Vulnerability Detection and Mitigation in Commodity Android Devices.

摘要

The smartphone market has grown explosively in recent years, as more and more consumers are attracted to the sensor-studded multipurpose devices. However, with the popularity of Android platform, a large number of vulnerabilities have been observed and exploited in the wild.;In this dissertation, we aim to detect and quantify the presence of vulnerabilities in commodity Android devices, and propose corresponding mitigation solutions. In particular, we focus on two kinds of vulnerabilities, i.e., app-level vulnerabilities in pre-loaded apps and kernel-level vulnerabilities in device firmware images. To these ends, we first propose a system named SEFA to detect app-level vulnerabilities and evaluate their impact. Using SEFA, we quantitatively analyze ten representative stock Android images from five popular smartphone vendors (with two models from each vendor). Our evaluation results are worrisome: all examined devices are vulnerable. Our results also show that vendor customizations are significant on stock Android devices and on the whole responsible for the bulk of the security problems we detected in each device. To make matter worse, the slow update cycle makes the threats more serious, since it provides the attackers with more opportunities to launch the attack. (Abstract shortened by ProQuest.).