Privilege Escalation Attacks on Android

13 years 2 months ago

Download www.trust.rub.de

Abstract. Android is a modern and popular software platform for smartphones. Among its predominant features is an advanced security model which is based on application-oriented mandatory access control and sandboxing. This allows developers and users to restrict the execution of an application to the privileges it has (mandatorily) assigned at installation time. The exploitation of vulnerabilities in program code is hence believed to be confined within the privilege boundaries of an application's sandbox. However, in this paper we show that a privilege escalation attack is possible. We show that a genuine application exploited at runtime or a malicious application can escalate granted permissions. Our results immediately imply that Android's security model cannot deal with a transitive permission usage attack and Android's sandbox model fails as a last resort against malware and sophisticated runtime attacks.

Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeg

Real-time Traffic

Application-oriented Mandatory Access | Information Technology | ISW 2010 | Privilege Escalation Attack | Security Model |

claim paper

» Preventing Overflow Attacks by Memory Randomization

» Securing The Kernel via Static Binary Rewriting and Program Shepherding

» Detecting Trojan Circuit Attacks

» Quire Lightweight Provenance for Smart Phone Operating Systems

» VEX Vetting Browser Extensions for Security Vulnerabilities

Post Info
More Details (n/a)

Added	13 Feb 2011
Updated	13 Feb 2011
Type	Journal
Year	2010
Where	ISW
Authors	Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy

Comments (0)

Sciweavers

Privilege Escalation Attacks on Android

Application-oriented Mandatory Access | Information Technology | ISW 2010 | Privilege Escalation Attack | Security Model |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers