Browse > Article
http://dx.doi.org/10.7472/jksii.2016.17.6.93

A memory protection method for application programs on the Android operating system  

Kim, Dong-ryul (GRADUATE SCHOOL OF INFORMATION SECURITY, KOREA UNIVERSITY)
Moon, Jong-sub (ELECTRONICS & INFORMATION ENGINEERING, KOREA UNIVERSITY)
Publication Information
Journal of Internet Computing and Services / v.17, no.6, 2016 , pp. 93-101 More about this Journal
Abstract
As the Android smart phones become more popular, applications that handle users' personal data such as IDs or passwords and those that handle data directly related to companies' income such as in-game items are also increasing. Despite the need for such information to be protected, it can be modified by malicious users or leaked by attackers on the Android. The reason that this happens is because debugging functions of the Linux, base of the Android, are abused. If an application uses debugging functions, it can access the virtual memory of other applications. To prevent such abuse, access controls should be reinforced. However, these functions have been incorporated into Android O.S from its Linux base in unmodified form. In this paper, based on an analysis of both existing memory access functions and the Android environment, we proposes a function that verifies thread group ID and then protects against illegal use to reinforce access control. We conducted experiments to verify that the proposed method effectively reinforces access control. To do that, we made a simple application and modified data of the experimental application by using well-established memory editing applications. Under the existing Android environment, the memory editor applications could modify our application's data, but, after incorporating our changes on the same Android Operating System, it could not.
Keywords
Android memory protection; ptrace system call; /proc/PID/mem virtual file; Virtual memory protection; memory editor;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 P. Stirparo, I. N. Fovino, and I. Kounelis, "Data-in-use leakages from Android memory-Test and analysis," 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), Oct. 2013, pp. 701-708. http://dx.doi.org/10.1109/WiMOB.2013.6673433   DOI
2 P. Stirparo, I. N. Fovino, M. Taddeo, and I. Kounelis, "In-memory credentials robbery on android phones," 2013 World Congress on Internet Security (WorldCIS), Mar. 2014, pp. 88-93. http://dx.doi.org/10.1109/WorldCIS.2013.6751023   DOI
3 F. Zhou, Y. Yang, Z. Ding, and G. Sun, "Dump and analysis of Android volatile memory on Wechat," 2015 IEEE International Conference In Communications (ICC), Sep. 2015, pp. 7151-7156. http://dx.doi.org/10.1109/ICC.2015.7249467   DOI
4 504ensicsLabs/LIME, https://github.com/504ensicslabs/lime
5 J. Sylve, A. Case, L. Marzlale, and G. G. Richard, "Acquisition and analysis of volatile memory from android devices," Digital Investigation 2011, Vol. 8, no. 3, Feb. 2012, pp. 175-184. http://dx.doi.org/10.1016/j.diin.2011.10.003   DOI
6 volatility, https://code.google.com/p/volatility/wiki/LinuxMemoryForensics
7 I. Kollar, "Forensic RAM dump image analyser," Master's Thesis, Charles University in Prague, 2010.
8 lcamtuf-memfetch, https://github.com/citypw/lcamtuf-memfetch
9 Cheat Engine, http://www.cheatengine.org/
10 GAMEGUARDIAN, https://gameguardian.net/
11 SB Game Hacker, http://m.balifornia.store.aptoide.com/app/market/org.sbtools.gamehack/40/3882874/SB+Game+Hacker
12 PTRACE(2), http://man7.org/linux/man-pages/man2/ptrace.2.html
13 Linux local privilege escalation via suid/proc/pid/mem write, https://git.zx2c4.com/CVE-2012-0056/about/
14 Android (operating system) https://en.wikipedia.org/wiki/Android_(operating_system)#Platform_usage
15 cgroups, https://en.wikipedia.org/wiki/Cgroups#NAMESPACE-ISOLATION
16 ptrace. https://en.wikipedia.org/wiki/Ptrace#Limitations
17 LSM, https://www.kernel.org/doc/Documentation/security/LSM.txt
18 Yama, https://www.kernel.org/doc/Documentation/security/Yama.txt
19 Java Debug Wire Protocol, http://docs.oracle.com/javase/6/docs/technotes/guides/jpda/jdwp-spec.html
20 Debugging Native Android Platform Code, http://source.android.com/devices/tech/debug/#debuggerd
21 Rooting (Android OS), https://en.wikipedia.org/wiki/Rooting_(Android_OS)#Advantages
22 H. W. Lee, "Android based Mobile Device Rooting Attack Detection and Response Mechanism using Events Extracted from Daemon Processes," Journal of The Korea Institute of Information Security & Cryptology(JKIISC) 2013, Vol. 23, No. 3, Jun. 2013, pp. 479-490. http://dx.doi.org/10.13089/JKIISC.2013.23.3.479   DOI
23 Linux Kernel Cross Reference, http://lxr.oss.org.cn/plain/ident?v=3.4.9&a=arm&i=mm_access