TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Privilege escalation attacks on android
ISC'10 Proceedings of the 13th international conference on Information security
Quire: lightweight provenance for smart phone operating systems
SEC'11 Proceedings of the 20th USENIX conference on Security
Smartphone security limitations: conflicting traditions
Proceedings of the 2011 Workshop on Governance of Technology, Information, and Policies
Dissecting Android Malware: Characterization and Evolution
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Hi-index | 0.00 |
The Android provides a permission-based security model to restrict the operations that each application can perform; however, it has been shown to be vulnerable to privilege escalation attacks. Applications can cooperate to perform operations that forbidden to perform separately which may lead to privacy leakage. In this poster, we present the design of a new policy-centered security framework against the application-level privilege escalation attacks. Different from previous policy-centered schemes, the communication content is also considered into the inspection besides the permissions. Specially, we allow the privacy information selectively to be passed in the middleware and deploy a mandatory access control at the kernel based on the dynamical taint tracking. Test results show that it can prevent known confused deputy attacks and is also flexible to prevent the unknowns; furthermore it can reduce the false positives of preventing colluding attacks compared to the previous work.