A Study of Selected Issues in Android Security
Open Access
- Author:
- Ren, Chuangang
- Graduate Program:
- Computer Science and Engineering
- Degree:
- Doctor of Philosophy
- Document Type:
- Dissertation
- Date of Defense:
- May 27, 2016
- Committee Members:
- Sencun Zhu, Dissertation Advisor/Co-Advisor
Peng Liu, Committee Chair/Co-Chair
Sencun Zhu, Committee Member
Wang-Chien Lee, Committee Member
Minghui Zhu, Outside Member - Keywords:
- Android
Computer Security
Android Security - Abstract:
- Mobile devices such as smartphones have become an integral part of society today, shaping people’s daily life, changing the landscape of how business operate and how industries are powered today. However, the unprecedented popularity of mobile devices introduces a concerning side effect, an dramatically increasing number of security threats is posing serious risks to the security of mobile systems and the applications. Notably, one of the most successful mobile systems, Android, has exposed a plethora of vulnerabilities which are actively exploited by a large number of potentially harmful apps (malware, adwares, risk-wares, etc.), most of which are distributed in under-scrutinized third-party Android markets. Mitigating the security threats to Android is non-trivial. There has been considerable efforts in securing Android to achieve the following two complimentary goals: (1) Market-scale detection and identification of problematic apps in an efficient manner, and (2) discovery, analysis of the Android system vulnerabilities, and defense measures against the enabled attacks. In this dissertation, we propose techniques and approaches to solve specific problems in the above two aspects respectively, providing the step stones towards finally achieving these two goals. Specifically, we first present a novel software watermarking scheme, namely Droidmarking, that can efficiently and effectively impede the prevalent software plagiarism (a.k.a app repackaging) problem in the Android markets. Second, we systematically study and propose a new prevalent Android system vulnerability, which, once exploited by an attacker, can lead to serious security breaches of integrity, confidentiality and availability of the graphic user interface (GUI) on an Android device. Finally, we devise a comprehensive and practical solution to protect the GUI sub-system in Android. The defense is able to defeat all know GUI attacks while preserving the original user experience of Android. We plan to further explore Android system and app security towards a more secure ecosystem for Android.