TU Darmstadt / ULB / TUbiblio

POSTER: The Quest for Security against Privilege Escalation Attacks on Android

Bugiel, Sven and Davi, Lucas and Dmitrienko, Alexandra and Fischer, Thomas and Sadeghi, Ahmad-Reza and Shastry, Bhargava :
POSTER: The Quest for Security against Privilege Escalation Attacks on Android.
18th ACM Conference on Computer and Communications Security (CCS'11) ACM
[Conference or Workshop Item] , (2011)

Abstract

In this paper we present the design and implementation of a security framework that extends the reference monitor of the Android middleware and deploys a mandatory access control on Linux kernel (based on Tomoyo) aiming at detecting and preventing application-level privilege escalation attacks at runtime.

In contrast to existing solutions, our framework is system-centric, efficient, detects attacks that involve communication channels controlled by both, Android middleware and the Linux kernel (particularly, Binder IPC, Internet sockets and file system). It can prevent known confused deputy attacks without false positives and is also flexible enough to prevent unknown confused deputy attacks and attacks by colluding applications (e.g., Soundcomber) at the cost of a small rate of false positives.

Item Type: Conference or Workshop Item
Erschienen: 2011
Creators: Bugiel, Sven and Davi, Lucas and Dmitrienko, Alexandra and Fischer, Thomas and Sadeghi, Ahmad-Reza and Shastry, Bhargava
Title: POSTER: The Quest for Security against Privilege Escalation Attacks on Android
Language: German
Abstract:

In this paper we present the design and implementation of a security framework that extends the reference monitor of the Android middleware and deploys a mandatory access control on Linux kernel (based on Tomoyo) aiming at detecting and preventing application-level privilege escalation attacks at runtime.

In contrast to existing solutions, our framework is system-centric, efficient, detects attacks that involve communication channels controlled by both, Android middleware and the Linux kernel (particularly, Binder IPC, Internet sockets and file system). It can prevent known confused deputy attacks without false positives and is also flexible enough to prevent unknown confused deputy attacks and attacks by colluding applications (e.g., Soundcomber) at the cost of a small rate of false positives.

Title of Book: 18th ACM Conference on Computer and Communications Security (CCS'11)
Publisher: ACM
Uncontrolled Keywords: Security
Divisions: Department of Computer Science
Department of Computer Science > System Security Lab
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Date Deposited: 04 Aug 2016 10:13
Identification Number: TUD-CS-2011-0211
Related URLs:
Export:

Optionen (nur für Redakteure)

View Item View Item