A privilege escalation vulnerability checking system for android applications
作者: Patrick P.F. Chan , Lucas C.K. Hui , S.M. Yiu
DOI: 10.1109/ICCT.2011.6157963
关键词:
摘要: Android is a free, open source mobile platform based on the Linux kernel. The openness of application attracts developers, both benign and malicious. depends privilege separation to isolate applications from each other system. However, recent research reported that genuine exploited at runtime or malicious can escalate granted permissions. attack carelessly designed which fails protect permissions it. In this research, we propose vulnerability checking system check if an be potentially leveraged by attacker launch such escalation attack. We downloaded 1038 wild found 217 vulnerable need further inspection.
hku.hk
sci-hub.se 参考文章(10)
Aubrey-Derrick Schmidt, Hans-Gunther Schmidt, Leonid Batyuk, Jan Hendrik Clausen, Seyit Ahmet Camtepe, Sahin Albayrak, Can Yildizli, Smartphone malware evolution revisited: Android next target? international conference on malicious and unwanted software. pp. 1- 7 ,(2009) , 10.1109/MALWARE.2009.5403026
William Enck, Machigar Ongtang, Patrick McDaniel, On lightweight mobile phone application certification computer and communications security. pp. 235- 245 ,(2009) , 10.1145/1653662.1653691
Asaf Shabtai, Yuval Fledel, Yuval Elovici, Securing Android-Powered Mobile Devices Using SELinux ieee symposium on security and privacy. ,vol. 8, pp. 36- 44 ,(2010) , 10.1109/MSP.2009.144
Douglas G. Fritz, Robert G. Sargent, Bruce A. Cota, Control flow graphs as a representation language winter simulation conference. pp. 555- 559 ,(1994) , 10.5555/193201.194302
William Enck, Machigar Ongtang, Patrick McDaniel, Understanding Android Security ieee symposium on security and privacy. ,vol. 7, pp. 50- 57 ,(2009) , 10.1109/MSP.2009.26
Mohammad Nauman, Sohail Khan, Xinwen Zhang, Apex: extending Android permission model and enforcement with user-defined runtime constraints computer and communications security. pp. 328- 332 ,(2010) , 10.1145/1755688.1755732
Machigar Ongtang, Stephen McLaughlin, William Enck, Patrick McDaniel, Semantically Rich Application-Centric Security in Android annual computer security applications conference. pp. 340- 349 ,(2009) , 10.1109/ACSAC.2009.39
Jason Croft, Gang Tan, An empirical security study of the native code in the JDK usenix security symposium. pp. 365- 377 ,(2008)
Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy, Privilege escalation attacks on android international conference on information security. pp. 346- 360 ,(2010) , 10.1007/978-3-642-18178-8_30
Markus Jakobsson, Karl-Anders Johansson, Retroactive detection of malware with applications to mobile platforms usenix conference on hot topics in security. pp. 1- 13 ,(2010)