Skip to content

Privilege Escalation Attacks on Android

by R R Ramanathan, Alexandra Dmitrienko
Nist Special Publication ()
Get full text at journal

Abstract

Android is a modern and popular software platform for smartphones. Among its predominant features is an advanced security model which is based on application-oriented mandatory access control and sandboxing. This allows developers and users to restrict the execution of an application to the privileges it has (mandatorily) assigned at installation time. The exploitation of vulnerabilities in program code is hence believed to be confined within the privilege boundaries of an applications sandbox. However, in this paper we show that a privilege escalation attack is possible. We show that a genuine application exploited at runtime or a malicious application can escalate granted permissions. Our results immediately imply that Androids security model cannot deal with a transitive permission usage attack and Androids sandbox model fails as a last resort against malware and sophisticated runtime attacks.

Cite this document (BETA)

Readership Statistics

9 Readers on Mendeley
by Discipline
 
100% Computer Science
by Academic Status
 
67% Student > Ph. D. Student
 
11% Student > Bachelor
 
11% Student > Doctoral Student

Sign up today - FREE

Mendeley saves you time finding and organizing research. Learn more

  • All your research in one place
  • Add and import papers easily
  • Access it anywhere, anytime

Start using Mendeley in seconds!

Sign up & Download

Already have an account? Sign in