With the proliferation of mobile and IoT devices, malicious application developers seize the opportunity to spread malicious applications threatening the security and privacy of users’ information assets. In this dissertation, we work towards understanding and mitigating a unique type of threat, non-invasive privilege escalation attacks, posed by malicious applications to vulnerable mobile and IoT system interfaces. Unlike more invasive attacks that usually gain elevated access through altering the memory or files belonging to the system or other applications, a non-invasive attack leverages legitimate yet vulnerable system interfaces to gain access to system resources, other application resources or to infer sensitive user information, which is usually difficult to detect without in-depth understanding of the vulnerable systems.
In particular, this dissertation reports a systematic study on this understudied type of threat, from the hidden weaknesses inside the operating system, to the risks introduced by the mobile ecosystem and to a new user-computing interfaces. Specifically, we studied a runtime-information-gathering (RIG) threat which exploits design weaknesses of the operating system, e.g., shared communication channels such as Bluetooth, and side channels such as memory and network-data usages, on Android and Android-based IoT devices. To defend against this new category of attacks, we propose a novel approach, App Guardian, that changes neither the operating system nor the target apps, and provides immediate protection as soon as an ordinary app is installed. Our experimental studies show that this new technique defeated all known RIG attacks, with small impacts on the utility of legitimate apps and the performance of the operating system.
Then we discover hanging attribute references (Hares), a type of vulnerabilities never investigated before, which often have serious security implications: when an attribute is used on a device but the party defining it has been removed during vendor customization, a malicious app can fill the gap to acquire critical system capabilities, by simply disguising as the owner of the attribute. We further design and implement Harehunter , a new tool for automatic detection of Hares. By using it, we discover 21,557 likely Hare flaws on the factory images of 97 most popular Android devices, demonstrating the significant impacts of the problem.
Finally, we conduct the first security analysis on Voice Personal Assistant (VPA) ecosystems and related popular IoT devices, which leads to the discovery of serious security weaknesses in their Voice User Interfaces (VUIs) and skill vetting. We present two new attacks, voice squatting and voice masquerading, both of which are demonstrated to pose realistic threats to a large number of VPA users from remote and both have serious security and privacy implications. We also design and implement new techniques that make the first step towards protecting VPA users from these voice-based attacks.
|Commitee:||Gunter, Carl A., Huang, Yan, Leake, David, Qian, Feng|
|School Location:||United States -- Indiana|
|Source:||DAI-B 79/09(E), Dissertation Abstracts International|
|Keywords:||Android security, IoT security, Mobile security, Security and privacy, Voice Personal Assistant security|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be