Graduation Year

2014

Document Type

Thesis

Degree

M.S.C.S.

Degree Name

MS in Computer Science (M.S.C.S.)

Department

Computer Science

Degree Granting Department

Computer Science and Engineering

Major Professor

Jay Ligatti, Ph.D.

Co-Major Professor

Yao Liu, Ph.D.

Committee Member

Yao Liu, Ph.D.

Committee Member

Hao Zheng, Ph.D.

Keywords

BroNIEs, Formal Defintions, Injection Attacks, OS Shell, SQL

Abstract

Injection attacks are the top two causes of software errors and vulnerabilities, according to the MITRE Common Vulnerabilities list [1]. This thesis presents a threat analysis of injection attacks on applications built for Android, a popular but not rigorously studied operating system designed for mobile devices. The following thesis is argued: Injection attacks are possible on off-the-shelf Android systems, and such attacks have the capacity to compromise the device through resource denial and leaking private data. Specifically, we demonstrate that injection attacks are possible through the OS shell and through the SQLite API. To mitigate these attacks, we augment the Android OS with a taint-tracking mechanism to monitor the flow of untrusted character strings through application execution. We use this taint information to implement a mechanism to detect and prevent these injection attacks. A good denition of an attack being critical to preventing it, our mechanism is based on Ray and Ligatti's formalized “NIE" property, which states that untrusted inputs must only insert or expand noncode tokens in output programs. If this property is violated, an injection attack has occurred. This definition's detection algorithm, in combination with our taint tracker, allow our mechanism to defend against these attacks.

Share

COinS