Abstract
In this paper, we detail why the stack smashing protector (SSP), one of the most effective techniques to mitigate stack buffer overflow attacks, fails to protect the Android operating system and thus causes a false sense of security that affects all Android devices. We detail weaknesses of existing SSP implementations, revealing that current SSP is not secure. We propose SSPFA, the first effective and practical SSP for Android devices. SSPFA provides security against stack buffer overflows without changing the underlying architecture. SSPFA has been implemented and tested on several real devices showing that it is not intrusive, and it is binary-compatible with Android applications. Extensive empirical validation has been carried out over the proposed solution.
Highlights
The increase in the number of mobile devices relying on the same operating systems, Android OS and iOS, brings an increase in the exposition of operating systems against the discovery of new vulnerabilities, and the possibility of using them against large-scale cyberattacks by exploiting such vulnerabilities [1]
A weakness in the current security model architecture for the execution of mobile applications in Android OS will unveil vulnerabilities affecting all the versions of the operating system, all models of mobile equipment and all applications running in such operating systems and allowing millions of mobile devices to be potentially exploited, to be spied, to be used as potential attacking tool for cyberterrorism, just to name a few
The correctness of the implementation was evaluated by running the system and reading the values of the canaries for the Android applications in both the original system and the one modified with the SSPFA
Summary
The increase in the number of mobile devices relying on the same operating systems, Android OS and iOS, brings an increase in the exposition of operating systems against the discovery of new vulnerabilities, and the possibility of using them against large-scale cyberattacks by exploiting such vulnerabilities [1] In this sense, it is of paramount importance to keep revisiting and improving their security mechanisms to respond to the always evolving threats. A weakness in the current security model architecture for the execution of mobile applications in Android OS will unveil vulnerabilities affecting all the versions of the operating system, all models of mobile equipment and all applications running in such operating systems and allowing millions of mobile devices to be potentially exploited, to be spied, to be used as potential attacking tool for cyberterrorism, just to name a few. This impact on the society has been our main motivation, and the main contribution of this research work is exactly the identification and empirical demonstration of such significant weakness in the security model for the execution of mobile applications in Android OS together with the proposal of an enhanced memory protection architecture to protect mobile equipment against such weakness, protecting final users against cyberattacks exploiting such vulnerability
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
