基于分布式信息流控制的无障碍辅助性服务安全加固
|
摘要
随着安卓系统的广泛使用,系统提供的功能也越来越多,其中一个重要特性是1.6版本中引入并在4.0及以上版本中优化的无障碍辅助性服务.通过无障碍辅助功能,应用不仅可以获得输入框输入文本等窗口元素信息,还可以与应用窗口自动地进行双向交互(如获得按钮信息点击按钮).然而,这些特性一旦被滥用,将会给用户带来巨大的安全威胁.对安卓系统中的无障碍辅助性服务进行了深入研究,分析了其可能被滥用的途径,并找出安全缺陷及其产生原因.然后提出了基于分布式信息流的控制机制标记,并跟踪无障碍辅助性服务和无障碍事件以进行安全加固.实现了一个名为Tassel的安全系统,以防止无障碍辅助性服务滥用.经过测试,该系统可以在不影响系统其他功能正常使用的前提下,保证服务的使用安全,且系统整体的性能影响很小.
With its ubiquity, the Android system offers more and more functions. One of the important features is the accessibility service, which was introduced in Android 1.6 and optimized in Android 4.0 and above. With the accessibility service, applications can retrieve active window information, such as the text contents and users input, and can communicate with applications' window automatically, for example, getting the button content and then clicking it. However, these advanced features, when being abused, will bring mobile users considerable safety threats. This work carries out research into this system service, analyzing possible ways of being abused and their causes from system API design. The paper then proposes and implements a new system called Tassel, based on the decentralized information flow control mechanism, to make the service API usage securer. The new system tags, tracks and controls the accessibility service handling as well as the accessibility event. This system is evaluated to show that it can prevent accessibility service from being abused, and meanwhile, it does not impact the system normal functions as well as the performance.
With its ubiquity, the Android system offers more and more functions. One of the important features is the accessibility service, which was introduced in Android 1.6 and optimized in Android 4.0 and above. With the accessibility service, applications can retrieve active window information, such as the text contents and users input, and can communicate with applications' window automatically, for example, getting the button content and then clicking it. However, these advanced features, when being abused, will bring mobile users considerable safety threats. This work carries out research into this system service, analyzing possible ways of being abused and their causes from system API design. The paper then proposes and implements a new system called Tassel, based on the decentralized information flow control mechanism, to make the service API usage securer. The new system tags, tracks and controls the accessibility service handling as well as the accessibility event. This system is evaluated to show that it can prevent accessibility service from being abused, and meanwhile, it does not impact the system normal functions as well as the performance.
引文
[1]Guide for developing Android accessibility service(in Chinese).http://informationaccessibilityassociation.github.io/android Acce ssibility/services.htm
[2]Accessibility Service.https://developer.android.com/reference/android/accessibilityservice/Accessibility Service.html
[3]Zhong Y,Weber A,Burkhardt C,Weaver P,Bigham JP.Enhancing Android accessibility for users with hand tremor by reducing fine pointing and steady tapping.In:Proc.of the 12th Web for All Conf.(W4A 2015).New York:ACM Press,2015.10.[doi:10.1145/2745555.2747277]
[4]Android accessibility security research report(in Chinese).2016.http://blogs.360.cn/360mobile/2016/09/07/research_of_accessibi lity/
[5]Amit Y.Android clickjacking—Android malware evolution.2016.https://www.skycure.com/blog/accessibility-clickjacking/
[6]Amit Y.95.4 percent of all Android devices are susceptible to accessibility clickjacking exploits.2016.https://www.skycure.com/blog/95-4-android-devices-susceptible-accessibility-clickjacking-exploits/
[7]Ni B.Abusing accessibility service to install android applications automatically(in Chinese).2015.http://ju.outofmemory.cn/entry/227941
[8]Rout V.Security issues with Android accessibility.2016.https://android.jlelse.eu/android-accessibility-75fdc5810025
[9]Venkatesan D.Malware may abuse Android’s accessibility service to bypass security enhancements.2016.https://www.symantec.com/connect/blogs/malware-may-abuse-android-s-accessibility-service-bypass-security-enhancements
[10]Jang Y,Song C,Chung SP,Wang T,Lee W.A11y attacks:Exploiting accessibility in operating systems.In:Proc.of the ACM Conf.on Computer and Communications Security(CCS).2014.1-13.[doi:10.1145/2660267.2660295]
[11]Kraunelis J,Chen Y,Ling Z,Fu X,Zhao W.On malware leveraging the Android accessibility framework.In:Stojmenovic I,Cheng Z,Guo S,eds.Proc.of the Mobile and Ubiquitous Systems:Computing,Networking,and Services.Mobi Quitous 2013.Lecture Notes of the Institute for Computer Sciences,Social Informatics and Telecommunications Engineering,Vol 131.Cham:Springer-Verlag,2014.[doi:10.1007/978-3-319-11569-6_40]
[12]Learn about global development.2018.http://www.worldbank.org/en/topic/disability/overview#1
[13]Accessibility.https://developer.android.com/guide/topics/ui/accessibility/index.html
[14]Kompasim.Grabbing red packets automatically in Android system.2017(in Chinese).https://github.com/kompasim/androidwechat-tool/blob/master/README.md
[15]Guo L.The implement for silent installation in Android.2015(in Chinese).http://blog.csdn.net/guolin_blog/article/details/47803149
[16]Stefanko L.New Android Trojan mimics user clicks to download dangerous malware.2017.https://www.welivesecurity.com/2017/02/14/new-android-trojan-mimics-user-clicks-download-dangerous-malware/
[17]Xiaoqi in Jianshu.The event delivery mechanism in Android.2015(in Chinese).http://www.jianshu.com/p/cf22ea3b09a5
[18]CVE-2014-4368.http://www.nsfocus.net/vulndb/27932
[19]Quiet Heart.Basic principles of access control permissions in Linux.2017(in Chinese).http://www.jianshu.com/p/56d5c68b5363
[20]Denning DE.A lattice model of secure information flow.Communications of the ACM(CACM),1976,19(5):236-243.[doi:10.1145/360051.360056]
[21]Wu ZZ,Chen XY,Yang Z,Du XH.Survey on information flow control.Ruan Jian Xue Bao/Journal of Software,2017,28(1):135-159(in Chinese with English abstract).http://www.jos.org.cn/1000-9825/5131.htm[doi:10.13328/j.cnki.jos.005131]
[22]Krohn M,Yip A,Brodsky M,Kaashoek MF,Kohler E,Morris R.Information flow control for standard OS abstractions.In:Proc.of the ACM SIGOPS Operating Systems Review.New York:ACM Press,2007.321-334.[doi:10.1145/1294261.1294293]
[23]Efstathopoulos P,Krohn M,Van De Bogart S,Frey C,Ziegler D,Kohler E,Morris R.Labels and event processes in the Asbestos operating system.In:Proc.of the SOSP.Brighton:ACM Press,2005.17-30.[doi:10.1145/1095810.1095813]
[24]Zeldovich N,Boyd-Wickizer S,Mazieres D.Securing distributed systems with information flow control.In:Proc.of the NSDI.San Francisco:USENIX,2008.293-308.
[25]Myers AC,Liskov B.A decentralized model for information flow control.SIGOPS Operating Systems Review,1997,31(5):129-142.[doi:10.1145/269005.266669]
[26]Xu S.The research in information flow control model for distributed system[MS.Thesis].Shanghai:Shanghai Jiaotong University,2011(in Chinese with English abstract).
[27]Nadkarni A,Enck W.Preventing accidental data disclosure in modern operating systems.In:Proc.of the ACM Conf.on Computer and Communications Security(CCS).2013.1-13.[doi:10.1145/2508859.2516677]
[28]Jia L,Aljuraidan J,Fragkaki E,Bauer L,Stroucken M,Fukushima K,Kiyomoto S,Miyake Y.Run-Time enforcement of information-flow prop-erties on Android(extended abstract).In:Proc.of the European Symp.on Research in Computer Security(ES-ORICS).2013.1-30.
[29]Xu Y,Witchel E.Maxoid:Transparently confining mobile applications with custom views of state.In:Proc.of the 10th European Conf.on Computer Systems.ACM Press,2015.1-14.[doi:10.1145/2741948.2741966]
[30]Nadkarni A,Andow B,Enck W,Jha S.Practical DIFC enforcement on Android.In:Proc.of the 25th USENIX Security Symp.(USENIX Security 2016).USENIX Association,2016.1119-1136.
[1]Android开发无障碍指南.http://informationaccessibilityassociation.github.io/android Accessibility/services.htm
[4]Android accessibility安全性研究报告.http://blogs.360.cn/360mobile/2016/09/07/research_of_accessibility/
[7]逆巴.滥用Accessibility Service自动安装应用.2015.http://ju.outofmemory.cn/entry/227941
[14]Kompasim.Android实现自动抢红包.2017.
[15]郭林.Android静默安装实现方案.2015.http://blog.csdn.net/guolin_blog/article/details/47803149
[17]小七在简书.Android事件传递机制.2015.http://www.jianshu.com/p/cf22ea3b09a5
[19]Quiet Heart.Linux访问控制权限基本原理.2017.http://www.jianshu.com/p/56d5c68b5363
[21]吴泽智,陈性元,杨智,杜学绘.信息流控制研究进展.软件学报,2017,28(1):135-159.http://www.jos.org.cn/1000-9825/5131.htm[doi:10.13328/j.cnki.jos.005131]
[26]许帅.分布式系统中的信息流控制模型的研究[硕士学位论文].上海:上海交通大学,2011.
[2]Accessibility Service.https://developer.android.com/reference/android/accessibilityservice/Accessibility Service.html
[3]Zhong Y,Weber A,Burkhardt C,Weaver P,Bigham JP.Enhancing Android accessibility for users with hand tremor by reducing fine pointing and steady tapping.In:Proc.of the 12th Web for All Conf.(W4A 2015).New York:ACM Press,2015.10.[doi:10.1145/2745555.2747277]
[4]Android accessibility security research report(in Chinese).2016.http://blogs.360.cn/360mobile/2016/09/07/research_of_accessibi lity/
[5]Amit Y.Android clickjacking—Android malware evolution.2016.https://www.skycure.com/blog/accessibility-clickjacking/
[6]Amit Y.95.4 percent of all Android devices are susceptible to accessibility clickjacking exploits.2016.https://www.skycure.com/blog/95-4-android-devices-susceptible-accessibility-clickjacking-exploits/
[7]Ni B.Abusing accessibility service to install android applications automatically(in Chinese).2015.http://ju.outofmemory.cn/entry/227941
[8]Rout V.Security issues with Android accessibility.2016.https://android.jlelse.eu/android-accessibility-75fdc5810025
[9]Venkatesan D.Malware may abuse Android’s accessibility service to bypass security enhancements.2016.https://www.symantec.com/connect/blogs/malware-may-abuse-android-s-accessibility-service-bypass-security-enhancements
[10]Jang Y,Song C,Chung SP,Wang T,Lee W.A11y attacks:Exploiting accessibility in operating systems.In:Proc.of the ACM Conf.on Computer and Communications Security(CCS).2014.1-13.[doi:10.1145/2660267.2660295]
[11]Kraunelis J,Chen Y,Ling Z,Fu X,Zhao W.On malware leveraging the Android accessibility framework.In:Stojmenovic I,Cheng Z,Guo S,eds.Proc.of the Mobile and Ubiquitous Systems:Computing,Networking,and Services.Mobi Quitous 2013.Lecture Notes of the Institute for Computer Sciences,Social Informatics and Telecommunications Engineering,Vol 131.Cham:Springer-Verlag,2014.[doi:10.1007/978-3-319-11569-6_40]
[12]Learn about global development.2018.http://www.worldbank.org/en/topic/disability/overview#1
[13]Accessibility.https://developer.android.com/guide/topics/ui/accessibility/index.html
[14]Kompasim.Grabbing red packets automatically in Android system.2017(in Chinese).https://github.com/kompasim/androidwechat-tool/blob/master/README.md
[15]Guo L.The implement for silent installation in Android.2015(in Chinese).http://blog.csdn.net/guolin_blog/article/details/47803149
[16]Stefanko L.New Android Trojan mimics user clicks to download dangerous malware.2017.https://www.welivesecurity.com/2017/02/14/new-android-trojan-mimics-user-clicks-download-dangerous-malware/
[17]Xiaoqi in Jianshu.The event delivery mechanism in Android.2015(in Chinese).http://www.jianshu.com/p/cf22ea3b09a5
[18]CVE-2014-4368.http://www.nsfocus.net/vulndb/27932
[19]Quiet Heart.Basic principles of access control permissions in Linux.2017(in Chinese).http://www.jianshu.com/p/56d5c68b5363
[20]Denning DE.A lattice model of secure information flow.Communications of the ACM(CACM),1976,19(5):236-243.[doi:10.1145/360051.360056]
[21]Wu ZZ,Chen XY,Yang Z,Du XH.Survey on information flow control.Ruan Jian Xue Bao/Journal of Software,2017,28(1):135-159(in Chinese with English abstract).http://www.jos.org.cn/1000-9825/5131.htm[doi:10.13328/j.cnki.jos.005131]
[22]Krohn M,Yip A,Brodsky M,Kaashoek MF,Kohler E,Morris R.Information flow control for standard OS abstractions.In:Proc.of the ACM SIGOPS Operating Systems Review.New York:ACM Press,2007.321-334.[doi:10.1145/1294261.1294293]
[23]Efstathopoulos P,Krohn M,Van De Bogart S,Frey C,Ziegler D,Kohler E,Morris R.Labels and event processes in the Asbestos operating system.In:Proc.of the SOSP.Brighton:ACM Press,2005.17-30.[doi:10.1145/1095810.1095813]
[24]Zeldovich N,Boyd-Wickizer S,Mazieres D.Securing distributed systems with information flow control.In:Proc.of the NSDI.San Francisco:USENIX,2008.293-308.
[25]Myers AC,Liskov B.A decentralized model for information flow control.SIGOPS Operating Systems Review,1997,31(5):129-142.[doi:10.1145/269005.266669]
[26]Xu S.The research in information flow control model for distributed system[MS.Thesis].Shanghai:Shanghai Jiaotong University,2011(in Chinese with English abstract).
[27]Nadkarni A,Enck W.Preventing accidental data disclosure in modern operating systems.In:Proc.of the ACM Conf.on Computer and Communications Security(CCS).2013.1-13.[doi:10.1145/2508859.2516677]
[28]Jia L,Aljuraidan J,Fragkaki E,Bauer L,Stroucken M,Fukushima K,Kiyomoto S,Miyake Y.Run-Time enforcement of information-flow prop-erties on Android(extended abstract).In:Proc.of the European Symp.on Research in Computer Security(ES-ORICS).2013.1-30.
[29]Xu Y,Witchel E.Maxoid:Transparently confining mobile applications with custom views of state.In:Proc.of the 10th European Conf.on Computer Systems.ACM Press,2015.1-14.[doi:10.1145/2741948.2741966]
[30]Nadkarni A,Andow B,Enck W,Jha S.Practical DIFC enforcement on Android.In:Proc.of the 25th USENIX Security Symp.(USENIX Security 2016).USENIX Association,2016.1119-1136.
[1]Android开发无障碍指南.http://informationaccessibilityassociation.github.io/android Accessibility/services.htm
[4]Android accessibility安全性研究报告.http://blogs.360.cn/360mobile/2016/09/07/research_of_accessibility/
[7]逆巴.滥用Accessibility Service自动安装应用.2015.http://ju.outofmemory.cn/entry/227941
[14]Kompasim.Android实现自动抢红包.2017.
[15]郭林.Android静默安装实现方案.2015.http://blog.csdn.net/guolin_blog/article/details/47803149
[17]小七在简书.Android事件传递机制.2015.http://www.jianshu.com/p/cf22ea3b09a5
[19]Quiet Heart.Linux访问控制权限基本原理.2017.http://www.jianshu.com/p/56d5c68b5363
[21]吴泽智,陈性元,杨智,杜学绘.信息流控制研究进展.软件学报,2017,28(1):135-159.http://www.jos.org.cn/1000-9825/5131.htm[doi:10.13328/j.cnki.jos.005131]
[26]许帅.分布式系统中的信息流控制模型的研究[硕士学位论文].上海:上海交通大学,2011.