We present an arms race between rooting detection and rooting evasion. We investigate different methods to detect rooted device at both Java and native level and evaluate the counterattack from major hooking tools. To this end, an extensive study of Android rooting has been conducted, which includes the techniques to root the device and make it invisible to the detection of mobile antimalware product. We then analyze the evasion loopholes and in turn enhance our rooting detection tool. We also apply evasion techniques on rooted device and compare our work with 92 popular root checking applications and 18 banking and finance applications. Results show that most of them do not suffice and can be evaded through API hooking or static file renaming. Furthermore, over 28000 Android applications have been analyzed and evaluated in order to diagnose the characteristics of rooting in recent years. Our study shows that rooting has become more and more prevalent as an inevitable trend, and it raises big security concerns regarding detection and evasion. As a proof of concept, we have published our rooting detection application to Google Play Store to demonstrate the work presented in this paper.
Abstract-Until now, many researches have carried out analyzing the vulnerabilities as well as finding the defense strategies for malicious insider (MI) at cloud environment. However, all these previous works only considered the perspective of MI attacks that are originated from tenant side in a public cloud. Furthermore, in these existing works, the MI attack techniques are only basically and abstractly described. Without the proof of concept, MI attacks are just theoretical threats. In this paper, we consider the scenario that MI executes the attack inside the Cloud IaaS vendor. Moreover, in order to show the realistic of MI attacks in the scenario, this paper introduces three concrete MI attacks with a proof of concept implementation based on existing tools. Three introduced MI attacks in this paper are: memory scanning, template poisoning, and snapshot cracking. The demonstration result shows that MI attacks inside cloud IaaS vendor are no longer potential threats but realistic issues that we need to consider.Index Terms-CloudStack, malicious insider, insider threats, cloud computing, cloud security, security threats.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.