{"title":"基于堆溢出的Android系统漏洞风险评估方法","authors":"Dali Zhu, Ying Li, N. Pang, Weimiao Feng","doi":"10.1109/ES.2016.18","DOIUrl":null,"url":null,"abstract":"Android smart device has become a preferred target for attackers as it carries plenty of private and sensitive information. However, heap overflow vulnerability in Android system gives the opportunity to execute arbitrary malicious code and even steal personal privacy. The existence of such vulnerability makes Android system too weak to defense attacks and protect privacy. It's necessary to evaluate the security risk brought to the system. However, current vulnerability risk evaluation methods mainly focus on predicting the likelihood of exploiting, which is not enough and convictive for system security researcher. In this paper, we propose an Android system vulnerability risk evaluation method for heap overflow. We detect whether the heap overflow vulnerability is existent in current Android system, and then validate the exploitability by crafted input data. The evaluation result is classified into three kinds: inexistent, existent but not exploitable, existent and exploitable. Experiment results prove the effectiveness and indicate a good performance of the method.","PeriodicalId":184435,"journal":{"name":"2016 4th International Conference on Enterprise Systems (ES)","volume":"50 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"An Android System Vulnerability Risk Evaluation Method for Heap Overflow\",\"authors\":\"Dali Zhu, Ying Li, N. Pang, Weimiao Feng\",\"doi\":\"10.1109/ES.2016.18\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Android smart device has become a preferred target for attackers as it carries plenty of private and sensitive information. However, heap overflow vulnerability in Android system gives the opportunity to execute arbitrary malicious code and even steal personal privacy. The existence of such vulnerability makes Android system too weak to defense attacks and protect privacy. It's necessary to evaluate the security risk brought to the system. However, current vulnerability risk evaluation methods mainly focus on predicting the likelihood of exploiting, which is not enough and convictive for system security researcher. In this paper, we propose an Android system vulnerability risk evaluation method for heap overflow. We detect whether the heap overflow vulnerability is existent in current Android system, and then validate the exploitability by crafted input data. The evaluation result is classified into three kinds: inexistent, existent but not exploitable, existent and exploitable. Experiment results prove the effectiveness and indicate a good performance of the method.\",\"PeriodicalId\":184435,\"journal\":{\"name\":\"2016 4th International Conference on Enterprise Systems (ES)\",\"volume\":\"50 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 4th International Conference on Enterprise Systems (ES)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ES.2016.18\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 4th International Conference on Enterprise Systems (ES)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ES.2016.18","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Android System Vulnerability Risk Evaluation Method for Heap Overflow
Android smart device has become a preferred target for attackers as it carries plenty of private and sensitive information. However, heap overflow vulnerability in Android system gives the opportunity to execute arbitrary malicious code and even steal personal privacy. The existence of such vulnerability makes Android system too weak to defense attacks and protect privacy. It's necessary to evaluate the security risk brought to the system. However, current vulnerability risk evaluation methods mainly focus on predicting the likelihood of exploiting, which is not enough and convictive for system security researcher. In this paper, we propose an Android system vulnerability risk evaluation method for heap overflow. We detect whether the heap overflow vulnerability is existent in current Android system, and then validate the exploitability by crafted input data. The evaluation result is classified into three kinds: inexistent, existent but not exploitable, existent and exploitable. Experiment results prove the effectiveness and indicate a good performance of the method.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
