Honey, I Shrunk Your App Security: The State of Android App Hardening

被引：13

作者：

Haupert, Vincent ^{[1
]}

Maier, Dominik ^{[2
]}

Schneider, Nicolas ^{[1
]}

Kirsch, Julian ^{[3
]}

Mueller, Tilo ^{[1
]}

机构：

[1] Friedrich Alexander Univ Erlangen Nurnberg FAU, Erlangen, Germany

[2] TU Berlin, Berlin, Germany

[3] Tech Univ Munich, Munich, Germany

来源：

DETECTION OF INTRUSIONS AND MALWARE, AND VULNERABILITY ASSESSMENT, DIMVA 2018 | 2018年 / 10885卷

关键词：

D O I：

10.1007/978-3-319-93411-2_4

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The continued popularity of smartphones has led companies from all business sectors to use them for security-sensitive tasks like two-factor authentication. Android, however, suffers from a fragmented landscape of devices and versions, which leaves many devices unpatched by their manufacturers. This security gap has created a vital market of commercial solutions for Runtime Application Self-Protection (RASP) to harden apps and ensure their integrity even on compromised devices. In this paper, we assess the RASP market for Android by providing an overview of the available products and their features. Furthermore, we describe an in-depth case study for a leading RASP product-namely Promon Shield-which is being used by approximately 100 companies to protect over 100 million end users worldwide. We demonstrate two attacks against Promon Shield: The first removes the entire protection scheme statically from an app, while the second disables all security measures dynamically at runtime.

引用

页码：69 / 91

页数：23

共 31 条

[1] [Anonymous], 2018, ABS180101203 CORR
[2] [Anonymous], 2013, Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS '13, ACM, New York, NY, USA, DOI DOI 10.1145/2508859.2516728
[3] Barak B., 2001, Advances in Cryptology - CRTPTO 2001. 21st Annual International Cryptology Conference, Proceedings (Lecture Notes in Computer Science Vol.2139), P1
[4] Exploitation and Mitigation of Authentication Schemes Based on Device-Public Information
Bianchi, Antonio
Gustafson, Eric
Fratantonio, Yanick
Kruegel, Christopher
Vigna, Giovanni
[J]. 33RD ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2017), 2017, : 16 - 27
[5] Statistical Deobfuscation of Android Applications
Bichsel, Benjamin
Raychev, Veselin
Tsankov, Petar
Vechev, Martin
[J]. CCS'16: PROCEEDINGS OF THE 2016 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2016, : 343 - 355
[6] Chow S, 2003, LECT NOTES COMPUT SC, V2595, P250
[7] Duan Y., 2018, 25th Annual Network and Distributed System Security Symposium, NDSS, P18
[8] Felt A.P., 2011, P 1 ACM WORKSH SEC P, DOI DOI 10.1145/2046614.2046618
[9] Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop
Fratantonio, Yanick
Qian, Chenxiong
Chung, Simon P.
Lee, Wenke
[J]. 2017 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP), 2017, : 1041 - 1057
[10] Gartner Inc, 2017, MARK GUID APPL SHIEL

← 1 2 3 4 →