This repository has been archived by the owner on Dec 15, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsources.bib
219 lines (193 loc) · 14.9 KB
/
sources.bib
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
@thesis{virtualpatch,
author = {Simeone Pizzi},
title = {VirtualPatch: Fixing Android Security Vulnerabilities with App-Level Virtualization},
year = {2022},
annote = {Master's thesis},
publisher = {University of Padua},
url = {https://thesis.unipd.it/bitstream/20.500.12608/32823/1/Pizzi_Simeone.pdf}
}
@inproceedings{parallel_space_traveling,
author = {Dai, Deshun and Li, Ruixuan and Tang, Junwei and Davanian, Ali and Yin, Heng},
title = {Parallel Space Traveling: A Security Analysis of App-Level Virtualization in Android},
year = {2020},
isbn = {9781450375689},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3381991.3395608},
doi = {10.1145/3381991.3395608},
abstract = {App-level virtualization becomes increasingly popular. It allows multiple instances of an application to run simultaneously on the same Android system, without requiring modification of the Android firmware. These virtualization-capable apps are used by more than 100 million users worldwide. We conduct a systematic study of the implementation of app-level virtualization and the security threats that their users may face. First, we survey more than 160 apps collected from several popular app markets which can provide application virtualization capability. We find that these apps are implemented based on a similar design, and apps running in such a virtual environment are not completely isolated from each other. Second, we analyze malicious virtualized guest apps, and identify several areas of potential attack vectors, including privilege escalation, code injection, ransomware, etc. Malicious virtualized guest apps can launch reference hijacking attacks. Once a legitimate app is running in the virtual context, all of its sensitive data will be exposed to the host app. Third, we find a new type of repackaging attack. In our collection of 2 million app data set, we find that 68 apps pack and load malwares by using the virtualization technology to evade antivirus detection, 91 apps pack some legal apps for the purpose of wide distribution, and insert screen ads to gain profits at its startup. Finally, we discuss a variety of mitigation solutions for users, developers and vendors.},
booktitle = {Proceedings of the 25th ACM Symposium on Access Control Models and Technologies},
pages = {25–32},
numpages = {8},
keywords = {security threats, security enhancements, mobile security, application virtualization, android system},
location = {Barcelona, Spain},
series = {SACMAT '20}
}
@article{app_in_the_middle,
author = {Zhang, Lei and Yang, Zhemin and He, Yuyu and Li, Mingqi and Yang, Sen and Yang, Min and Zhang, Yuan and Qian, Zhiyun},
title = {App in the Middle: Demystify Application Virtualization in Android and its Security Threats},
year = {2019},
issue_date = {March 2019},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
volume = {3},
number = {1},
url = {https://doi.org/10.1145/3322205.3311088},
doi = {10.1145/3322205.3311088},
abstract = {Customizability is a key feature of the Android operating system that differentiates it from Apple's iOS. One concrete feature that gaining popularity is called "app virtualization''. This feature allows multiple copies of the same app to be installed and opened simultaneously (e.g., with multiple accounts logged in). Virtualization frameworks are used by more than 100 million users worldwide. As with any new system features, we are interested in two aspects: (1) whether the feature itself introduces security risks and (2) whether the feature is abused for unintended purposes. This paper conducts a systematic study on the two aspects of the app virtualization techniques.With a thorough study of 32 popular virtualization frameworks from Google Play, we identify seven areas of potential attack vectors and find that most of the frameworks are susceptible to them. By deeply investigating their ecosystem, we show, with demonstrations, that attackers can easily distribute malware that takes advantage of these attack vectors. In addition, we show that the same virtualization techniques are also abused by malware as an alternative and easy-to-use repackaging mechanism. To this end, we design and implement a new app repackage detector. After scanning 250,145 apps from app markets, it finds 164 repackaged apps that attempt to steal user credentials and private data.},
journal = {Proc. ACM Meas. Anal. Comput. Syst.},
month = mar,
articleno = {17},
numpages = {24},
keywords = {access control, android security, application virtualization}
}
@inproceedings{android_plugin,
author = {Zheng, Cong and Luo, Tongbo and Xu, Zhi and Hu, Wenjun and Ouyang, Xin},
title = {Android Plugin Becomes a Catastrophe to Android Ecosystem},
year = {2018},
isbn = {9781450357579},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3203422.3203425},
doi = {10.1145/3203422.3203425},
abstract = {The Android Plugin is a new application-level virtualization technology in Android system. Android Plugin allows a host app to create a virtual environment, in which any other APK files can be directly launched as runnable plugins without the installation. Unlike the dynamic code loading, the plugin-enabled host app provides a proxy layer between plugin apps and the Android framework. This virtualization technology has been applied in the development of hot apps, such as the "Parallel Space" app. However, the Android Plugin technology has completely changed the landscape of Android ecosystem security. We will demonstrate our perspectives by proposing some attacks via Android Plugin: a) A zero-permission app can bypass the permission check and the data isolation mechanism by exploiting two vulnerabilities we discovered in Android plugin frameworks. b) A new Android phishing attack allows attackers to phish any target apps at no cost. c) The current app promotion system can also be compromised by attackers through directly launching as many as promoted apps in the plugin environment. d) With our developed tool "Z4Plugin", attackers can easily transform any malicious APK file to a new APK file, which can evade all engines in VirusTotal. At last, we have proposed mitigation solutions for above attacks.},
booktitle = {Proceedings of the First Workshop on Radical and Experiential Security},
pages = {61–64},
numpages = {4},
keywords = {android ecosystem, android plugin, virtualization},
location = {Incheon, Republic of Korea},
series = {RESEC '18}
}
@software{virtualapp,
title = {VirtualApp},
url = {https://github.com/asLody/VirtualApp}
}
@software{virtualxposed,
title = {VirtualXposed},
url = {https://github.com/android-hacker/VirtualXposed}
}
@software{docker,
title = {Docker},
url = {https://www.docker.com}
}
@software{podman,
title = {Podman},
url = {https://podman.io}
}
@inproceedings{vpbox,
author = {Song, Wenna and Ming, Jiang and Jiang, Lin and Xiang, Yi and Pan, Xuanchen and Fu, Jianming and Peng, Guojun},
title = {Towards Transparent and Stealthy Android OS Sandboxing via Customizable Container-Based Virtualization},
year = {2021},
isbn = {9781450384544},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3460120.3484544},
doi = {10.1145/3460120.3484544},
abstract = {A fast-growing demand from smartphone users is mobile virtualization.This technique supports running separate instances of virtual phone environments on the same device. In this way, users can run multiple copies of the same app simultaneously,and they can also run an untrusted app in an isolated virtual phone without causing damages to other apps. Traditional hypervisor-based virtualization is impractical to resource-constrained mobile devices.Recent app-level virtualization efforts suffer from the weak isolation mechanism. In contrast, container-based virtualization offers an isolated virtual environment with superior performance.However, existing Android containers do not meet the anti-evasion requirement for security applications: their designs are inherently incapable of providing transparency or stealthiness.In this paper, we present VPBox, a novel Android OS-level sandbox framework via container-based virtualization. We integrate the principle of anti-virtual-machine detection into VPBox's design from two aspects.First, we improve the state-of-the-art Android container work significantly for transparency.We are the first to offer complete device virtualization on mainstream Android versions.To minimize the fingerprints of VPBox's presence, we enable all virtualization components (i.e., kernel-level device and user level device virtualization) to be executed outside of virtual phones (VPs).Second, we offer new functionality that security analysts can customize device artifacts (e.g., phone model, kernel version, and hardware profiles) without user-level hooking. This capability prevents the tested apps from detecting the particular mobile device (e.g., Google Pixel phone) that runs an Android container.Our performance evaluation on five VPs shows that VPBox runs different benchmark apps at native speed.Compared with other Android sandboxes, VPBox is the only one that can bypass a set of virtual environment detection heuristics. At last, we demonstrate VPBox's flexibility in testing environment-sensitive malware that tries to evade sandboxes.},
booktitle = {Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security},
pages = {2858–2874},
numpages = {17},
keywords = {container-based virtualization, anti-evasion, android OS sandboxing},
location = {Virtual Event, Republic of Korea},
series = {CCS '21}
}
@misc{vpdroid,
title={App's Auto-Login Function Security Testing via Android OS-Level Virtualization},
author={Wenna Song and Jiang Ming and Lin Jiang and Han Yan and Yi Xiang and Yuan Chen and Jianming Fu and Guojun Peng},
year={2021},
eprint={2103.03511},
archivePrefix={arXiv},
primaryClass={cs.CR},
url={https://arxiv.org/abs/2103.03511},
}
@inproceedings{cells,
author = {Andrus, Jeremy and Dall, Christoffer and Hof, Alexander Van't and Laadan, Oren and Nieh, Jason},
title = {Cells: a virtual mobile smartphone architecture},
year = {2011},
isbn = {9781450309776},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/2043556.2043574},
doi = {10.1145/2043556.2043574},
abstract = {Smartphones are increasingly ubiquitous, and many users carry multiple phones to accommodate work, personal, and geographic mobility needs. We present Cells, a virtualization architecture for enabling multiple virtual smartphones to run simultaneously on the same physical cellphone in an isolated, secure manner. Cells introduces a usage model of having one foreground virtual phone and multiple background virtual phones. This model enables a new device namespace mechanism and novel device proxies that integrate with lightweight operating system virtualization to multiplex phone hardware across multiple virtual phones while providing native hardware device performance. Cells virtual phone features include fully accelerated 3D graphics, complete power, management features, and full telephony functionality with separately assignable telephone numbers and caller ID support. We have implemented a prototype of Cells that supports multiple Android virtual phones on the same phone. Our performance results demonstrate that Cells imposes only modest runtime and memory overhead, works seamlessly across multiple hardware devices including Google Nexus 1 and Nexus S phones, and transparently runs Android applications at native speed without any modifications.},
booktitle = {Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles},
pages = {173–187},
numpages = {15},
keywords = {Android, smartphones, virtualization},
location = {Cascais, Portugal},
series = {SOSP '11}
}
@software{privileged_permissions,
title = {Privileged permission allowlisting},
url = {https://source.android.com/docs/core/permissions/perms-allowlist}
}
@online{framework_api,
title = {Java API framework},
url = {https://developer.android.com/guide/platform/#api-framework}
}
@online{hidden_apis,
title = {Non-SDK interfaces},
url = {https://developer.android.com/guide/app-compatibility/restrictions-non-sdk-interfaces}
}
@online{selinux,
title = {Security-Enhanced Linux in Android},
url = {https://source.android.com/docs/security/features/selinux#supporting_documentation}
}
@software{lsposed,
title = {LSPosed},
url = {https://github.com/LSPosed/LSPosed}
}
@software{edxposed,
title = {EdXposed},
url = {https://github.com/ElderDrivers/EdXposed}
}
@online{avf,
title = {Android Virtualization Framework},
url = {https://source.android.com/docs/core/virtualization}
}
@online{app_uid,
title = {Application UID Reference},
url = {https://developer.android.com/reference/android/os/Process.html#LAST_APPLICATION_UID}
}
@online{per_user_range,
title = {Per-User Range Source Reference},
url = {https://android.googlesource.com/platform/frameworks/base/+/refs/heads/android14-release/core/java/android/os/UserHandle.java#46}
}
@online{tristate_location,
title = {Tristate location permissions},
url = {https://source.android.com/docs/core/permissions/tristate-perms}
}
@online{permission_controller,
title = {PermissionController},
url = {https://source.android.com/docs/core/ota/modular-system/permissioncontroller}
}
@online{checkPermission,
title = {ActivityManagerService checkPermission method},
url = {https://android.googlesource.com/platform/frameworks/base/+/refs/heads/android14-release/services/core/java/com/android/server/am/ActivityManagerService.java#5881}
}
@inproceedings{boxify,
author = {Backes, Michael and Bugiel, Sven and Hammer, Christian and Schranz, Oliver and Styp-Rekowsky, Philipp},
year = {2015},
month = {08},
pages = {},
title = {Full-fledged App Sandboxing for Stock Android}
}
@inproceedings {aexplorer,
author = {Michael Backes and Sven Bugiel and Erik Derr and Patrick McDaniel and Damien Octeau and Sebastian Weisgerber},
title = {On Demystifying the Android Application Framework: {Re-Visiting} Android Permission Specification Analysis},
booktitle = {25th USENIX Security Symposium (USENIX Security 16)},
year = {2016},
isbn = {978-1-931971-32-4},
address = {Austin, TX},
pages = {1101--1118},
url = {https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/backes_android},
publisher = {USENIX Association},
month = aug
}
@article{pscout,
title={PScout: analyzing the Android permission specification},
author={Kathy Wain Yee Au and Yi Fan Zhou and Zhen Huang and David Lie},
journal={Proceedings of the 2012 ACM conference on Computer and communications security},
year={2012},
url={https://api.semanticscholar.org/CorpusID:3401975}
}