Skip to main content
SpringerLink
Log in

Privilege Escalation Attacks on Android

  • Conference paper
Book cover Information Security (ISC 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6531))

Included in the following conference series:

Abstract

Android is a modern and popular software platform for smartphones. Among its predominant features is an advanced security model which is based on application-oriented mandatory access control and sandboxing. This allows developers and users to restrict the execution of an application to the privileges it has (mandatorily) assigned at installation time. The exploitation of vulnerabilities in program code is hence believed to be confined within the privilege boundaries of an application’s sandbox. However, in this paper we show that a privilege escalation attack is possible. We show that a genuine application exploited at runtime or a malicious application can escalate granted permissions. Our results immediately imply that Android’s security model cannot deal with a transitive permission usage attack and Android’s sandbox model fails as a last resort against malware and sophisticated runtime attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. One, A.: Smashing the stack for fun and profit. Phrack Magazine 49(14) (1996)

    Google Scholar 

  2. Barrera, D., Kayacik, H.G., van Oorschot, P., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to Android. In: ACM CCS 2010 (October 2010)

    Google Scholar 

  3. Chaudhuri, A.: Language-based security on Android. In: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, PLAS 2009, pp. 1–7 (2009)

    Google Scholar 

  4. Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.-R., Shacham, H., Winandy, M.: Return-oriented programming without returns. In: ACM CCS 2010 (October 2010)

    Google Scholar 

  5. Chiueh, T., Hsu, F.-H.: RAD: A compile-time solution to buffer overflow attacks. In: International Conference on Distributed Computing Systems, pp. 409–417. IEEE Computer Society, Los Alamitos (2001)

    Chapter  Google Scholar 

  6. cnet news. First SMS-sending Android Trojan reported (August 2010), http://news.cnet.com/8301-27080_3-20013222-245.html

  7. Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Return-oriented programming without returns on ARM. Technical Report HGI-TR-2010-002, Ruhr-University Bochum (July 2010)

    Google Scholar 

  8. Davi, L., Sadeghi, A.-R., Winandy, M.: ROPdefender: A detection tool to defend against return-oriented programming attacks (March 2010), http://www.trust.rub.de/media/trust/veroeffentlichungen/2010/03/20/ROPdefender.pdf

  9. Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In: USENIX Symposium on Operating Systems Design and Implementation (October 2010)

    Google Scholar 

  10. Enck, W., Ongtang, M., McDaniel, P.: Mitigating Android software misuse before it happens. Technical Report NAS-TR-0094-2008, Pennsylvania State University (September 2008)

    Google Scholar 

  11. Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: ACM CCS 2009, pp. 235–245. ACM, New York (2009)

    Google Scholar 

  12. Enck, W., Ongtang, M., McDaniel, P.: Understanding Android security. IEEE Security and Privacy 7(1), 50–57 (2009)

    Article  Google Scholar 

  13. Gupta, S., Pratap, P., Saran, H., Arun-Kumar, S.: Dynamic code instrumentation to detect and recover from return address corruption. In: WODA 2006, pp. 65–72. ACM, New York (2006)

    Google Scholar 

  14. Lineberry, A., Richardson, D.L., Wyatt, T.: These aren’t the permissions you’re looking for. In: BlackHat USA 2010 (2010), http://dtors.files.wordpress.com/2010/08/blackhat-2010-slides.pdf

  15. Microsoft. A detailed description of the data execution prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003 (2006), http://support.microsoft.com/kb/875352/EN-US/

  16. Moore, H.D.: Cracking the iPhone (2007), http://blog.metasploit.com/2007/10/cracking-iphone-part-1.html

  17. Mulliner, C.: Fuzzing the phone in your phones. In: Black Hat USA (June 2009), http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf

  18. Nauman, M., Khan, S., Zhang, X.: Apex: Extending Android permission model and enforcement with user-defined runtime constraints. In: ASIACCS 2010, pp. 328–332. ACM, New York (2010)

    Google Scholar 

  19. Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in Android. In: ACSAC 2009, pp. 340–349. IEEE Computer Society, Los Alamitos (2009)

    Google Scholar 

  20. Palm Source, Inc. Open Binder. Version 1 (2005), http://www.angryredplanet.com/~hackbod/openbinder/docs/html/index.html

  21. PaX Team, http://pax.grsecurity.net/

  22. Pincus, J., Baker, B.: Beyond stack smashing: Recent advances in exploiting buffer overruns. IEEE Security and Privacy 2(4), 20–27 (2004)

    Article  Google Scholar 

  23. Schmidt, A.-D., Schmidt, H.-G., Batyuk, L., Clausen, J.H., Camtepe, S.A., Albayrak, S., Yildizli, C.: Smartphone malware evolution revisited: Android next target? In: Proceedings of the 4th IEEE International Conference on Malicious and Unwanted Software (Malware 2009), pp. 1–7 (2009)

    Google Scholar 

  24. Schmidt, A.-D., Schmidt, H.-G., Clausen, J., Yuksel, K.A., Kiraz, O., Camtepe, A., Albayrak, S.: Enhancing security of Linux-based Android devices. In: 15th International Linux Kongress, Lehmann (October 2008)

    Google Scholar 

  25. Shabtai, A., Fledel, Y., Elovici, Y.: Securing Android-powered mobile devices using SELinux. IEEE Security and Privacy 8, 36–44 (2010)

    Article  Google Scholar 

  26. Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S.: Google Android: A state-of-the-art review of security mechanisms. CoRR, abs/0912.5101 (2009)

    Google Scholar 

  27. Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google Android: A comprehensive security assessment. IEEE Security and Privacy 8(2), 35–44 (2010)

    Article  Google Scholar 

  28. Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In: ACM CCS 2007, pp. 552–561 (2007)

    Google Scholar 

  29. Shin, W., Kiyomoto, S., Fukushima, K., Tanaka, T.: A formal model to analyze the permission authorization and enforcement in the Android framework. Invited paper. In: SecureCom 2010 (2010)

    Google Scholar 

  30. Tan, G., Croft, J.: An empirical security study of the native code in the JDK. In: Proceedings of the 17th Conference on Security Symposium, SS 2008, pp. 365–377. USENIX Association, Berkeley (2008)

    Google Scholar 

  31. Vendicator. Stack Shield: A ”stack smashing” technique protection tool for Linux, http://www.angelfire.com/sk/stackshield

  32. Vennon, T.: Android malware. A study of known and potential malware threats. Technical report, SMobile Global Threat Center (February 2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. System Security Lab, Ruhr-University Bochum, Germany

    Lucas Davi, Alexandra Dmitrienko & Marcel Winandy

  2. Fraunhofer-Institut SIT Darmstadt, Technische Universität Darmstadt, Germany

    Ahmad-Reza Sadeghi

Authors
  1. Lucas Davi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexandra Dmitrienko
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ahmad-Reza Sadeghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Marcel Winandy
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Center for Security and Assurance in IT (C-SAIT), Department of Computer Science, Florida State University, 32306-4530, Tallahassee, FL, USA

    Mike Burmester

  2. Department of Computer Science, University of California, Irvine, 92697-3425, CA, USA

    Gene Tsudik

  3. Center for Cryptology and Information Security (CCIS), Department of Mathematical Sciences, Florida Atlantic University, 33431-0991, Boca Raton, FL, USA

    Spyros Magliveras

  4. Mathematical Sciences Department, Florida Atlantic University, 33431-0991, Boca Raton, FL, USA

    Ivana Ilić

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Davi, L., Dmitrienko, A., Sadeghi, AR., Winandy, M. (2011). Privilege Escalation Attacks on Android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds) Information Security. ISC 2010. Lecture Notes in Computer Science, vol 6531. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-18178-8_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-18178-8_30

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-18177-1

  • Online ISBN: 978-3-642-18178-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation