作　　者： (王庆）; (袁珺）; (沈嘉荟）; (穆楠）;

机构地区： 中国信息安全测评中心,北京100085

出　　处： 《网络空间安全》 2017年第8期19-24,共6页

摘　　要： Android平台的安全问题越来越引起关注,尽管权限机制、隔离机制、应用签名等方式被用来保护平台的安全性,但是这种以应用开发者为中心、依托用户完成的粗粒度授权和访问控制机制存在诸多缺陷,导致系统安全性大大降低,容易受到权限提升攻击。针对这种攻击,现有的解决方案主要集中在加强中间层的防护措施,意味着攻击者如果能够跨越中间层,直接在应用层和内核层之间进行通信,则可以绕开Android系统中间软层的若干安全机制,实现对应用层的权限提升攻击。为了验证这种设想,论文提出了一种针对Android系统位置信息服务的权限提升攻击方案,通过编写可以在普通应用进程中运行的且可替代Android位置信息服务原生库的动态链接库,使得应用层请求只要调用该动态链接库就可以在没有权限的情况下绕过Android权限机制到达底层,并获得位置信息数据,实验结果表明此方案可以实现权限提升,证实了现有Android平台安全机制的不足。 With the continuous extension of application fields, the security problem of Android platform is more and more obvious. Although adopting the authority mechanism, isolating mechanism and application of signature, there are still lots of drawbacks in Android coarse-grained authorization and access control mechanism, which is developer-oriented and is based on users. This results in greatly lower security and being vulnerable to privilege escalation attack in application layer. For this type of attack, existing solutions are mainly concentrated on strengthening the security protection in the middleware. If the communication can be carried out between application layer and kernel layer directly, then privilege escalation attack can obtain success as bypassing those security mechanisms in the middle layer. In this paper, we proposes a privilege escalation attack scheme against Android Location Information service.we built a Dynamic Link Library, which can be run in common application process, to replace the native library. Through calling the Dynamic Link Library, requests in the application layer can bypass the Android access mechanism to reach the bottom and gain the location information data. The experimental results show that this scheme can realize elevated privileges, confirmed the shortage of the existing Android platform security mechanism.

关 键 词： 访问控制 安全机制 权限提升攻击