Unified security enhancement framework for the Android operating system

Authors:
Chanhee Lee;Jonghwa Kim;Seong-Je Cho;Jongmoo Choi;Yeongung Park
Affiliations:
Department of Computer Science, Dankook University, Yongin-si, Korea;Department of Computer Science, Dankook University, Yongin-si, Korea;Department of Computer Science, Dankook University, Yongin-si, Korea;Department of Computer Science, Dankook University, Yongin-si, Korea;The Attached of ETRI, Daejeon, Korea
Venue:
The Journal of Supercomputing
Year:
2014

Citing 8
Cited 0

On lightweight mobile phone application certification

Proceedings of the 16th ACM conference on Computer and communications security
Semantically Rich Application-Centric Security in Android

ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Apex: extending Android permission model and enforcement with user-defined runtime constraints

ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones

OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Quire: lightweight provenance for smart phone operating systems

SEC'11 Proceedings of the 20th USENIX conference on Security
Smartphone security limitations: conflicting traditions

Proceedings of the 2011 Workshop on Governance of Technology, Information, and Policies
RGBDroid: a novel response-based approach to android privilege escalation attacks

LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Dissecting Android Malware: Characterization and Evolution

SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

In these days there are many malicious applications that collect sensitive information owned by third-party applications by escalating their privileges to the higher level on the Android operating system. An attack of obtaining the root-level privilege in the Android operating system can be a serious threat to users because it can break down the whole system security. This paper proposes a new Android security framework that can meet the following three goals: (1) preventing privilege escalation attacks, (2) maintaining system integrity, and (3) protecting users' personal information. To achieve these goals, our proposed framework introduces three mechanisms: Root Privilege Protection (RPP), Resource Misuse Protection (RMP), and Private Data Protection (PDP). RPP keeps track of a list of trusted programs with root-level privileges and can detect and respond to malware that illegally tries to acquire root-level privileges by exploiting system-level vulnerabilities. RMP keeps track of a list of critical system resources and can protect system resources from illegal manipulation by malicious applications. PDP keeps personal information safe by enforcing strict access controls so that even privileged applications cannot access users' private data if the applications violate the least privilege rule. The framework is verified using experiments on the Android operating system, which shows that our framework achieved the goals with processing overheads of 25.33 % on average.