Ghost Installer in the Shadow: Security Analysis of App Installation on Android
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Lee, Yeonjoon | - |
dc.contributor.author | Li, T. | - |
dc.contributor.author | Zhang, N. | - |
dc.contributor.author | Demetriou, S. | - |
dc.contributor.author | Zha, M. | - |
dc.contributor.author | Wang, X. | - |
dc.contributor.author | Chen, K. | - |
dc.contributor.author | Zhou, X. | - |
dc.contributor.author | Han, X. | - |
dc.contributor.author | Grace, M. | - |
dc.date.accessioned | 2021-06-22T15:22:37Z | - |
dc.date.available | 2021-06-22T15:22:37Z | - |
dc.date.created | 2021-01-22 | - |
dc.date.issued | 2017-06 | - |
dc.identifier.uri | https://scholarworks.bwise.kr/erica/handle/2021.sw.erica/11587 | - |
dc.description.abstract | Android allows developers to build apps with app installation functionality themselves with minimal restriction and support like any other functionalities. Given the critical importance of app installation, the security implications of the approach can be significant. This paper reports the first systematic study on this issue, focusing on the security guarantees of different steps of the App Installation Transaction (AIT). We demonstrate the serious consequences of leaving AIT development to individual developers: most installers (e.g., Amazon AppStore, DTIgnite, Baidu) are riddled with various security-critical loopholes, which can be exploited by attackers to silently install any apps, acquiring dangerous-level permissions or even unauthorized access to system resources. Surprisingly, vulnerabilities were found in all steps of AIT. The attacks we present, dubbed Ghost Installer Attack (GIA), are found to pose a realistic threat to Android ecosystem. Further, we developed both a user-app-level and a system-level defense that are innovative and practical. © 2017 IEEE. | - |
dc.language | 영어 | - |
dc.language.iso | en | - |
dc.publisher | Institute of Electrical and Electronics Engineers Inc. | - |
dc.title | Ghost Installer in the Shadow: Security Analysis of App Installation on Android | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Lee, Yeonjoon | - |
dc.identifier.doi | 10.1109/DSN.2017.33 | - |
dc.identifier.scopusid | 2-s2.0-85031668635 | - |
dc.identifier.wosid | 000424871200035 | - |
dc.identifier.bibliographicCitation | Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017, pp.403 - 414 | - |
dc.relation.isPartOf | Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017 | - |
dc.citation.title | Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017 | - |
dc.citation.startPage | 403 | - |
dc.citation.endPage | 414 | - |
dc.type.rims | ART | - |
dc.type.docType | Conference Paper | - |
dc.description.journalClass | 3 | - |
dc.description.isOpenAccess | N | - |
dc.description.journalRegisteredClass | other | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Hardware & Architecture | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Theory & Methods | - |
dc.subject.keywordPlus | Android (operating system) | - |
dc.subject.keywordPlus | Security analysis | - |
dc.subject.keywordPlus | Security implications | - |
dc.subject.keywordPlus | Security-critical | - |
dc.subject.keywordPlus | System levels | - |
dc.subject.keywordPlus | System resources | - |
dc.subject.keywordPlus | Systematic study | - |
dc.subject.keywordPlus | Unauthorized access | - |
dc.subject.keywordPlus | Mobile security | - |
dc.identifier.url | https://ieeexplore.ieee.org/document/8023140/ | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
55 Hanyangdeahak-ro, Sangnok-gu, Ansan, Gyeonggi-do, 15588, Korea+82-31-400-4269 sweetbrain@hanyang.ac.kr
COPYRIGHT © 2021 HANYANG UNIVERSITY. ALL RIGHTS RESERVED.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.