《软件学报》《软件学报》软件学报Journal of Software1000-98251000-9825《软件学报》编辑部10.13328/j.cnki.jos.004914TP309综述文章Android安全研究进展Research Progress on Android Security卿斯汉*123qsihan@ss.pku.edu.cnQINGSi-Han*123qsihan@ss.pku.edu.cn中国科学院 软件研究所, 北京 100190;信息安全国家重点实验室(中国科学院 信息工程研究所), 北京 100093;北京大学 软件与微电子学院, 北京 102600Institute of Software, The Chinese Academy of Sciences, Beijing 100190, China;State Key Laboratory of Information Security(Institute of Information Engineering, The Chinese Academy of Sciences), Beijing 100093, China;School of Software and Microelectronics, Peking University, Beijing 102600, China卿斯汉(1939-),男,湖南隆回人,研究员,
博士生导师,CCF 高级会员,主要研究领域
为移动安全,可信计算,云安全,操作系统
安全, E-mail: qsihan@ss.pku.edu.cn251201627145712006201531082015
Android is a modern and most popular software platform for smartphones. According to report, Android accounted for a huge 81% of all smartphones in 2014 and shipped over 1 billion units worldwide for the first time ever. Apple, Microsoft, Blackberry and Firefox trailed a long way behind. At the same time, increased popularity of the Android smartphones has attracted hackers, leading to massive increase of Android malware applications. This paper summarizes and analyzes the latest advances in Android security from multidimensional perspectives, covering Android architecture, design principles, security mechanisms, major security threats, classification and detection of malware, static and dynamic analyses, machine learning approaches, and security extension proposals.
Android安全机制恶意软件静态分析与动态分析安全扩展方案Androidsecurity mechanismmalwarestatic and dynamic analysessecurity extension proposal
然而,Android应用的迅猛发展和安全问题的日益突出与反制措施极不协调.Zhou等人[3]的研究表明,4个有代表性的移动反病毒软件:AVG(AVG antivirus free v2.9),Lookout(lookout security & antivirus v6.9),Norton (norton mobile security lite v2.5.0.379)和TrendMicro(TrendMicro mobile security personal edition v2.0.0.1294)在最佳和最坏情形下只能分别检测出79.6%和20.2%的恶意软件.
Zhou等人[3]通过一年多的积累,采集了从2010年8月~2011年10月的49个不同族中的1 260个Android恶意软件样本,经过对它们的安装与运行特征进行了系统分析之后得出以下结论:(1) 86.0%的恶意软件重打包合法的app,增加恶意载荷;(2) 36.7%的恶意软件通过平台级的漏洞利用进行提权攻击;(3) 93.0%的恶意软件具有使用户手机成为僵尸的能力.令人遗憾的是,他们选择了4个有代表性的移动反病毒软件:AVG(AVG antivirus free v2.9),Lookout(lookout security & antivirus v6.9),Norton(norton mobile security lite v2.5.0.379)和TrendMicro (TrendMicro mobile security personal edition v2.0.0.1294),它们 在最佳和最坏情形下只能分别检测出79.6%和20.2%的恶意软件.结论是:商业反恶意软件不够健壮,亟需下一代反移动恶意软件的解决方案.
Rastogi等人[19]通过他们构建的框架DroidChameleon对下面10个有代表性的Android反恶意软件(括弧外是公司名称,括弧内是软件名称)进行了系统的分析:AVG(antivirus free),Symantec(norton mobile security), Lookout(lookout mobile security),ESET(ESET mobile security),Dr. Web(Dr. Web anti-virus light),Kaspersky (Kaspersky mobile security),Trend micro(mobile security personal Ed.),ESTSoft(ALYac Android),Zoner(zoner antivirus free),Webroot(Webroot security & antivirus),也得出了相似的结论:商业反恶意软件亟待提高对抗恶意软件变形技术的能力.
Android的APP运行保护是Android安全的一个重要组成部分,文献[150]提出的Aurasium系统是一种Android APP策略实现的实际解决方案.Aurasium自动重新封装APP,并增加用户级沙箱和策略实现代码,拦截APP与操作系统之间的所有交互,实现对应用程序恶意行为的监控,如秘密发送短信给高收费账户、提取用户敏感信息、访问恶意IP地址、实施提权攻击等.一个APP与操作系统和其他APP的交互都是可见的,包括: Internet连接connect();IPC B inder通信ioctl();文件系统操作write(),read();资源访问Ioctl(),read,write()以及Linux系统调用fork(),execvp()等.
随着Android系统的不断发展,新的权限不断被加入到权限系统之中.例如,Android 2.0有122个权限,而Android 4.0.3中的权限数量达到165个.同时,某些旧的权限也会舍弃不用,导致Android的权限系统越来越复杂.例如:Android API level 9中引入了新权限NFC,允许应用软件读取近场通信传感器中的数据;Android API level 14中引入了新权限READ_PROFILE,用于读取用户的个人资料;Android API level 8从权限系统中删除了READ_OWNER_DATA权限.于是,用户只有通过不断学习,充分理解新加入的权限说明,才能在安装软件时从Android权限警告中获取足够的信息,从而做出正确的决定.鉴于Android系统每隔数月就有较大的版权更新,并引入较多新的权限,这为用户提出了很高要求.
ReferencesMotiveSecurity LabsMalware report-H22014MawstonNStrategy Analytics2014ZhouYJiangXDissecting android malware:Characterization and evolution201295109FeltAPFinifterMChinEHannaSWagnerDA survey of mobile malware in the wild2011314LaPolla MMartinelliFSgandurraDA survey on security for mobile devices2013151446471EnckWDefending users against smartphone apps:Techniques and future directions20114970FledelYShabtaiAPotashnikDEloviciYGoogle Android:An updated security review2010401414ZhangYQWangKYangHFangZJWangZQCaoCSurvey of Android OS security201451713851396ShabtaiAFledelYKanonovUElovici1YDolevSGoogle Android:A state-of-the-art review of security mechanisms2009BurnsJDeveloping secure mobile applications for Android2008EnckWOngtangMMcDanielPUnderstanding Android security2009715057JiangSLWangJSZhangTChenRA summary on Android security20122910205210EnckWOcteauDMcDanielPChaudhuriSA study of Android application security2011229HuangCYTsaiYTHsuCHPerformance evaluation on permission-based detection for Android malware2012111120WangWThe system based on the Android principle analysis of malicious program2012AungZZawWPermission-Based android malware detection201323228234SanzBSantosILaordenCUgarte-PedreroXNievesJBringasPGMAMA:Manifest analysis for malware detection in Android201344469488SatoRChibaDGotoSDetecting Android malware by analyzing manifest files20132331RastogiVChenYJiangXDroidchameleon:Evaluating Android anti-malware against transformation attacks2013329334ZhengMLeePPCLuiJCSADAM:An automatic and extensible platform to stress test Android anti-virus systems201382101SuMYChangWCPermission-Based malware detection mechanisms for smart phones2014449452YerimaSYSezerSMcWilliamsGMuttikIA new Android malware detection approach using bayesian classification2013121128GraceMZhouYZhangQZouSJiangXRiskranker:Scalable and accurate zero-day Android malware detection2012281294LiJHMuDJYangMKHuWDesign on Android malware behavior analysis systemElishKOShuXYaoDRyderBGJiangXProfiling user-trigger dependence for Android malware detection201549C255273WenWPMeiRNingGWangLLMalware detection technology analysis and applied research of Android platform201487885ProtsenkoMMüllerTAndroid malware detection based on software complexity metrics20142435ZhangWYanHBWenWPImplementation of a malware detect tool on Android201312732DeshotelsLNotaniVLakhotiaLADroidLegacy:Automated familial classification of Android malware2014LiTDongHYuanCYDuYJXuGADescription of Android malware feature based on Dalvik instructions201451714581466FarukiPLaxmiVBharmalAGaurMSGanmoorVAndroSimilar:Robust signature for detecting variants of Android malware2014226680FangZHanWLiYPermission-Based Android security:Issues and countermeasures2014FeltAPChinEHannaSSongDWagnerDAndroid permissions demystified2011627638FrankMBenDFeltAPSongDMining permission request patterns from Android and facebook applications2012870875ZhuJGuanJYangYYuLSunHChenZPermission-Based abnormal application detection for Android2012228239FeltAPHaEEgelmanSHaneyAChinEWagnerDAndroid permissions:User attention, comprehension, and behavior2012HolavanalliSManuelDNanjundaswamyVRosenbergBFlow permissions for Android2013652657MoonsamyVRongJLiuSMining permission patterns for contrasting clean and malicious Android applications201336122132ZhangYYangMXuBYangZGuGNingPWangXSZangBVetting undesirable behaviors in Android apps with permission use analysis2013611622StruseESeifertJÜllenbeckSRukzioEWolfCPermissionwatcher:Creating user awareness of application permissions in mobile systems20126580SarmaBPLiNGatesCPotharajuRNita-RotaruCAndroid permissions:A perspective combining risks and benefits20121322OrthackerCTeuflPKraxbergerSLacknerGGissingMMarsalekALeibetsederJPrevenhueberOAndroid security permissions- Can we trust them20124051FeltAPEgelmanSFinifterMAkhaweDWagnerDHow to ask for permission2012BarreraDKayacikHGvanOorschot PCSomayajiAA methodology for empirical analysis of permission-based security models and its application to Android20107384KelleyPGConsolvoSCranorLFJungJSadehNWetherallDA conundrum of permissions:Installing applications on an Android smartphone20126879RassameerojITanahashiYVarious approaches in analyzing Android applications with its permission-based security models201116BugielSDaviLDmitrienkoAFischerTSadeghiARShastryBPoster:The quest for security against privilege escalation attacks on Android2011741744EgnersAMeyerUMarschollekBMessing with Android's permission model2012505514WeiXGomezLNeamtiuIFaloutsosMPermission evolution in the Android ecosystem20123140FeltAPGreenwoodKWagnerDThe effectiveness of install-time permission systems for third-party applications2010ShabtaiAKanonovUEloviciYGlezerCWeissYAndromaly:A behavioral malware detection framework for Android devices2012381161190LiuXLiuJA two-layered permission-based Android malware detection scheme2014142148SanzBSantosILaordenCUgarte-PedreroXBringasPGÁlvarezGPuma:Permission usage to detect malware in Android2013289298WolfeBElishKYaoDFHigh precision screening for Android malware with dimensionality reduction20142128ShabtaiAFledelYEloviciYAutomated static code analysis for classifying Android applications using machine learning2010329333AaferYDuWYinHDroidAPIMiner:Mining API-level features for robust malware detection in Android201386103WolfeBElishKOYaoDComprehensive behavior profiling for proactive Android malware detection2014328344ArpDSpreitzenbarthMHubnerMGasconHRieckKDREBIN:Effective and explainable detection of Android malware in your pocket2014AmosBTurnerHWhiteJApplying machine learning classifiers to dynamic Android malware detection at scale201316661671SahsJKhanLA machine learning approach to Android malware detection2012141147PeiravianNZhuXMachine learning for Android:Malware detection using permission and API calls2013300305GoogleApkToolFireEyemobile threat preventionhttps://wwwZimperlichsources20112011Androidsoftware stackhttp://sourceOpenBinder:Andopen-source system component frameworkhttp://wwwAndroidsystem frameworkhttp://sourceAndroidpermissionshttp://developerSaltzerJHProtection and the control of information sharing in Multics1974177388402BugielSDaviLDmitrienkoAHeuserSSadeghiARShastryBPractical and lightweight domain isolation on Android20115162EnckWOngtangMMcdanielPMitigating Android software misuse before it happens2008OngtangMMcLaughlinSEnckWMcDanielPSemantically rich application-centric security in Android2009340349NaumanMKhanSZhangXApex:Extending Android permission model and enforcement with user-defined runtime constraints2010328332PearcePFeltAPNunezGWagnerDAddroid:Privilege separation for applications and advertisers in Android20127172JeonJMicinskiKKVaughanJAFogelAReddyNFosterJSMillsteinTDr2012314GoogleAPIhttp://wwwStanekWWindows Server 2012 Inside Out2013QingSHChengWDuCAnalysis of security risk controllability for windows OS2015Securityenhancements in Android 42Securityenhancements in Android 43Validatingsecurity-enhanced Linux in Androidhttp://sourceExploid2010RageAgainstTheCage20112011MahaffeyKSecurity alert:DroidDream2011StrazzereTSecurity alert:Zhash2011JiangXSecurity alert:New DroidKungFu variant-AGAIN!-Found in alternative Android marketsDohertySKrysiukPAndroid2011EdgeJRLIMIT NPROC and setuid()2011CastilloCAAndroid malware past, present, and future2012Fakenetxflix Android trojan info stealer20112011AndreGRamosPBoxer SMS trojan2013Spitmovs Zitmo:Banking trojans target Androidhttps://blogsBackdoorAndroidOS2013FakedefenderBAndroid fake antivirus2013DaviLDmitrienkoASadeghiARWinandyMPrivilege escalation attacks on Android2011346360FeltAPWangHJMoshchukAHannaSChinEPermission re-delegation:Attacks and defenses2011BugielSDaviLDmitrienkoAFischerTSadeghiARXmandroid:A new Android evolution to mitigate privilege escalation attacks2011BugielSDaviDmitrienkoAFischerTSadeghi1ARShastryBTowards taming privilege-escalation attacks on Android2012ChinEFeltAPGreenwoodKWagnerDAnalyzing inter-application communication in Android2011239252HardyNThe confused deputy19882243638MarforioCApplicationcollusion attack on the permission-based security model and its implications for modern smartphone systemsTechnical Report, 724, ETH, 2011SchlegelRZhangKZhouXIntwalaMKapadiaAWangXSoundcomber:A stealthy and context-aware sound trojan for smartphones20111733FahlSHarbachMMudersTBaumgärtnerLFreislebenBSmithMWhy eve and mallory love Android:An analysis of Android SSL (in) security20125061GeorgievMIyengarSJanaSAnubhai R, Boneh D, Shmatikov V20123849EgeleMBrumleyDFratantonioYKruegelCAn empirical study of cryptographic misuse in Android applications20137384SounthirarajDSahsJGreenwoodGLinZKhanLSMV-HUNTER:Large scale, automated detection of SSL/TLS man-in-themiddle vulnerabilities in Android apps2014RastogiVChenYEnckWAppsplayground:Automatic security analysis of smartphone applications2013209220BlackHatreverseengineering with androguardhttps://codeOcteauDDanielPEnckWDed:Decompiling Android applicationsDex2JarAndroiddecompiling with Dex2jar2015EnckWOngtangMMcDanielPOn lightweight mobile phone application certification2009235245FuchsAPChaudhuriAFosterJSSCanDroid:Automated security certification of Android applications2009ChanPPFHuiLCKYiuSMDroidchecker:Analyzing Android applications for capability leak2012125136LuLLiZWuZLeeWJiangGChex:Statically vetting Android apps for component hijacking vulnerabilities2012229240GiblerCCrussellJEricksonJChenHAndroidLeaks:Automatically detecting potential privacy leaks in Android applications on a large scale2012291307OcteauDMcDanielPJhaSBartelABoddenEKleinJTraonYLEffective inter-component communication mapping in Android with EPICC:An essential step towards holistic security analysis2013CuiXMYuDChanPHuiLucas CKYiuSMQingSHCoChecker:Detecting capability and sensitive data leaks from component chains in Android2014446453KimJYoonYYiKShinJScanDal:Static analyzer for detecting privacy leaks in Android applications2012Stowawayhttp://wwwDietzMShekharSPisetskyYShuAWallachDSQuire:Lightweight provenance for smart phone operating systems201124EnckWGilbertPChunBGCoxLPJungJMcDanielPShethANTaintDroid:An information flow tracking system for realtime privacy monitoring on smartphones201457399106HuangJZhangXTanLWangPLiangBAsdroid:Detecting stealthy behaviors in Android applications by user interface and program behavior contradiction201410361046BurgueraIZurutuzaUNadjm-TehraniSCrowdroid:Behavior-Based malware detection system for Android20111526AmosBTurnerHWhiteJApplying machine learning classifiers to dynamic Android malware detection at scale201316661671PengHGatesCSarmaBLiNQiYPotharajuRNita-RotaruCMolloyIUsing probabilistic generative models for ranking risks of Android apps2012241252WuDJMaoCHWeiTELeeHMDroidmat:Android malware detection through manifest and API calls tracing20126269OngtangMButlerKMcDanielPPorscha:Policy oriented secure content handling in Android2010221230ContiMNguyenVTNCrispoBCRePE:Contextrelated policy enforcement for Android2010331345PortokalidisGHomburgPAnagnostakisKBosHParanoid Android:Versatile protection for smartphones2010347356ShabtaiAFledelYEloviciYSecuring Android-Powered mobile devices using SELinux2010833644SmalleySCraigRSecurity enhanced (SE) Android:Bringing flexible MAC to Android20132038QingSHShenQNLiuWQOS Security2011226229NationalSecurity AgencySecurity-Enhanced linuxZhangXAcıiçmezOSeifertJPA trusted mobile phone reference architecture via secure kernel2007714TrustedComputing GroupMobile Trusted Module Specification2008TrustedComputing Group (TCG)TNC Architecture for Interoperability2009L4Linuxhttp://l4linuxLangeMLiebergeldSLackorzynskiAWargAPeterML4Android:A generic operating system framework for secure smartphones20113950AndrusJDallCHofAVLaadanONiehJCells:A virtual mobile smartphone architecture2011173187BaeHKimSWYooCBuilding the Android platform security mechanism using TrustZone2013Samsungknoxhttps://wwwQEMUhttp://wikiVasudevanAOwusuEZhouZNewsomeJMcCuneJMTrustworthy execution on mobile devices:What security properties can my mobile platform give meVasudevanAMcCuneJMNewsomeJTrustworthy Execution on Mobile Devices2014WatsonRA decade of OS access-control extensibilityWriteCCowanCSmalleySMorrisJKroah-HartmanGLinux security modules:General security support for the Linux kernel2002WatsonRTrustedBSD:Adding trusted operating system features to FreeBSD2001HeuserSNadkarniAEnckWSadeghiARASM:A programmable interface for extending Android security2014BackesMBugielSGerlingSvonStyp-Rekowsky PAndroid security framework:Enabling generic and extensible access control on Android2014XuRSaidiHAndersonRAurasium:Practical policy enforcement for Android applications2012ZhangMYinHAppSealer:Automatic generation of vulnerability-specific patches for preventing component hijacking attacks in Android applications2014张玉清王凯杨欢方喆君王志强曹琛Android安全综述201451713851396蒋绍林王金双张涛陈融Android安全研究综述20122910205210王玮基于Android系统的恶意程序原理分析2012107176李静华慕德俊杨鸣坤胡伟Android恶意程序行为分析系统设计201437s1104107文伟平梅瑞宁戈汪亮亮Android恶意软件检测技术分析和应用研究201487885张文严寒冰文伟平一种Android恶意程序检测工具的实现201312732李挺董航袁春阳杜跃进徐国爱基于Dalvik指令的Android恶意代码特征描述及验证201451714581466卿斯汉程伟杜超Windows操作系统的安全风险可控性分析20154512卿斯汉沈晴霓刘文清操作系统安全2011226229