TU Darmstadt / ULB / TUbiblio

POSTER: The Quest for Security against Privilege Escalation Attacks on Android

Bugiel, Sven ; Davi, Lucas ; Dmitrienko, Alexandra ; Fischer, Thomas ; Sadeghi, Ahmad-Reza ; Shastry, Bhargava (2011)
POSTER: The Quest for Security against Privilege Escalation Attacks on Android.
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

In this paper we present the design and implementation of a security framework that extends the reference monitor of the Android middleware and deploys a mandatory access control on Linux kernel (based on Tomoyo) aiming at detecting and preventing application-level privilege escalation attacks at runtime.

In contrast to existing solutions, our framework is system-centric, efficient, detects attacks that involve communication channels controlled by both, Android middleware and the Linux kernel (particularly, Binder IPC, Internet sockets and file system). It can prevent known confused deputy attacks without false positives and is also flexible enough to prevent unknown confused deputy attacks and attacks by colluding applications (e.g., Soundcomber) at the cost of a small rate of false positives.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2011
Autor(en): Bugiel, Sven ; Davi, Lucas ; Dmitrienko, Alexandra ; Fischer, Thomas ; Sadeghi, Ahmad-Reza ; Shastry, Bhargava
Art des Eintrags: Bibliographie
Titel: POSTER: The Quest for Security against Privilege Escalation Attacks on Android
Sprache: Deutsch
Publikationsjahr: Oktober 2011
Verlag: ACM
Buchtitel: 18th ACM Conference on Computer and Communications Security (CCS'11)
Zugehörige Links:
Kurzbeschreibung (Abstract):

In this paper we present the design and implementation of a security framework that extends the reference monitor of the Android middleware and deploys a mandatory access control on Linux kernel (based on Tomoyo) aiming at detecting and preventing application-level privilege escalation attacks at runtime.

In contrast to existing solutions, our framework is system-centric, efficient, detects attacks that involve communication channels controlled by both, Android middleware and the Linux kernel (particularly, Binder IPC, Internet sockets and file system). It can prevent known confused deputy attacks without false positives and is also flexible enough to prevent unknown confused deputy attacks and attacks by colluding applications (e.g., Soundcomber) at the cost of a small rate of false positives.

Freie Schlagworte: Security
ID-Nummer: TUD-CS-2011-0211
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Hinterlegungsdatum: 04 Aug 2016 10:13
Letzte Änderung: 03 Jun 2018 21:31
PPN:
Zugehörige Links:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen