RGBDroid : A Novel Response-Based Approach to Android Privilege Escalation Attacks Massachusetts Institute of Technology
Recent malware often collects sensitive information from third-party applications with an illegally escalated priv- ilege to the system level (the highest level) on the An- droid platform. An attack to obtain root-level privilege in an Android environment can pose a serious threat to users because it breaks down the whole security sys- tem. RGBDroid (Rooting Good-Bye on Droid) is an ex- tension to the Android smartphone platform that effec- tively detects and responds to the attacks associated with escalation or abuse of privileges. Considering the An- droid security model, which dictates that users are not al- lowed to get root-level privilege and that root-level privi- lege should be restrictively used, RGBDroid can find out whether an application illegally acquires root-level priv- ilege, and does not permit an illegal root-level process to access protected resources according to the principle of least privilege. RGBDroid protects the Android system against malicious applications even when malware ob- tains root-level privilege by exploiting vulnerabilities of the Android platform. This paper shows that i) a system can still be safely protected even after the system security is breached by privilege escalation attacks, and ii) our proposed re- sponse technique has comparative advantage over con- ventional prevention techniques in terms of operational overhead which can lead to significant deterioration of overall system performance. RGBDroid has been imple- mented on an embedded board and verified experimen- tally.