论文信息 - A privilege escalation vulnerability checking system for android applications

A privilege escalation vulnerability checking system for android applications

Android is a free, open source mobile platform based on the Linux kernel. The openness of the application platform attracts developers, both benign and malicious. Android depends on privilege separation to isolate applications from each other and from the system. However, a recent research reported that a genuine application exploited at runtime or a malicious application can escalate granted permissions. The attack depends on a carelessly designed application which fails to protect the permissions granted to it. In this research, we propose a vulnerability checking system to check if an application can be potentially leveraged by an attacker to launch such privilege escalation attack. We downloaded 1038 applications from the wild and found 217 potentially vulnerable applications that need further inspection.

Lucas C.K. Hui | Patrick P.F. Chan | S.M. Yiu

[1] Xinwen Zhang,et al. Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[2] Sahin Albayrak,et al. Smartphone malware evolution revisited: Android next target? , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[3] Robert G. Sargent,et al. Control flow graphs as a representation language , 1994, Proceedings of Winter Simulation Conference.

[4] Patrick D. McDaniel,et al. Semantically rich application-centric security in Android , 2012 .

[5] Markus Jakobsson,et al. Retroactive Detection of Malware with Applications to Mobile Platforms , 2010, HotSec.

[6] Yuval Elovici,et al. Securing Android-Powered Mobile Devices Using SELinux , 2010, IEEE Security & Privacy.

[7] Patrick D. McDaniel,et al. On lightweight mobile phone application certification , 2009, CCS.

[8] Patrick D. McDaniel,et al. Understanding Android Security , 2009, IEEE Security & Privacy Magazine.

[9] Ahmad-Reza Sadeghi,et al. Privilege Escalation Attacks on Android , 2010, ISC.

[10] Gang Tan,et al. An Empirical Security Study of the Native Code in the JDK , 2008, USENIX Security Symposium.