijacking%22">Hijacking</searchLink><br /><searchLink fieldCode="DE" term="%22Communication%22">Communication</searchLink><br /><searchLink fieldCode="DE" term="%22Security+systems%22">Security systems</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: Many efforts have been paid to enhance the security of Android. However, less attention has been given to how to practically adopt the enhancements on off-the-shelf devices. In particular, securing Android devices often requires modifying their write-protected underlying system component files (especially the system libraries) by flashing or rooting devices, which is unacceptable in many realistic cases. In this paper, a novel technique, called reference hijacking, is presented to address the problem. By introducing a specially designed reset procedure, a new execution environment is constructed for the target application, in which the reference to the underlying system libraries will be redirected to the securityenhanced alternatives. The technique can be applicable to both the Dalvik and Android Runtime (ART) environments and to almost all mainstream Android versions (2.x to 5.x). To demonstrate the capability of reference hijacking, we develop three prototype systems, PatchMan, ControlMan, and TaintMan, to enforce specific security enhancements, involving patching vulnerabilities, protecting inter-component communications, and performing dynamic taint analysis for the target application. These three prototypes have been successfully deployed on a number of popular Android devices from different manufacturers, without modifying the underlying system. The evaluation results show that they are effective and do not introduce noticeable overhead. They strongly support that reference hijacking can substantially improve the practicability of many security enhancement efforts for Android. [ABSTRACT FROM AUTHOR]
– Name: AbstractSuppliedCopyright
  Label:
  Group: Ab
  Data: <i>Copyright of ICSE: International Conference on Software Engineering is the property of Association for Computing Machinery and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=125519997
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1145/2884781.2884863
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 12
        StartPage: 959
    Subjects:
      – SubjectFull: Software engineering
        Type: general
      – SubjectFull: Mobile operating systems
        Type: general
      – SubjectFull: Android (Operating system)
        Type: general
      – SubjectFull: Hijacking
        Type: general
      – SubjectFull: Communication
        Type: general
      – SubjectFull: Security systems
        Type: general
    Titles:
      – TitleFull: Reference Hijacking: Patching, Protecting and Analyzing on Unmodified and Non-Rooted Android Devices.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Wei You
      – PersonEntity:
          Name:
            NameFull: Bin Liang
      – PersonEntity:
          Name:
            NameFull: Wenchang Shi
      – PersonEntity:
          Name:
            NameFull: Shuyang Zhu
      – PersonEntity:
          Name:
            NameFull: Peng Wang
      – PersonEntity:
          Name:
            NameFull: Sikefu Xie
      – PersonEntity:
          Name:
            NameFull: Xiangyu Zhang
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 14
              M: 05
              Text: 5/14/2016
              Type: published
              Y: 2016
          Titles:
            – TitleFull: ICSE: International Conference on Software Engineering
              Type: main
ResultId 1