Android Permission System Violation: Case Study and Refinement
نویسندگان
چکیده
Android uses permissions for application security management. Android also allows inter-application communication (IAC), which enables cooperation between different applications to perform complex tasks by using some components and Intents. In other words, Android provides more flexibility and places less restriction on application development. This is a major feature that differentiates Android from its competitors. However, IAC also facilitates malicious applications that can collude in attacks of privilege escalation. In this paper, the authors demonstrate with case studies that all IAC channels can potentially be utilized for privilege escalation attacks, and the authors propose a refinement to solve this problem by enforcing IAC permissions and exposing IAC to users. Android Permission System Violation: Case Study and Refinement
منابع مشابه
ریسک سنج: ابزاری برای سنجش دقیق میزان ریسک امنیتی برنامهها در دستگاههای همراه
Nowadays smartphones and tablets are widely used due to their various capabilities and features for end users. In these devices, accessing a wide range of services and sensitive information including private personal data, contact list, geolocation, sending and receiving messages, accessing social networks and etc. are provided via numerous application programs. These types of accessibilities, ...
متن کاملAndroid Multi-Level System Permission Management Approach
With the expansion of the market share occupied by the Android platform, security issues (especially application security) have become attention focus of researchers. In fact, the existing methods lack the capabilities to manage application permissions without root privilege. This study proposes a dynamic management mechanism of Android application permissions based on security policies. The pa...
متن کاملContextual Policy Enforcement in Android Applications with Permission Event Graphs
ion Phase Verification Phase Apps Permission Event Graph Conformance or counterexamples Policies Approach Overview Case Study: Geotag "Mark location of your photos" Case Study: Geotag "Mark location of your photos" Case Study: Geotag "Mark location of your photos" Case Study: SMS Replicator Secret A spyware that secretly forwards every SMS to another number. Case Study: SMS Replicator Secret A ...
متن کاملOn the Security and Engineering Implications of Finer-Grained Access Controls for Android Developers and Users
One of the main security mechanisms in Android is the permission system. Previous research has pointed out that this system is too coarse-grained. Hence, several mechanisms have been proposed to address this issue. However, to date, the impact of changes in the current permission system on both end users and software developers has not been studied, and no significant work has been done to dete...
متن کاملA Contextually-Aware, Privacy-Preserving Android Permission Model
Smartphones contain a large amount of highly personal data, much of it accessible to third-party applications. Much of this information is safeguarded by a permission model, which regulates access to this information. This work primarily focuses on improving the Android permission model, which is known to have notoriously large amounts of sensitive data leakage, but many of its findings can be ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IJEEI
دوره 4 شماره
صفحات -
تاریخ انتشار 2013