DarkDroid - Exposing the Dark Side of Malicious Mobile Applications
暂无分享,去创建一个
work interface) with a new one. This new handler analyses the traffic transmitted and received and adds timestamps to certain messages so that the RTT can be finally computed. Figure 1 also shows the network architecture including the interrupt handler in a Linux-based device. The sources of the Linux kernel have been patched to allow location metrics (ie RTT) to be observed. These changes alter the mac80211 subsystem, which implements most of the common MAC features in Linux. The goals of these changes are 1) to allow the locationrelated capabilities to be registered and released and 2) to add timestamps to the messages exchanged between the terminal and the access point. The capabilities are implemented as plugins, so that each works as standalone. This allows isolation of the bugs and extension of the capabilities without impacting those that are already working. An RTT plugin has been developed in order to calculate the RTT between a node and an IEEE 802.11 access point. This plugin is responsible for most of the tasks developed by the interrupt handler. Specifically, it filters the traffic not suitable for location purposes and matches the transmission and reception messages involved in an RTT, so that the RTT can finally be computed. The interaction between the user’s applications and the RTT plugin is done by means of system calls to a new module named pos80211 [3]. This module provides the computed and buffered RTTs to the user’s applications.
[1] Ignas Niemegeers,et al. A survey of indoor positioning systems for wireless personal networks , 2009, IEEE Communications Surveys & Tutorials.
[2] Greg Kroah-Hartman,et al. Linux Device Drivers , 1998 .
[3] Greg Kroah-Hartman,et al. Linux Device Drivers, 3rd Edition , 2005 .