RGBDroid: a novel response-based approach to android privilege escalation attacks

Authors:
Yeongung Park;ChoongHyun Lee;Chanhee Lee;JiHyeog Lim;Sangchul Han;Minkyu Park;Seong-Je Cho
Affiliations:
Dept. of Computer Sci., Dankook University;CSAIL, Dept. of EECS, Massachusetts Institute of Technology;Dept. of Computer Sci., Dankook University;Dept. of Computer Sci., Dankook University;Dept. of Computer Eng., Konkuk University;Dept. of Computer Eng., Konkuk University;Dept. of Software Sci., Dankook University
Venue:
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Year:
2012

Citing 7
Cited 2

TrustedBSD: Adding Trusted Operating System Features to FreeBSD

Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Understanding Android Security

IEEE Security and Privacy
On lightweight mobile phone application certification

Proceedings of the 16th ACM conference on Computer and communications security
Semantically Rich Application-Centric Security in Android

ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Static analysis of executables for collaborative malware detection on android

ICC'09 Proceedings of the 2009 IEEE international conference on Communications
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones

OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Quire: lightweight provenance for smart phone operating systems

SEC'11 Proceedings of the 20th USENIX conference on Security

DroidBarrier: know what is executing on your android

Proceedings of the 4th ACM conference on Data and application security and privacy
Unified security enhancement framework for the Android operating system

The Journal of Supercomputing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Recent malware often collects sensitive information from third-party applications with an illegally escalated privilege to the system level (the highest level) on the Android platform. An attack to obtain root-level privilege in an Android environment can pose a serious threat to users because it breaks down the whole security system. RGBDroid (Rooting Good-Bye on Droid) is an extension to the Android smartphone platform that effectively detects and responds to the attacks associated with escalation or abuse of privileges. Considering the Android security model, which dictates that users are not allowed to get root-level privilege and that root-level privilege should be restrictively used, RGBDroid can find out whether an application illegally acquires root-level privilege, and does not permit an illegal root-level process to access protected resources according to the principle of least privilege. RGBDroid protects the Android system against malicious applications even when malware obtains root-level privilege by exploiting vulnerabilities of the Android platform. This paper shows that i) a system can still be safely protected even after the system security is breached by privilege escalation attacks, and ii) our proposed response technique has comparative advantage over conventional prevention techniques in terms of operational overhead which can lead to significant deterioration of overall system performance. RGBDroid has been implemented on an embedded board and verified experimentally.