TY - GEN
T1 - ACIDroid
T2 - 35th Annual ACM Symposium on Applied Computing, SAC 2020
AU - Choi, Jusop
AU - Kim, Soolin
AU - Cho, Junsung
AU - Kim, Kuyju
AU - Hong, Seok
AU - Kim, Hyoungshick
N1 - Publisher Copyright:
© 2020 ACM.
PY - 2020/3/30
Y1 - 2020/3/30
N2 - To improve the execution performance of applications, Android introduced a new optimization technique using app cache. This new feature not only improves the performance of Android applications but exposes a new attack surface to be compromised. Attackers can eventually change the behavior of installed applications by modifying executable bytecode in their app cache files. We call this attack "app cache tampering attack". This attack would be difficult for device owners to recognize its existence because the modification in cache files does not require user's any explicit actions. To mitigate the risks of app cache tampering attack, we present an efficient App Cache Integrity protection solution on Android called "ACIDroid", which provides the secure management of hash values of the optimized executable bytecode in app cache files. To show the feasibility of ACIDroid, we performed app cache tampering attacks on 11 popular Android apps (Paypal, Bank of America, Outlook, lPassword, Dropbox, Azure Authenticator, Blizzard Authenticator, TexasHealthMyChart, Google Authenticator, Booking and Amazon Alexa) and tried to detect the changes in app cache files using ACIDroid. With the modified app cache files, ACIDroid is able to correctly detect all the (intentional) changes in the apps tested while maintaining an acceptable verification time overhead less than 2.69% (48.27ms) and 21.18% (155.54ms) of the launch time of each app on average for AOSP and PIXEL2, respectively, running Android version 8.
AB - To improve the execution performance of applications, Android introduced a new optimization technique using app cache. This new feature not only improves the performance of Android applications but exposes a new attack surface to be compromised. Attackers can eventually change the behavior of installed applications by modifying executable bytecode in their app cache files. We call this attack "app cache tampering attack". This attack would be difficult for device owners to recognize its existence because the modification in cache files does not require user's any explicit actions. To mitigate the risks of app cache tampering attack, we present an efficient App Cache Integrity protection solution on Android called "ACIDroid", which provides the secure management of hash values of the optimized executable bytecode in app cache files. To show the feasibility of ACIDroid, we performed app cache tampering attacks on 11 popular Android apps (Paypal, Bank of America, Outlook, lPassword, Dropbox, Azure Authenticator, Blizzard Authenticator, TexasHealthMyChart, Google Authenticator, Booking and Amazon Alexa) and tried to detect the changes in app cache files using ACIDroid. With the modified app cache files, ACIDroid is able to correctly detect all the (intentional) changes in the apps tested while maintaining an acceptable verification time overhead less than 2.69% (48.27ms) and 21.18% (155.54ms) of the launch time of each app on average for AOSP and PIXEL2, respectively, running Android version 8.
KW - Android Runtime (ART)
KW - Android system
KW - App cache file
KW - Integrity
UR - https://www.scopus.com/pages/publications/85083037880
U2 - 10.1145/3341105.3374037
DO - 10.1145/3341105.3374037
M3 - Conference contribution
AN - SCOPUS:85083037880
T3 - Proceedings of the ACM Symposium on Applied Computing
SP - 376
EP - 383
BT - 35th Annual ACM Symposium on Applied Computing, SAC 2020
PB - Association for Computing Machinery
Y2 - 30 March 2020 through 3 April 2020
ER -