Username   Password       Forgot your password?  Forgot your username? 

 

Role Behavior Detection Method of Privilege Escalation Attacks for Android Applications

Volume 15, Number 6, June 2019, pp. 1631-1641
DOI: 10.23940/ijpe.19.06.p14.16311641

Hui Lia,b, Limin Shena, Chuan Maa, and Mingyuan Liua

aSchool of Information Science and Engineering, Yanshan University, Qinhuangdao, 066004, China
bSchool of Business Administration, Hebei Normal University of Science and Technology, Qinhuangdao, 066004, China

(Submitted on March 20, 2019; Revised on April 7, 2019; Accepted on June 9, 2019)

Abstract:

For privilege escalation attacks in the Android system, the detection method of role behavior was proposed based on component features and process algebra. The classification of roles was constructed from the analysis of the privilege escalation attack model. Feature extraction from components includes component permissions, component communication, API calls, and sensitive data flow. Process algebra was used to construct modes of role behavior, and roles of applications were identified through equivalence relation. Finally, the dangerous path was detected in multi-applications, and then applications constituting to privilege escalation attacks were ascertained. The experiment showed that the proposed method can effectively detect privilege escalation attacks, the potential safe hazards in applications were pointed out, and the role of applications was identified.

References: 23

  1. S. H. Qing, “Research Progress on Android Security,” Journal of Software, Vol. 27, No. 1, pp. 45-71, 2016
  2. “Nokia Threat Intelligence Report-2017,” (https://networks.nokia.com/solutions/threat-intelligence, Last accessed on January 30, 2019)
  3. “Nokia Threat Intelligence Report-2019,” (https://networks.nokia.com/solutions/threat-intelligence, Last accessed on January 30, 2019)
  4. “The 42nd China Statistical Report on Internet Development,”(http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwtjbg/201808/t20180820_70488.htm, Last accessed on February 1, 2019)
  5. “China Mobile Security Report in Q2 2017,” (http://zt.360.cn/1101061855.php?dtid=1101061451&did=490633771, Last accessed on February 1, 2019)
  6. “China Mobile Security Report in Q32018,” (http://zt.360.cn/1101061855.php?dtid=1101061451&did=210801941, Last accessed on February 1, 2019)
  7. Y. B. Zhongyang, Z. Xin, B. Mao, and L. Xie, “DroidAlarm: An All-Sided Static Analysis Tool for Android Privilege-Escalation Malware,” in Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 353-358, 2013
  8. S. Heuser, M. Negro, P. K. Pendyala, and A. R. Sadeghi, “DroidAuditor: Forensic Analysis of Application-Layer Privilege Escalation Attacks on Android,” in Proceedings of International Conference on Financial Cryptography and Data Security, pp. 260-268, 2017
  9. W. M. Zhou, Y. Q. Zhang, and X. F. Liu, “POSTER: A New Framework Against Privilege Escalation Attacks on Android,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 1411-1413, 2013
  10. S. Bhandari, F. Herbreteau, V. Laxmi, A. Zemmari, P. S. Roop, and M. S. Gaur, “Detecting Inter-App Information Leakage Paths,” in Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 908-910, 2017
  11. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A. R. Sadeghi, and B. Shastry, “Poster: The Quest for Security Against Privilege Escalation Attacks on Android,” in Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 741-744, 2011
  12. H. T. Lee, D. Kim, M. Park, and S. J. Cho, “Protecting Data on Android Platform Against Privilege Escalation Attack,” International Journal of Computer Mathematics, Vol. 93, No. 2, pp. 401-414, 2016
  13. R. H. Niazi, J. A. Shamsi, T. Waseem, and M. M. Khan, “Signature-based Detection of Privilege-Escalation Attacks on Android,” in Proceedings of 2015 Conference on Information Assurance and Cyber Security (CIACS), pp. 44-49, 2016
  14. “The Effectiveness of Install-Time Permission Systems for Third-Party Applications,” (http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-143.pdf, Last accessed on March12, 2019)
  15. C. Wang, R. B. Zhang, and G. Li, “Technology of Detection for Privilege Escalation Attack on Android,” Transducer and Microsystem Technologies, Vol. 36, No. 1, pp. 146-148, 2017
  16. D. Yu, “Research and Implementation of a Detection Method for Privilege Escalation Attack of Android System,” Peking University, Beijing, 2013
  17. D. Dasgupta, A. Roy, and D. Ghosh, “Multi-User Permission Strategy to Access Sensitive Information,” Information Sciences, Vol. 423, pp. 24-49, 2018
  18. D. J. Wu, C. H. Mao, T. E. Wei, H. M. Lee, and K. P. Wu, “DroidMat: Android Malware Detection Through Manifest and API Calls Tracing,” in Proceedings of the 2012 Seventh Asia Joint Conference on Information Security, pp. 62-69, 2012
  19. L. Davi, A. Dmitrienko, A. R. Sadeghi, and M. Winandy, “Privilege Escalation Attacks on Android,” in Proceedings of the 13th International Conference on Information Security, pp. 346-360, 2011
  20. K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie, “PScout: Analyzing the Android Permission Specification,” in Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 217-228, 2012
  21. S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, et al., “FlowDroid: PreciseContext, Flow, Field, Object-Sensitive and Lifecycle-Aware Taint Analysis for Android Apps,” in Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 259-269, 2014
  22. C. A. R. Hoare, “Communicating Sequential Processes,” Springer, New York, 1978
  23. R. Milner, “A Calculus of Communicating Systems,” Springer-Verlag, 1980

 

Please note : You will need Adobe Acrobat viewer to view the full articles.Get Free Adobe Reader

 
This site uses encryption for transmitting your passwords. ratmilwebsolutions.com