Privilege Escalation Detecting in Android Applications

被引:3
|
作者
Zhong, Xingqiu [1 ]
Zeng, Fanping [1 ,2 ]
Cheng, Zhichao [1 ]
Xie, Niannian [1 ]
Qin, Xiaoxia [1 ]
Guo, Shuli [1 ]
机构
[1] Univ Sci & Technol China, Sch Comp Sci & Technol, Hefei, Anhui, Peoples R China
[2] Anhui Prov Key Lab Software Comp & Commun, Hefei, Anhui, Peoples R China
来源
2017 3RD INTERNATIONAL CONFERENCE ON BIG DATA COMPUTING AND COMMUNICATIONS (BIGCOM) | 2017年
关键词
Android Applications; Privilege Escalation; Control Flow Analysis;
D O I
10.1109/BIGCOM.2017.21
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
As the most popular mobile operating system, there are large amount of applications developed for Android. Considering security issues, developers are forced to declare relative permissions in manifest file when they need to use sensitive APIs. With the ability of inter-component communication (ICC) provided by Android, malicious applications can indirectly call sensitive APIs through components exposed by other applications, leading to privilege escalation. To address this problem, we propose a method to detect this kind of privilege escalation between two applications. First, we compare the permission sets of both applications. Then, if necessary we identify call links between two applications and perform inter-application control flow analysis. Finally, according to the result of control flow analysis, we can judge whether the privilege escalation exists. As the experiment result shows, our method can accurately detect privilege escalation between two applications.
引用
收藏
页码:39 / 44
页数:6
相关论文
共 50 条
  • [1] A taxonomy of privilege escalation attacks in Android applications
    Rangwala, Mohammed
    Zhang, Ping
    Zou, Xukai
    Li, Feng
    International Journal of Security and Networks, 2014, 9 (01) : 40 - 55
  • [2] Privilege Escalation Attacks on Android
    Davi, Lucas
    Dmitrienko, Alexandra
    Sadeghi, Ahmad-Reza
    Winandy, Marcel
    INFORMATION SECURITY, 2011, 6531 : 346 - +
  • [3] MACE: Detecting Privilege Escalation Vulnerabilities in Web Applications
    Monshizadeh, Maliheh
    Naldurg, Prasad
    Venkatakrishnan, V. N.
    CCS'14: PROCEEDINGS OF THE 21ST ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2014, : 690 - 701
  • [4] A Survey of Privilege Escalation Detection in Android
    Hutchinson, Shinelle
    Varol, Cihan
    2018 9TH IEEE ANNUAL UBIQUITOUS COMPUTING, ELECTRONICS & MOBILE COMMUNICATION CONFERENCE (UEMCON), 2018, : 726 - 731
  • [5] Research on Non-Authorized Privilege Escalation Detection of Android Applications
    Yang, Yaping
    Cai, Lizhi
    Zhang, Yanguo
    2016 17TH IEEE/ACIS INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ARTIFICIAL INTELLIGENCE, NETWORKING AND PARALLEL/DISTRIBUTED COMPUTING (SNPD), 2016, : 563 - 568
  • [6] Role behavior detection method of privilege escalation attacks for android applications
    Li H.
    Shen L.
    Ma C.
    Liu M.
    International Journal of Performability Engineering, 2019, 15 (06): : 1631 - 1641
  • [7] Monitoring of Root Privilege Escalation in Android Kernel
    Hu, Xueli
    Xi, Qi
    Wang, Zhenxing
    CLOUD COMPUTING AND SECURITY, PT V, 2018, 11067 : 491 - 503
  • [8] Multifeature-Based Behavior of Privilege Escalation Attack Detection Method for Android Applications
    Shen, Limin
    Li, Hui
    Wang, Hongyi
    Wang, Yihuan
    MOBILE INFORMATION SYSTEMS, 2020, 2020
  • [9] Horizontal Privilege Escalation in Trusted Applications
    Suciu, Darius
    McLaughlin, Stephen
    Simon, Laurent
    Sion, Radu
    PROCEEDINGS OF THE 29TH USENIX SECURITY SYMPOSIUM, 2020, : 825 - 840
  • [10] An Adaptive Android Security Extension against Privilege Escalation Attacks
    Xu, Yang
    Ren, Ju
    Zhang, Yaoxue
    Wang, Guojun
    2017 15TH IEEE INTERNATIONAL SYMPOSIUM ON PARALLEL AND DISTRIBUTED PROCESSING WITH APPLICATIONS AND 2017 16TH IEEE INTERNATIONAL CONFERENCE ON UBIQUITOUS COMPUTING AND COMMUNICATIONS (ISPA/IUCC 2017), 2017, : 752 - 760
12345