The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
To facilitate apps to collaborate in finish complex jobs, Android allows isolated apps to communicate through explicit interfaces. However, the communication mechanisms often give additional privilege to apps, which can be exploited by attackers. The Android Task Structure is a widely-used mechanism to facilitate apps' collaboration. Recent research has identified attacks to the mechanism, allowing...
As control-flow hijacking defenses gain adoption, it is important to understand the remaining capabilities of adversaries via memory exploits. Non-control data exploits are used to mount information leakage attacks or privilege escalation attacks program memory. Compared to control-flow hijacking attacks, such non-control data exploits have limited expressiveness, however, the question is: what is...
The growing popularity of Android-based smart-phones have led to the rise of Android based malware. In particular, profit-motivated malware is becoming increasingly popular in Android malware distribution. These malware typically profit by sending premium-rate SMS messages and/or make premium-rate phone calls from infected devices without user consent. In this paper, we investigate the telephony framework...
The verification of policy configuration is the key point during the security analysis of SELinux. Most of current verification methods focus on the construction of policy configurations mathematical model, rather than the difficulty of security requirements description for the verifiers. A new security requirement description language (SRDL) based on the theory of information flow is proposed, whose...
Dynamic binary translation (DBT) is a well known software technology that enables seamless cross-ISA execution. Unfortunately, many malicious programs that may lead to unauthorized access can run easily and unrestrictedly under the DBT system. Because these malicious programs must go through the system call interface to take malicious action, system call interposition has become a widely used technique...
A static vulnerability detection method based on an extended vulnerability state machine is proposed in this paper. In this method, the state space of state machine model is extended. The security state of a variable can be identified by a property set that may consist of multiple security-related properties rather than a single property. As results, fine-grained state transition is provided to support...
The existing code injection attack defense methods have some deficiencies on performance overhead and effectiveness. In order to ensure the system performance, we propose a method that uses system call randomization to counter code injection attacks based on instruction set randomization idea. An injected code would perform its actions with system calls. System call randomization on operating system...
The integer sign vulnerability is a comparatively new and subtle type of vulnerabilities, they can compromise system security. Especially, if a sign vulnerability occurs in operating system kernel, it may result in very serious invalid read/write operations to kernel memory area. Unfortunately, little attention has been paid to static detecting them automatically. This paper presents a novel approach...
Nowadays, technologies of information security have been attached more and more importance to and it's a critical problem to take measures to ensure the reliability of related trustworthy software such as secure operating systems (SOSs). Thereafter, it's always necessary for such systems to be taken complete and rigorous security test and evaluation among development team and/or by third-party security...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.