Abstract | ||
---|---|---|
Recent malware often collects sensitive information from third-party applications with an illegally escalated privilege to the system level (the highest level) on the Android platform. An attack to obtain root-level privilege in an Android environment can pose a serious threat to users because it breaks down the whole security system. RGBDroid (Rooting Good-Bye on Droid) is an extension to the Android smartphone platform that effectively detects and responds to the attacks associated with escalation or abuse of privileges. Considering the Android security model, which dictates that users are not allowed to get root-level privilege and that root-level privilege should be restrictively used, RGBDroid can find out whether an application illegally acquires root-level privilege, and does not permit an illegal root-level process to access protected resources according to the principle of least privilege. RGBDroid protects the Android system against malicious applications even when malware obtains root-level privilege by exploiting vulnerabilities of the Android platform. This paper shows that i) a system can still be safely protected even after the system security is breached by privilege escalation attacks, and ii) our proposed response technique has comparative advantage over conventional prevention techniques in terms of operational overhead which can lead to significant deterioration of overall system performance. RGBDroid has been implemented on an embedded board and verified experimentally. |
Year | Venue | Keywords |
---|---|---|
2012 | LEET | android environment,system level,root-level privilege,android smartphone platform,android platform,android security model,privilege escalation attack,android system,novel response-based approach,overall system performance,illegal root-level process |
Field | DocType | Citations |
Privilege separation,Internet privacy,Android (operating system),Principle of least privilege,Security system,Computer science,Privilege escalation,Computer security,Malware,Information sensitivity,Vulnerability | Conference | 3 |
PageRank | References | Authors |
0.42 | 7 | 7 |
Name | Order | Citations | PageRank |
---|---|---|---|
Yeongung Park | 1 | 6 | 1.16 |
ChoongHyun Lee | 2 | 56 | 2.43 |
Chanhee Lee | 3 | 116 | 8.33 |
JiHyeog Lim | 4 | 3 | 0.42 |
Sangchul Han | 5 | 57 | 11.76 |
Minkyu Park | 6 | 97 | 25.21 |
Seong-Je Cho | 7 | 124 | 27.85 |