A Lightweight Monitor for Android Kernel Protection

doi:10.3969/j.issn.1000-3428.2014.04.009

Computer Engineering

Previous Articles Next Articles

A Lightweight Monitor for Android Kernel Protection

YANG Yong ^a,b, QIAN Zhen-jiang^a,b, HUANG Hao ^a,b

(a. State Key Laboratory for Novel Software Technology; b. Department of Computer Science and Technology, Nanjing University, Nanjing 210046, China)

Received:2013-03-25 Online:2014-04-15 Published:2014-04-14

一种轻量级的Android内核保护监控器

杨永^a,b，钱振江^a,b，黄皓^a,b

(南京大学 a. 计算机软件新技术国家重点实验室；b. 计算机科学与技术系，南京 210046)

作者简介:杨永(1987－)，男，硕士研究生，主研方向：软件安全；钱振江，讲师、博士研究生；黄皓，教授、博士、博士生导师。
基金资助:
国家“863”计划基金资助项目(2011AA01A202)；江苏省“六大人才高峰”高层次人才基金资助项目(2011-DZXX-035)；江苏省高校自然科学研究基金资助项目(12KJB520001)。

Abstract

Abstract: In order to prevent the kernel attack within Android system and protect the kernel of Android system, this paper designs a lightweight hypervisor monitoring architecture based on ARM platform. By applying ARM virtualization technology and isolating un-trusted module, this architecture prevents malicious code damage to kernel and the falsification of key objects within the kernel. Moreover, it can detect rootkit with cross view. Experimental results show that this architecture can promptly stop the falsification of monitoring object and quickly detect rootkit and thus reduce the loss of attack on system.

Key words: mobile operating system, kernel, security, virtualization, rootkit detection

摘要： 为阻止针对Android系统内核的攻击，保护Android系统内核不被破坏，设计一种基于ARM平台轻量级的hypervisor监控器架构。该架构利用ARM硬件虚拟化扩展技术，对不信任模块进行隔离，阻止模块中恶意代码对内核的破坏，保护关键对象不被篡改，并基于hypervisor、利用交叉视图检测rootkit。实验结果表明，该架构能及时阻止对被监控对象的修改，快速检测出rootkit威胁，减少系统被攻击后带来的损失。

关键词: 移动操作系统, 内核, 安全, 虚拟化, rootkit检测

CLC Number:

TP311

YANG Yong, QIAN Zhen-jiang, HUANG Hao. A Lightweight Monitor for Android Kernel Protection[J]. Computer Engineering.

杨永，钱振江，黄皓. 一种轻量级的Android内核保护监控器[J]. 计算机工程.

/ Recommend / Download Citations

URL:

https://www.ecice06.com/EN/Y2014/V40/I4/48

References

参考文献 [1] Enck W, Gilbert P. TaintDroid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones[C]// Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation. [S. 1.]: IEEE Press, 2010: 393-407. [2] Grace M, Zhou Yajin, Wang Zhi, et al. Systematic Detection of Capability Leaks in Stock Android Smartphones[C]//Proc- eedings of NDSS’12. [S. 1.]: IEEE Press, 2012: 107-201. [3] Enck W, Ongtang M, McDaniel P. On Lightweight Mobile Phone Application Certification[C]//Proceedings of ACM Conference on Computer and Communications Security. [S. 1.]: ACM Press, 2009: 235-245. [4] Nauman M, Khan S, Zhang X. Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints[C]//Proceedings of ACM Conference on Computer and Communication Security. [S. 1.]: ACM Press, 2010: 328-332. (下转第56页) (上接第52页) [5] Bugiel S. Towrads Taming Privilege-escalation Attacks on Android[C]//Proceedings of ISC’10. [S. 1.]: IEEE Press, 2010: 346-360. [6] Shabtai A, Fledel Y, Elovici Y. Security Android-powered Mobile Device Using SELinux[J]. IEEE Security & Privacy, 2008, 8(3): 36-44. [7] NVD. CEV-2007-6562[EB/OL]. (2013-04-17). http://web.nvd. nist.gov/view/vuln/detail?vulnId=CVE-2007-6562. [8] Seshadri A, Luk M, Qu Ning, et al. SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes[C]//Proceedings of ACM SOSP’07. [S. 1.]: ACM Press, 2007: 335-350. [9] 李珣, 黄皓. 一个基于硬件虚拟化的内核完整性监控方法[J]. 计算机科学, 2011, 38(12): 68-72. [10] Hwang Joo-Young. Xen on ARM: System Virtualization Using Xen Hypervisor for ARM-based Secure Mobile Phones[C]// Proceedings of the 5th IEEE Consumer Communications and Networking Conference. [S. 1.]: IEEE Press, 2008: 257-261. [11] Dall C, Nieh J. KVM for ARM[C]//Proceedings of Linux Symposium. [S. 1.]: IEEE Press, 2010: 45-56. [12] Andrus J, Dall C, Hof A V, et al. Cells: A Virtual Mobile Smartphone Architecture[C]//Proceedings of ACM SOSP’11. [S. 1.]: ACM Press, 2011: 173-187. [13] Lange M, Liebergeld S. L4 Android: A Generic Operating System Framework for Secure Smartp- hones[C]//Proceedings of SPSM’11. [S. 1.]: ACM Press, 2011: 39-50. [14] You Dong-Hoon. Android Platform Based Linux Kernel Rootkit[EB/OL]. (2013-04-17). http://www.phrack.com/issues. html?issue=68&id=6. 编辑索书志

[1]	QI Fenglin, SHEN Jiajie, WANG Maoyi, ZHANG Kai, WANG Xin. Review of Application of Artificial Intelligence in University Informatization [J]. Computer Engineering, 2025, 51(4): 1-14.
[2]	LIU Zhuang, GU Kangzheng, TAN Xin, ZHANG Yuan. Automatic Generation of Code for Heap Spraying Object Manipulation Targeting Kernel Vulnerability Exploitation [J]. Computer Engineering, 2025, 51(4): 178-187.
[3]	HAN Juan, ZHOU Siqi, PING Ping. Reversible Data Hiding in Encrypted Image Based on Quadtree Encryption and Adaptive Block Encoding [J]. Computer Engineering, 2025, 51(2): 202-212.
[4]	MAO Jingzheng, HU Xiaorui, XU Gengchen, WU Guodong, SUN Yanbin, TIAN Zhihong. Review of Application Progress of Digital Twins in Industrial Control Security [J]. Computer Engineering, 2025, 51(2): 1-17.
[5]	WANG Yuanyuan, WANG Shiqian, WANG Han, GUO Zhengbin, HU Xiancheng. Cross-Border Intelligent Analysis of Energy Emission Based on Vertical Federated Learning [J]. Computer Engineering, 2025, 51(1): 164-173.
[6]	ZENG Yuqi, LIU Bo, ZHONG Baichang, ZHONG Jin. Student Classroom Behavior Detection Algorithm Based on Improved YOLOv8 in Smart Education [J]. Computer Engineering, 2024, 50(9): 344-355.
[7]	Qiong SHI, Hui DUAN, Zhibin SHI. Trusted Task Offloading Scheme Based on Deep Reinforcement Learning [J]. Computer Engineering, 2024, 50(8): 142-152.
[8]	SHI Zhipeng, FENG Xiaowei, ZHAO Yiping. Improved Multi-Hypothesis Test Point Cloud Noise Reduction for Neighborhood Drift [J]. Computer Engineering, 2024, 50(6): 276-286.
[9]	XIONG Shiqiang, HE Daojing, WANG Zhendong, DU Runmeng. Review of Federated Learning and Its Security and Privacy Protection [J]. Computer Engineering, 2024, 50(5): 1-15.
[10]	WANG Wenbin, QIAN Zhenjiang, JIN Yong, SUN Gaofei, XING Xiaoshuang, SU Chao, SUN Tianqi. Formal Design and Verification of File System Based on Isabelle/HOL [J]. Computer Engineering, 2024, 50(4): 277-285.
[11]	Lin NI, Zihui LIU, Shuai ZHANG, Jiujiang HAN, Ming XIAN. IP Soft Core Hardware Trojan Detection Method Based on Grayscale Graph Analysis [J]. Computer Engineering, 2024, 50(3): 44-51.
[12]	SONG Yanrui, ZHUANG Lei, XU Zexi, FENG Xu, MO Wenshuai. Reliable Service Function Chain Deployment Algorithm Based on Edge-Cloud Collaboration [J]. Computer Engineering, 2024, 50(12): 184-193.
[13]	LIU Hangbo, MA Li, LI Yang, MA Dongchao, FU Yingxun. Obstacle Avoidance Method Using DQN to Classify Obstacles in Unmanned Driving [J]. Computer Engineering, 2024, 50(11): 380-389.
[14]	ZHANG Yujie, GAO Han. Image Segmentation Algorithm for Stamping Defects Based on Improved FCM [J]. Computer Engineering, 2024, 50(10): 342-351.
[15]	YU Xinsheng, ZHU Danjiang, LUO Lunhan. System Security Analysis Method Based on CLPN [J]. Computer Engineering, 2024, 50(10): 255-265.

Please choose a citation manager

Content to export

A Lightweight Monitor for Android Kernel Protection

一种轻量级的Android内核保护监控器

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments

模态框（Modal）标题

Please choose a citation manager

Content to export

A Lightweight Monitor for Android Kernel Protection

一种轻量级的Android内核保护监控器

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments