Skip to content

Privilege Escalation Attacks on Android

by R R Ramanathan, Alexandra Dmitrienko
Nist Special Publication ()
Get full text at journal

Abstract

Android is a modern and popular software platform for smartphones. Among its predominant features is an advanced security model which is based on application-oriented mandatory access control and sandboxing. This allows developers and users to restrict the execution of an application to the privileges it has (mandatorily) assigned at installation time. The exploitation of vulnerabilities in program code is hence believed to be confined within the privilege boundaries of an applications sandbox. However, in this paper we show that a privilege escalation attack is possible. We show that a genuine application exploited at runtime or a malicious application can escalate granted permissions. Our results immediately imply that Androids security model cannot deal with a transitive permission usage attack and Androids sandbox model fails as a last resort against malware and sophisticated runtime attacks.

Cite this document (BETA)

Readership Statistics

10 Readers on Mendeley
by Discipline
 
90% Computer Science
 
10% Engineering
by Academic Status
 
60% Student > Ph. D. Student
 
20% Student > Master
 
10% Student > Bachelor

Sign up today - FREE

Mendeley saves you time finding and organizing research. Learn more

  • All your research in one place
  • Add and import papers easily
  • Access it anywhere, anytime

Start using Mendeley in seconds!

Sign up & Download

Already have an account? Sign in