TY - GEN
T1 - Hey, you, get off of my image
T2 - 21st European Symposium on Research in Computer Security, ESORICS 2016
AU - Zhang, Xiao
AU - Aafer, Yousra
AU - Ying, Kailiang
AU - Du, Wenliang
N1 - Publisher Copyright:
© Springer International Publishing Switzerland 2016.
PY - 2016
Y1 - 2016
N2 - Android’s data cleanup mechanism has been called into question with the recently discovered data residue vulnerability. However, the existing study only focuses on one particular Android version and demands heavy human involvement. In this project, we aim to fill the gap by providing a comprehensive understanding of the data residue situation across the entire Android ecosystem. To this end, we propose ANRED(ANRED is a former French public institution for the recovery and disposal of waste.), an ANdroid REsidue Detector that performs static analysis on Android framework bytecode and automatically quantifies the risk for each identified data residue instance within collected system services. The design of ANRED has overcome several challenges imposed by the special characteristic of Android framework and data residue vulnerability. We have implemented ANRED in WALA and further evaluated it against 606 Android images. The analysis results have demonstrated the effectiveness, efficiency and reliability of ANRED. In particular, we have confirmed the effect of vendor customization and version upgrade on data residue vulnerability. We have also identified five new data residue instances that have been overlooked in the previous study, leading to data leakage and privilege escalation attacks.
AB - Android’s data cleanup mechanism has been called into question with the recently discovered data residue vulnerability. However, the existing study only focuses on one particular Android version and demands heavy human involvement. In this project, we aim to fill the gap by providing a comprehensive understanding of the data residue situation across the entire Android ecosystem. To this end, we propose ANRED(ANRED is a former French public institution for the recovery and disposal of waste.), an ANdroid REsidue Detector that performs static analysis on Android framework bytecode and automatically quantifies the risk for each identified data residue instance within collected system services. The design of ANRED has overcome several challenges imposed by the special characteristic of Android framework and data residue vulnerability. We have implemented ANRED in WALA and further evaluated it against 606 Android images. The analysis results have demonstrated the effectiveness, efficiency and reliability of ANRED. In particular, we have confirmed the effect of vendor customization and version upgrade on data residue vulnerability. We have also identified five new data residue instances that have been overlooked in the previous study, leading to data leakage and privilege escalation attacks.
UR - http://www.scopus.com/inward/record.url?scp=84990059030&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84990059030&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-45744-4_20
DO - 10.1007/978-3-319-45744-4_20
M3 - Conference contribution
AN - SCOPUS:84990059030
SN - 9783319457437
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 401
EP - 421
BT - Computer Security - 21st European Symposium on Research in Computer Security, ESORICS 2016, Proceedings
A2 - Katsikas, Sokratis
A2 - Meadows, Catherine
A2 - Askoxylakis, Ioannis
A2 - Ioannidis, Sotiris
PB - Springer Verlag
Y2 - 26 September 2016 through 30 September 2016
ER -