The Confused Deputy: (or why capabilities might have been invented)
ACM SIGOPS Operating Systems Review
Semantically Rich Application-Centric Security in Android
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Apex: extending Android permission model and enforcement with user-defined runtime constraints
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Google Android: A Comprehensive Security Assessment
IEEE Security and Privacy
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Privilege escalation attacks on android
ISC'10 Proceedings of the 13th international conference on Information security
Analyzing inter-application communication in Android
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
Permission re-delegation: attacks and defenses
SEC'11 Proceedings of the 20th USENIX conference on Security
Quire: lightweight provenance for smart phone operating systems
SEC'11 Proceedings of the 20th USENIX conference on Security
Practical and lightweight domain isolation on Android
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Android permissions demystified
Proceedings of the 18th ACM conference on Computer and communications security
Proceedings of the 18th ACM conference on Computer and communications security
Defending users against smartphone apps: techniques and future directions
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
DroidChecker: analyzing android applications for capability leak
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Dr. Android and Mr. Hide: fine-grained permissions in android applications
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Reducing attack surfaces for intra-application communication in android
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
CHEX: statically vetting Android apps for component hijacking vulnerabilities
Proceedings of the 2012 ACM conference on Computer and communications security
Android Permission Re-delegation Detection and Test Case Generation
CSSS '12 Proceedings of the 2012 International Conference on Computer Science and Service System
Analysis of the communication between colluding applications on modern smartphones
Proceedings of the 28th Annual Computer Security Applications Conference
IEEE Security and Privacy
DroidAlarm: an all-sided static analysis tool for Android privilege-escalation malware
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
| Hi-index | 0.00 |
Google's Android is one of the most popular mobile operating system platforms today, being deployed on a wide range of mobile devices from various manufacturers. It is termed as a privilege-separated operating system which implements some novel security mechanisms. Recent research and security attacks on the platform, however, have shown that the security model of Android is flawed and is vulnerable to transitive usage of privileges among applications. Privilege escalation attacks have been shown to be malicious and with the wide spread and growing use of the system, the platform for these attacks is also growing wider. This provides a motivation to design and implement better security frameworks and mechanisms to mitigate these attacks. This paper discusses; 1 the security features currently provided by the Android platform; 2 a definition, few working examples and classifications of privilege escalation attacks in Android applications; 3 a classification and comparison of different frameworks and security extensions proposed in recent research.