中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/82298
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 42700415      Online Users : 1500
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/82298


    Title: Android 上新型資安攻擊的防禦方法;New Protection Mechanisms for New Attack Methods on Android
    Authors: 許富皓;黃燕鈴
    Contributors: 國立中央大學資訊工程學系
    Keywords: 工作綁架;安卓框架;安卓偵錯程式;智慧型手機;惡意應用程式;task hijacking;Android framework;Android adb;smartphone;malicious app
    Date: 2020-01-13
    Issue Date: 2020-01-13 14:38:34 (UTC+8)
    Publisher: 科技部
    Abstract: 本三年期的計畫將針對近來攻擊者新開發的一種竊取個資的攻擊方法 (task hijacking) 及一種新的植入惡意app至智慧型手機的方法於Android系統上提出並實作出防禦的機制。在植入一智慧型手機後,為取得螢幕、鍵盤的控制權惡意app開發出各種不同的綁架手機螢幕、觸控鍵盤使用權的方法用以產生釣魚畫面進而偷取使用者的各種資料,如密碼、帳號,對話紀錄。task hijacking是近年攻擊者開發出的新的綁架智慧型手機螢幕、觸控鍵盤的方法。本計畫的前半期將針對Android系統設計、開發、並於Android Framework實作出一供app開發者保護其app免於遭受task hijacking的app保護系統。保護系統並不會完全中止一activity出現在其他app的back stack中的能力,而是根據app開發者的設定決定其他app的activity是否可出現在開發者的app的back stack,以保護該app免於遭受task hijacking攻擊。此外,不同於入侵桌機、或伺服器所採用的手法,現今入侵手機植入惡意程式所採用方法以社交工程為主,換言之就是以各種欺騙的方式,讓智慧型手機的使用者下載、安裝惡意app。然而最近的一些報告顯示,一種新的手法可讓攻擊者可以透過手機的micro USB接頭將惡意app經由adb送入一智慧型手機中。利用此手法,攻擊者可偽裝成免費或公共的智慧型手機電源,在智慧型手機的使用者接上偽裝的電源時植入、安裝惡意app。本三年期計畫的後半期將針對Android系統設計、開發、並實作出一能阻擋未經使用者授權透過micro USB下載、安裝app的 Android framework level 及 kernel level的防禦系統。 ;This 3-year project proposes a system on Android to protect Android against a new attack approach, task hijacking, which is using by attackers to steal important information from smartphone users. This project also proposes a system to protect a smartphone from installing malicious App through a newly developed approach. After being installed in an Android smartphone, some malicious Apps try to hijack the control of the touch screen and touch keyboard of the smartphone so that the Apps can create a phishing screen to cheat the user and obtain his important information, such as password, account information, and dialogue content. Task hijacking is a new approach that attackers use to hijack the control of the touch screen and touch keyboard of a smartphone. In the front period of this project, we will develop a framework level protection mechanism for Android App developers to protect their Apps against task hijacking attacks. Instead of disallowing any activity to appear in the back stack of another App, the proposed solution allows App developers to decide whether an activity of other App can appear in the back stacks of their App. Hence, App developers can protect their Apps against task hijacking. Besides, unlike compromising a host or a server, smartphone attackers usually utilize social engineering to install malicious Apps into a smartphone. However, recently reports show that through the micro-USB connector of a smartphone, attackers can use adb to install malicious Apps into the smartphone. Through this approach, an attacker can disguise his device as a public smartphone charger to attract victims to connect to it and install malicious Apps on smartphones connected to it. The rear period of this project plans to propose and implement a framework and kernel-level solution on Android to block unauthorized installations of Apps through adb.
    Relation: 財團法人國家實驗研究院科技政策研究與資訊中心
    Appears in Collections:[Department of Computer Science and information Engineering] Research Project

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML309View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明