Skip to content
Conference proceedings

Privilege escalation attacks on android

Davi L, Dmitrienko A, Sadeghi A, Winandy M ...see all

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6531 LNCS (2011) pp. 346-360

  • 165

    Readers

    Mendeley users who have this article in their library.
  • 86

    Citations

    Citations of this article.
  • N/A

    Views

    ScienceDirect users who have downloaded this article.
Sign in to save reference

Abstract

Android is a modern and popular software platform for smartphones. Among its predominant features is an advanced security model which is based on application-oriented mandatory access control and sandboxing. This allows developers and users to restrict the execution of an application to the privileges it has (mandatorily) assigned at installation time. The exploitation of vulnerabilities in program code is hence believed to be confined within the privilege boundaries of an application’s sandbox. However, in this paper we show that a privilege escalation attack is possible. We show that a genuine application exploited at runtime or a malicious application can escalate granted permissions. Our results immediately imply that Android’s security model cannot deal with a transitive permission usage attack and Android’s sandbox model fails as a last resort against malware and sophisticated runtime attacks.

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document

Get full text

Authors

  • Lucas Davi

  • Alexandra Dmitrienko

  • Ahmad Reza Sadeghi

  • Marcel Winandy

Cite this document

Choose a citation style from the tabs below