An adaptive and configurable protection framework against android privilege escalation threats
作者: Yang Xu , Guojun Wang , Ju Ren , Yaoxue Zhang
DOI: 10.1016/J.FUTURE.2018.09.042
关键词:
摘要: Abstract Android is a successful mobile platform with thriving application ecosystem. However, despite its security precautions like permission mechanism, it still vulnerable to privilege escalation threats and particularly confused deputy attacks that exploit the leak vulnerabilities of applications. Worse, most existing detection protection techniques have become costly unresponsive in current dynamic environments. In this paper, we propose configurable framework prevent exploitation third-party applications via attacks. Our collects runtime states enforces policy capability-based access control restrain riskful inter-application communications, so as provide more responsive, adaptive, flexible protection. Besides, our provides users configuration together complementary mechanism mitigate risks induced by inappropriate policies. Additionally, present sophisticated decision cache system proactive maintenance method ensures efficiency dependability services. Theoretical analysis experimental evaluation demonstrate approach effective protections for against at small performance usability costs.
sci-hub.se 参考文章(35)
Damien Octeau, Yves Le Traon, Eric Bodden, Alexandre Bartel, Patrick McDaniel, Jacques Klein, Somesh Jha, Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis usenix security symposium. pp. 543- 558 ,(2013)
Alexander Moshchuk, Adrienne Porter Felt, Helen J. Wang, Erika Chin, Steven Hanna, Permission re-delegation: attacks and defenses usenix security symposium. pp. 22- 22 ,(2011)
Michael Backes, Sven Bugiel, Sebastian Gerling, Scippa: system-centric IPC provenance on Android annual computer security applications conference. pp. 36- 45 ,(2014) , 10.1145/2664243.2664264
Daniel Luchaup, Damien Octeau, Patrick McDaniel, Somesh Jha, Matthew Dering, Composite constant propagation: application to Android inter-component communication analysis international conference on software engineering. ,vol. 1, pp. 77- 88 ,(2015) , 10.5555/2818754.2818767
Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee, Guofei Jiang, CHEX Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 229- 240 ,(2012) , 10.1145/2382196.2382223
Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner, Analyzing inter-application communication in Android Proceedings of the 9th international conference on Mobile systems, applications, and services - MobiSys '11. pp. 239- 252 ,(2011) , 10.1145/1999995.2000018
Kun Yang, Jianwei Zhuge, Yongke Wang, Lujue Zhou, Haixin Duan, IntentFuzzer: detecting capability leaks of android applications computer and communications security. pp. 531- 536 ,(2014) , 10.1145/2590296.2590316
Veronica Czitrom, Patrick D. Spagon, Statistical Case Studies for Industrial Process Improvement Technometrics. ,vol. 40, pp. 163- 163 ,(1997) , 10.1137/1.9780898719765
Veelasha Moonsamy, Jia Rong, Shaowu Liu, Mining permission patterns for contrasting clean and malicious android applications Future Generation Computer Systems. ,vol. 36, pp. 122- 132 ,(2014) , 10.1016/J.FUTURE.2013.09.014
William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, Anmol N. Sheth, TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones ACM Transactions on Computer Systems. ,vol. 32, pp. 5- ,(2014) , 10.1145/2619091