Privilege Escalation Detecting in Android Applications

被引:3
|
作者
Zhong, Xingqiu [1 ]
Zeng, Fanping [1 ,2 ]
Cheng, Zhichao [1 ]
Xie, Niannian [1 ]
Qin, Xiaoxia [1 ]
Guo, Shuli [1 ]
机构
[1] Univ Sci & Technol China, Sch Comp Sci & Technol, Hefei, Anhui, Peoples R China
[2] Anhui Prov Key Lab Software Comp & Commun, Hefei, Anhui, Peoples R China
来源
2017 3RD INTERNATIONAL CONFERENCE ON BIG DATA COMPUTING AND COMMUNICATIONS (BIGCOM) | 2017年
关键词
Android Applications; Privilege Escalation; Control Flow Analysis;
D O I
10.1109/BIGCOM.2017.21
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
As the most popular mobile operating system, there are large amount of applications developed for Android. Considering security issues, developers are forced to declare relative permissions in manifest file when they need to use sensitive APIs. With the ability of inter-component communication (ICC) provided by Android, malicious applications can indirectly call sensitive APIs through components exposed by other applications, leading to privilege escalation. To address this problem, we propose a method to detect this kind of privilege escalation between two applications. First, we compare the permission sets of both applications. Then, if necessary we identify call links between two applications and perform inter-application control flow analysis. Finally, according to the result of control flow analysis, we can judge whether the privilege escalation exists. As the experiment result shows, our method can accurately detect privilege escalation between two applications.
引用
收藏
页码:39 / 44
页数:6
相关论文
共 50 条
  • [31] DryJIN: Detecting Information Leaks in Android Applications
    Choi, Minseong
    Im, Yubin
    Ko, Steve
    Kwon, Yonghwi
    Jeon, Yuseok
    Cho, Haehyun
    ICT SYSTEMS SECURITY AND PRIVACY PROTECTION, SEC 2024, 2024, 710 : 76 - 90
  • [32] Detecting Stubborn Permission Requests in Android Applications
    Huang, Jianmeng
    Huang, Wenchao
    Miao, Fuyou
    Xiong, Yan
    2018 4TH INTERNATIONAL CONFERENCE ON BIG DATA COMPUTING AND COMMUNICATIONS (BIGCOM 2018), 2018, : 84 - 89
  • [33] CapaDroid: Detecting Capability Leak for Android Applications
    Wu, Tianjun
    Yang, Yuexiang
    SECURITY, PRIVACY AND ANONYMITY IN COMPUTATION, COMMUNICATION AND STORAGE, (SPACCS 2016), 2016, 0067 : 95 - 104
  • [34] Detecting possibly unimplemented methods in android applications
    Nagura M.
    Usui H.
    Takada S.
    Computer Software, 2021, 38 (02) : 71 - 89
  • [35] A Model-Driven-Reverse Engineering Approach for Detecting Privilege Escalation in IoT Systems
    Alalfi, Manar H.
    Abu Zaid, Atheer
    Miri, Ali
    JOURNAL OF OBJECT TECHNOLOGY, 2023, 22 (01): : 1 - 21
  • [36] FIRMSCOPE: Automatic Uncovering of Privilege-Escalation Vulnerabilities in Pre-Installed Apps in Android Firmware
    Elsabagh, Mohamed
    Johnson, Ryan
    Stavrou, Angelos
    Zuo, Chaoshun
    Zhao, Qingchuan
    Lin, Zhiqiang
    PROCEEDINGS OF THE 29TH USENIX SECURITY SYMPOSIUM, 2020, : 2379 - 2396
  • [37] A qualitative analysis of privilege escalation
    Song, Xinyue
    Stinson, Michael
    Lee, Roger
    Albee, Paul
    IRI 2006: PROCEEDINGS OF THE 2006 IEEE INTERNATIONAL CONFERENCE ON INFORMATION REUSE AND INTEGRATION, 2006, : 363 - +
  • [38] Understanding and Detecting Callback Compatibility Issues for Android Applications
    Huang, Huaxun
    Wei, Lili
    Liu, Yepang
    Cheung, Shing-Chi
    PROCEEDINGS OF THE 2018 33RD IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMTED SOFTWARE ENGINEERING (ASE' 18), 2018, : 532 - 542
  • [39] IMGDroid: Detecting Image Loading Defects in Android Applications
    Song, Wei
    Han, Mengqi
    Huang, Jeff
    2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2021), 2021, : 823 - 834
  • [40] TriggerScope: Towards Detecting Logic Bombs in Android Applications
    Fratantonio, Yanick
    Bianchi, Antonio
    Robertson, William
    Kirda, Engin
    Kruegel, Christopher
    Vigna, Giovanni
    2016 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP), 2016, : 377 - 396
12345