ActivityShielder: An Activity Hijacking Defense Scheme for Android Devices

2018 27th International Conference on Computer Communication and Networks (ICCCN) Pub Date : 2018-07-01 DOI:10.1109/ICCCN.2018.8487367

Fei Yan, Yijia Li, Liqiang Zhang

{"title":"ActivityShielder: An Activity Hijacking Defense Scheme for Android Devices","authors":"Fei Yan, Yijia Li, Liqiang Zhang","doi":"10.1109/ICCCN.2018.8487367","DOIUrl":null,"url":null,"abstract":"With the growing popularity of smartphones in vast areas, the security of Android has been a vital pursuit for developers. Among the security issues in Android, Activity hijacking attacks pose severe threat to normal APPs and sensitive input data by exploiting flaws in Android UI management mechanism with high elusiveness and extensive harmfulness. However, to our best knowledge, existing defenses either only work under particular scenarios or incur obvious false positives. To make up for this vacancy, we propose a novel Activity hijacking defense scheme named \"ActivityShielder\" for Android tasks. The scheme is designed to manage the entities of UI and it can detect and block multiple Activity hijacking attacks explicitly. We have developed a fully functioning prototype of ActivityShielder, and our evaluation results show that ActivityShielder (1) can effectively resist activity hijacking attacks and avoid existing false positives in multi-version Android systems; with (2) a minor performance impact (lower than 2%) to the system.","PeriodicalId":399145,"journal":{"name":"2018 27th International Conference on Computer Communication and Networks (ICCCN)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 27th International Conference on Computer Communication and Networks (ICCCN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCCN.2018.8487367","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

With the growing popularity of smartphones in vast areas, the security of Android has been a vital pursuit for developers. Among the security issues in Android, Activity hijacking attacks pose severe threat to normal APPs and sensitive input data by exploiting flaws in Android UI management mechanism with high elusiveness and extensive harmfulness. However, to our best knowledge, existing defenses either only work under particular scenarios or incur obvious false positives. To make up for this vacancy, we propose a novel Activity hijacking defense scheme named "ActivityShielder" for Android tasks. The scheme is designed to manage the entities of UI and it can detect and block multiple Activity hijacking attacks explicitly. We have developed a fully functioning prototype of ActivityShielder, and our evaluation results show that ActivityShielder (1) can effectively resist activity hijacking attacks and avoid existing false positives in multi-version Android systems; with (2) a minor performance impact (lower than 2%) to the system.

查看原文本刊更多论文

activityshield:一个针对Android设备的活动劫持防御方案

随着智能手机在广大地区的普及，Android的安全性已经成为开发者的重要追求。在Android的安全问题中，Activity劫持攻击利用Android UI管理机制的漏洞，对正常的app和敏感的输入数据构成了严重的威胁，具有高度的难以捉摸性和广泛的危害性。然而，据我们所知，现有的防御措施要么只在特定情况下有效，要么会产生明显的误报。为了弥补这一空缺，我们为Android任务提出了一种新的活动劫持防御方案，名为“activityshield”。该方案对用户界面实体进行管理，能够显式地检测和阻止多个Activity劫持攻击。我们开发了一个功能齐全的activityshield原型，我们的评估结果表明activityshield(1)可以有效抵御活动劫持攻击，避免多版本Android系统中存在的误报;(2)对系统性能影响较小(小于2%)。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 27th International Conference on Computer Communication and Networks (ICCCN)

自引率

0.00%

发文量