RGBDroid: A Novel Response-Based Approach to Android Privilege Escalation Attacks

Recent malware often collects sensitive information from third-party applications with an illegally escalated privilege to the system level (the highest level) on the Android platform. An attack to obtain root-level privilege in an Android environment can pose a serious threat to users because it breaks down the whole security system. RGBDroid (Rooting Good-Bye on Droid) is an extension to the Android smartphone platform that effectively detects and responds to the attacks associated with escalation or abuse of privileges. Considering the Android security model, which dictates that users are not allowed to get root-level privilege and that root-level privilege should be restrictively used, RGBDroid can find out whether an application illegally acquires root-level privilege, and does not permit an illegal root-level process to access protected resources according to the principle of least privilege. RGBDroid protects the Android system against malicious applications even when malware obtains root-level privilege by exploiting vulnerabilities of the Android platform. This paper shows that i) a system can still be safely protected even after the system security is breached by privilege escalation attacks, and ii) our proposed response technique has comparative advantage over conventional prevention techniques in terms of operational overhead which can lead to significant deterioration of overall system performance. RGBDroid has been implemented on an embedded board and verified experimentally.