RGBDroid: a novel response-based approach to android privilege escalation attacks - Citegraph

Paper Info

Title
RGBDroid: a novel response-based approach to android privilege escalation attacks

Abstract
Recent malware often collects sensitive information from third-party applications with an illegally escalated privilege to the system level (the highest level) on the Android platform. An attack to obtain root-level privilege in an Android environment can pose a serious threat to users because it breaks down the whole security system. RGBDroid (Rooting Good-Bye on Droid) is an extension to the Android smartphone platform that effectively detects and responds to the attacks associated with escalation or abuse of privileges. Considering the Android security model, which dictates that users are not allowed to get root-level privilege and that root-level privilege should be restrictively used, RGBDroid can find out whether an application illegally acquires root-level privilege, and does not permit an illegal root-level process to access protected resources according to the principle of least privilege. RGBDroid protects the Android system against malicious applications even when malware obtains root-level privilege by exploiting vulnerabilities of the Android platform. This paper shows that i) a system can still be safely protected even after the system security is breached by privilege escalation attacks, and ii) our proposed response technique has comparative advantage over conventional prevention techniques in terms of operational overhead which can lead to significant deterioration of overall system performance. RGBDroid has been implemented on an embedded board and verified experimentally.

Year	Venue	Keywords
2012	LEET	android environment,system level,root-level privilege,android smartphone platform,android platform,android security model,privilege escalation attack,android system,novel response-based approach,overall system performance,illegal root-level process
Field	DocType	Citations
Privilege separation,Internet privacy,Android (operating system),Principle of least privilege,Security system,Computer science,Privilege escalation,Computer security,Malware,Information sensitivity,Vulnerability	Conference	3
PageRank	References	Authors
0.42	7	7

Authors (7 rows)

Cited by (3 rows)

References (7 rows)

Name	Order	Citations	PageRank
Yeongung Park	1	6	1.16
ChoongHyun Lee	2	56	2.43
Chanhee Lee	3	116	8.33
JiHyeog Lim	4	3	0.42
Sangchul Han	5	57	11.76
Minkyu Park	6	97	25.21
Seong-Je Cho	7	124	27.85

1