Sign up & Download
Sign in

Privilege escalation attacks on android

by Lucas Davi, Alexandra Dmitrienko, Ahmad Reza Sadeghi, Marcel Winandy
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) ()

Abstract

Android is a modern and popular software platform for smartphones. Among its predominant features is an advanced security model which is based on application-oriented mandatory access control and sandboxing. This allows developers and users to restrict the execution of an application to the privileges it has (mandatorily) assigned at installation time. The exploitation of vulnerabilities in program code is hence believed to be confined within the privilege boundaries of an application’s sandbox. However, in this paper we show that a privilege escalation attack is possible. We show that a genuine application exploited at runtime or a malicious application can escalate granted permissions. Our results immediately imply that Android’s security model cannot deal with a transitive permission usage attack and Android’s sandbox model fails as a last resort against malware and sophisticated runtime attacks.

Cite this document (BETA)

Readership Statistics

163 Readers on Mendeley
by Discipline
 
 
 
by Academic Status
 
33% Student (Master)
 
31% Ph.D. Student
 
9% Student (Postgraduate)
by Country
 
6% Germany
 
5% United States
 
2% France

Sign up today - FREE

Mendeley saves you time finding and organizing research. Learn more

  • All your research in one place
  • Add and import papers easily
  • Access it anywhere, anytime

Start using Mendeley in seconds!

Already have an account? Sign in