Daniel Andrade, T. Kristoffersen, I. Rummelhoff, Alex Gerdov, J. Silva
{"title":"通过重新打包的应用程序阻止数据泄露","authors":"Daniel Andrade, T. Kristoffersen, I. Rummelhoff, Alex Gerdov, J. Silva","doi":"10.1109/SRDSW.2016.18","DOIUrl":null,"url":null,"abstract":"Android applications are subject to repackaging attacks, where popular applications are modified, often by inserting malicious logic, re-signed, and then uploaded to an online store to be later on downloaded and installed by unsuspicious users. This paper presents a set of protocols for increasing trust in special-purpose Android applications, termed secured trusted applications, during communication with a trustworthy external hardware device for storing sensitive end user data, termed secured personal device. The proposed approach requires neither operating system modification nor root privileges. The evaluation of our solution shows that the authenticity and integrity of applications, and the confidentiality and integrity of communication, is ensured as long as Android operates correctly.","PeriodicalId":401182,"journal":{"name":"2016 IEEE 35th Symposium on Reliable Distributed Systems Workshops (SRDSW)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Thwarting Data Exfiltration by Repackaged Applications\",\"authors\":\"Daniel Andrade, T. Kristoffersen, I. Rummelhoff, Alex Gerdov, J. Silva\",\"doi\":\"10.1109/SRDSW.2016.18\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Android applications are subject to repackaging attacks, where popular applications are modified, often by inserting malicious logic, re-signed, and then uploaded to an online store to be later on downloaded and installed by unsuspicious users. This paper presents a set of protocols for increasing trust in special-purpose Android applications, termed secured trusted applications, during communication with a trustworthy external hardware device for storing sensitive end user data, termed secured personal device. The proposed approach requires neither operating system modification nor root privileges. The evaluation of our solution shows that the authenticity and integrity of applications, and the confidentiality and integrity of communication, is ensured as long as Android operates correctly.\",\"PeriodicalId\":401182,\"journal\":{\"name\":\"2016 IEEE 35th Symposium on Reliable Distributed Systems Workshops (SRDSW)\",\"volume\":\"8 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE 35th Symposium on Reliable Distributed Systems Workshops (SRDSW)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SRDSW.2016.18\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 35th Symposium on Reliable Distributed Systems Workshops (SRDSW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SRDSW.2016.18","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Thwarting Data Exfiltration by Repackaged Applications
Android applications are subject to repackaging attacks, where popular applications are modified, often by inserting malicious logic, re-signed, and then uploaded to an online store to be later on downloaded and installed by unsuspicious users. This paper presents a set of protocols for increasing trust in special-purpose Android applications, termed secured trusted applications, during communication with a trustworthy external hardware device for storing sensitive end user data, termed secured personal device. The proposed approach requires neither operating system modification nor root privileges. The evaluation of our solution shows that the authenticity and integrity of applications, and the confidentiality and integrity of communication, is ensured as long as Android operates correctly.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
