TU Darmstadt / ULB / TUbiblio

XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks

Bugiel, Sven ; Davi, Lucas ; Dmitrienko, Alexandra ; Fischer, Thomas ; Sadeghi, Ahmad-Reza (2011)
XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks.
Report, Bibliographie

Kurzbeschreibung (Abstract)

Google Android has become a popular mobile operating system which is increasingly deployed by mobile device manufactures for various platforms. Recent attacks show that Android's permission framework is vulnerable to application-level privilege escalation attacks, i.e., an application may indirectly gain privileges to perform unauthorized actions. The existing proposals for security extensions to Android's middleware (e.g., Kirin, Saint or TaintDroid) cannot fully and adequately mitigate these attacks or detect Trojans such as Soundminer that exploit covert channels in the Android system.

In this paper we present the design and implementation of XManDroid (eXtended Monitoring on Android), a security framework that extends the monitoring mechanism of Android to detect and prevent application-level privilege escalation attacks at runtime based on a system-centric system policy. Our implementation dynamically analyzes applications' transitive permission usage while inducing a minimal performance overhead unnoticeable for the user. Depending on system policy our system representation allows for an effective detection of (covert) channels established through the Android system services and content providers while simultaneously optimizing the rate of false positives. We evaluate the effectiveness of XManDroid on our test suite that simulates known application-level privilege escalation attacks (including Soundminer), and demonstrate successful detection of attacks that use Android's inter-component communication (ICC) framework (standard for most attacks). We also preformed a usability test to evaluate the impact of XManDroid on the user-experience with third party applications. Moreover, we analyze sources of false positives and discuss how this rate can be further significantly reduced.

Typ des Eintrags: Report
Erschienen: 2011
Autor(en): Bugiel, Sven ; Davi, Lucas ; Dmitrienko, Alexandra ; Fischer, Thomas ; Sadeghi, Ahmad-Reza
Art des Eintrags: Bibliographie
Titel: XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks
Sprache: Deutsch
Publikationsjahr: April 2011
(Heft-)Nummer: TR-2011-04
Zugehörige Links:
Kurzbeschreibung (Abstract):

Google Android has become a popular mobile operating system which is increasingly deployed by mobile device manufactures for various platforms. Recent attacks show that Android's permission framework is vulnerable to application-level privilege escalation attacks, i.e., an application may indirectly gain privileges to perform unauthorized actions. The existing proposals for security extensions to Android's middleware (e.g., Kirin, Saint or TaintDroid) cannot fully and adequately mitigate these attacks or detect Trojans such as Soundminer that exploit covert channels in the Android system.

In this paper we present the design and implementation of XManDroid (eXtended Monitoring on Android), a security framework that extends the monitoring mechanism of Android to detect and prevent application-level privilege escalation attacks at runtime based on a system-centric system policy. Our implementation dynamically analyzes applications' transitive permission usage while inducing a minimal performance overhead unnoticeable for the user. Depending on system policy our system representation allows for an effective detection of (covert) channels established through the Android system services and content providers while simultaneously optimizing the rate of false positives. We evaluate the effectiveness of XManDroid on our test suite that simulates known application-level privilege escalation attacks (including Soundminer), and demonstrate successful detection of attacks that use Android's inter-component communication (ICC) framework (standard for most attacks). We also preformed a usability test to evaluate the impact of XManDroid on the user-experience with third party applications. Moreover, we analyze sources of false positives and discuss how this rate can be further significantly reduced.

Freie Schlagworte: Secure Things;Android, Privilege Escalation
ID-Nummer: TUD-CS-2011-0127
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Hinterlegungsdatum: 04 Aug 2016 10:13
Letzte Änderung: 03 Jun 2018 21:31
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen