计算机科学 ›› 2014, Vol. 41 ›› Issue (Z6): 343-346.
杨超,刘文庆,张伟,陈云芳
YANG Chao,LIU Wen-qing,ZHANG Wei and CHEN Yun-fang
摘要: Android平台恶意软件可以使用获取系统root权限的方式来绕过传统的Android安全机制,并且由于Android碎片化现象的存在,出现了很多利用方式、范围不同的Android root漏洞,因此有必要详细了解这些漏洞的实现机制,以采取相应的安全对策。基于利用方式将Android root漏洞按照是否可以直接在手机端利用的角度对其分类,评估其威胁程度,并详细描述了现有漏洞提权的实现细节、利用方式以及覆盖的范围,从而为进一步制定漏洞检测方案提供帮助。
[1] Zhang Q,Li X,Yu X,et al.ASF:Improving Android Security with Layered Structure Instrumentation[M]∥Contemporary Research on E-business Technology and Strategy.Springer Berlin Heidelberg,2012:147-157 [2] Ongtang M,McLaughlin S,Enck W,et al.Semantically rich application-centric security in Android[J].Security and Communication Networks,2012,5(6):658-673 [3] Bartel A,Klein J,Le Traon Y,et al.Automatically securing permission-based software by reducing the attack surface:An application to Android[C]∥2012Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering (ASE).IEEE,2012:274-277 [4] Zhou Y,Jiang X.Dissecting Android malware:Characterizationand evolution[C]∥2012IEEE Symposium on Security and Privacy (SP).IEEE,2012:95-109 [5] Jang W J,Cho S W,Lee H W,et al.Rooting attack detection method on the Android-based smart phone[C]∥2011International Conference on Computer Science and Network Technology (ICCSNT).IEEE,2011,1:477-481 [6] SEAndroid.http://selinuxproject.org/page/SEAndroid [7] Android fragmentation.http://www.webopedia.com/TE-RM/F/fragmentation.html [8] XDA.http://forum.xda-developers.com [9] 福布斯中文网[EB/OL].201206恶意软件可借由充电器入侵iPhone手机,http://www.forbeschina.com/review/201306/0026176.shtml [10] KingRoot.http://www.pc6.com/az/75398.html [11] SuperOneclick.http://luozhihao.wodemo.com/file/92858 [12] Z4Root http://forum.xda-developers.com/showthread.php?t=833953 [13] Framaroot.http://forum.xda-developers.com/showthre-ad.php?t=2130276 [14] Rageagainstthecage.https://github.com/bibanon/An-droid-development-codex/wiki/rageagainstthecage [15] GingerBreak.http://c-skills.blogspot.com/2011/04/yummy-ymuuy-gingerbreak.html [16] CVE-2012-0056.http://web.nvd.nist.gov/view/vuln/d-etail?vulnId=CVE-2012-0056 [17] CVE-2013-2094.http://web.nvd.nist.gov/view/vuln/de-tail?vulnId=CVE-2013-2094 [18] Root exploit on Exynos. http://forum.xda-developers.com/showthread.php?t=2048511 [19] CVE-2013-2596.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2596 [20] Revolutionary-zergRush local root 2.2/2.3.http://forum.xdadevelopers.com/showthread.php?t=1296916 [21] ADB Restore.http://forum.xda-developers.com/showth-read.php?t=1439429 |
No related articles found! |
|