Capturing Information Flows inside Android and Qemu Environments
نویسندگان
چکیده
The smartphone market has grown so wide that it assumed a strategic relevance. Today the most common smartphone OSs are Google’s Android and Apple’s iOS. The former is particularly interesting due to its open source nature, that allows everyone to deeply inspect every aspect of the OS. Android source code is also bundled with an hardware emulator, based on the open source software Qemu, that allows the user to run the Android OS without the need of a physical device. We first present a procedure to extract information flows from a generic system. We then focus on Android and Qemu architectures and their logging infrastructures. Finally, we detail what happens inside an Android device in a particular scenario: the system boot.
منابع مشابه
Naxim: A Fast and Retargetable Network-on-Chip Simulator with QEMU and SystemC
Systems-on-Chip (SoC) architectures have been shifting from single-core to multi-core solutions, and they are at present evolving towards many-core ones. Network-on-Chip (NoC) is considered as a promising interconnection scheme for many-core SoCs since it offers better scalability than traditional bus-based interconnection. In this work, we have developed a fast simulator of NoC architectures u...
متن کاملContext-aware System Service Call-oriented Symbolic Execution of Android Framework with Application to Exploit Generation
Android Framework is a layer of software that exists in every Android system managing resources of all Android apps. A vulnerability in Android Framework can lead to severe hacks, such as destroying user data and leaking private information. With tens of millions of Android devices unpatched due to Android fragmentation, vulnerabilities in Android Framework certainly attract attackers to exploi...
متن کاملJif-Based Verification of Information Flow Policies for Android Apps
Android stores and users need mechanisms to evaluate whether their applications are secure or not. Although various previous works use data and control flow techniques to evaluate security features of Android applications, this paper extends those works by using Jif to verify compliance of information flow policies. To do so, the authors addressed some challenges that emerge in Android environm...
متن کاملMandatory Access Control for the Android Dalvik Virtual Machine
With the growing use of smartphones and other mobile devices, it becomes essential to be able to assure the user that his system and applications are doing exactly what they are supposed to do. Over the years and despite its configuration complexity, Mandatory Access Control has proven its efficiency in protecting systems. This paper proposes a solution providing a generic protection that doesn...
متن کاملDetection of Illegal Control Flow in Android System: Protecting Private Data Used by Smartphone Apps
Today, security is a requirement for smartphone operating systems that are used to store and handle sensitive information. However, smartphone users usually download third-party applications that can leak personal data without user authorization. For this reason, the dynamic taint analysis mechanism is used to control the manipulation of private data by third-party apps [9]. But this technique ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/1302.5109 شماره
صفحات -
تاریخ انتشار 2013