Sciweavers

ISW
2010
Springer

Privilege Escalation Attacks on Android

13 years 10 months ago
Privilege Escalation Attacks on Android
Abstract. Android is a modern and popular software platform for smartphones. Among its predominant features is an advanced security model which is based on application-oriented mandatory access control and sandboxing. This allows developers and users to restrict the execution of an application to the privileges it has (mandatorily) assigned at installation time. The exploitation of vulnerabilities in program code is hence believed to be confined within the privilege boundaries of an application's sandbox. However, in this paper we show that a privilege escalation attack is possible. We show that a genuine application exploited at runtime or a malicious application can escalate granted permissions. Our results immediately imply that Android's security model cannot deal with a transitive permission usage attack and Android's sandbox model fails as a last resort against malware and sophisticated runtime attacks.
Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeg
Added 13 Feb 2011
Updated 13 Feb 2011
Type Journal
Year 2010
Where ISW
Authors Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy
Comments (0)