Privilege escalation attacks on android

Authors:
Lucas Davi;Alexandra Dmitrienko;Ahmad-Reza Sadeghi;Marcel Winandy
Affiliations:
System Security Lab, Ruhr-University Bochum, Germany;System Security Lab, Ruhr-University Bochum, Germany;Fraunhofer-Institut SIT Darmstadt, Technische Universität Darmstadt, Germany;System Security Lab, Ruhr-University Bochum, Germany
Venue:
ISC'10 Proceedings of the 13th international conference on Information security
Year:
2010

Citing 16
Cited 29

RAD: A Compile-Time Solution to Buffer Overflow Attacks

ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns

IEEE Security and Privacy
Dynamic code instrumentation to detect and recover from return address corruption

Proceedings of the 2006 international workshop on Dynamic systems analysis
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)

Proceedings of the 14th ACM conference on Computer and communications security
An empirical security study of the native code in the JDK

SS'08 Proceedings of the 17th conference on Security symposium
Understanding Android Security

IEEE Security and Privacy
Language-based security on Android

Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
On lightweight mobile phone application certification

Proceedings of the 16th ACM conference on Computer and communications security
Semantically Rich Application-Centric Security in Android

ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Apex: extending Android permission model and enforcement with user-defined runtime constraints

ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Google Android: A Comprehensive Security Assessment

IEEE Security and Privacy
Securing Android-Powered Mobile Devices Using SELinux

IEEE Security and Privacy
A methodology for empirical analysis of permission-based security models and its application to android

Proceedings of the 17th ACM conference on Computer and communications security
Return-oriented programming without returns

Proceedings of the 17th ACM conference on Computer and communications security
A Formal Model to Analyze the Permission Authorization and Enforcement in the Android Framework

SOCIALCOM '10 Proceedings of the 2010 IEEE Second International Conference on Social Computing
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones

OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation

Address space randomization for mobile devices

Proceedings of the fourth ACM conference on Wireless network security
Permission re-delegation: attacks and defenses

SEC'11 Proceedings of the 20th USENIX conference on Security
Quire: lightweight provenance for smart phone operating systems

SEC'11 Proceedings of the 20th USENIX conference on Security
Practical and lightweight domain isolation on Android

Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Poster: the quest for security against privilege escalation attacks on android

Proceedings of the 18th ACM conference on Computer and communications security
Defending users against smartphone apps: techniques and future directions

ICISS'11 Proceedings of the 7th international conference on Information Systems Security
DroidChecker: analyzing android applications for capability leak

Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
MOSES: supporting operation modes on smartphones

Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Automatically securing permission-based software by reducing the attack surface: an application to Android

Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
Reducing attack surfaces for intra-application communication in android

Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Why eve and mallory love android: an analysis of android SSL (in)security

Proceedings of the 2012 ACM conference on Computer and communications security
CHEX: statically vetting Android apps for component hijacking vulnerabilities

Proceedings of the 2012 ACM conference on Computer and communications security
Android SMS botnet: a new perspective

Proceedings of the 10th ACM international symposium on Mobility management and wireless access
Memory errors: the past, the present, and the future

RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Analysis of the communication between colluding applications on modern smartphones

Proceedings of the 28th Annual Computer Security Applications Conference
Towards unified authorization for android

ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
DroidAlarm: an all-sided static analysis tool for Android privilege-escalation malware

Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
When it's better to ask forgiveness than get permission: attribution mechanisms for smartphone resources

Proceedings of the Ninth Symposium on Usable Privacy and Security
POSTER: A new framework against privilege escalation attacks on android

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Android malware classification method: Dalvik bytecode frequency analysis

Proceedings of the 2013 Research in Adaptive and Convergent Systems
Rethinking SSL development in an appified world

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Preventing accidental data disclosure in modern operating systems

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Unauthorized origin crossing on mobile platforms: threats and mitigation

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
FireDroid: hardening security in almost-stock Android

Proceedings of the 29th Annual Computer Security Applications Conference
Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies

SEC'13 Proceedings of the 22nd USENIX conference on Security
Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis

SEC'13 Proceedings of the 22nd USENIX conference on Security
TrustID: trustworthy identities for untrusted mobile devices

Proceedings of the 4th ACM conference on Data and application security and privacy
A taxonomy of privilege escalation attacks in Android applications

International Journal of Security and Networks
Automatic detection of inter-application permission leaks in Android applications

IBM Journal of Research and Development

Quantified Score

Hi-index	0.00

Visualization

Abstract

Android is a modern and popular software platform for smartphones. Among its predominant features is an advanced security model which is based on application-oriented mandatory access control and sandboxing. This allows developers and users to restrict the execution of an application to the privileges it has (mandatorily) assigned at installation time. The exploitation of vulnerabilities in program code is hence believed to be confined within the privilege boundaries of an application's sandbox. However, in this paper we show that a privilege escalation attack is possible. We show that a genuine application exploited at runtime or a malicious application can escalate granted permissions. Our results immediately imply that Android's security model cannot deal with a transitive permission usage attack and Android's sandbox model fails as a last resort against malware and sophisticated runtime attacks.