Abstract
Android is a modern and popular software platform for smartphones. Among its predominant features is an advanced security model which is based on application-oriented mandatory access control and sandboxing. This allows developers and users to restrict the execution of an application to the privileges it has (mandatorily) assigned at installation time. The exploitation of vulnerabilities in program code is hence believed to be confined within the privilege boundaries of an application’s sandbox. However, in this paper we show that a privilege escalation attack is possible. We show that a genuine application exploited at runtime or a malicious application can escalate granted permissions. Our results immediately imply that Android’s security model cannot deal with a transitive permission usage attack and Android’s sandbox model fails as a last resort against malware and sophisticated runtime attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
One, A.: Smashing the stack for fun and profit. Phrack Magazine 49(14) (1996)
Barrera, D., Kayacik, H.G., van Oorschot, P., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to Android. In: ACM CCS 2010 (October 2010)
Chaudhuri, A.: Language-based security on Android. In: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, PLAS 2009, pp. 1–7 (2009)
Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.-R., Shacham, H., Winandy, M.: Return-oriented programming without returns. In: ACM CCS 2010 (October 2010)
Chiueh, T., Hsu, F.-H.: RAD: A compile-time solution to buffer overflow attacks. In: International Conference on Distributed Computing Systems, pp. 409–417. IEEE Computer Society, Los Alamitos (2001)
cnet news. First SMS-sending Android Trojan reported (August 2010), http://news.cnet.com/8301-27080_3-20013222-245.html
Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Return-oriented programming without returns on ARM. Technical Report HGI-TR-2010-002, Ruhr-University Bochum (July 2010)
Davi, L., Sadeghi, A.-R., Winandy, M.: ROPdefender: A detection tool to defend against return-oriented programming attacks (March 2010), http://www.trust.rub.de/media/trust/veroeffentlichungen/2010/03/20/ROPdefender.pdf
Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In: USENIX Symposium on Operating Systems Design and Implementation (October 2010)
Enck, W., Ongtang, M., McDaniel, P.: Mitigating Android software misuse before it happens. Technical Report NAS-TR-0094-2008, Pennsylvania State University (September 2008)
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: ACM CCS 2009, pp. 235–245. ACM, New York (2009)
Enck, W., Ongtang, M., McDaniel, P.: Understanding Android security. IEEE Security and Privacy 7(1), 50–57 (2009)
Gupta, S., Pratap, P., Saran, H., Arun-Kumar, S.: Dynamic code instrumentation to detect and recover from return address corruption. In: WODA 2006, pp. 65–72. ACM, New York (2006)
Lineberry, A., Richardson, D.L., Wyatt, T.: These aren’t the permissions you’re looking for. In: BlackHat USA 2010 (2010), http://dtors.files.wordpress.com/2010/08/blackhat-2010-slides.pdf
Microsoft. A detailed description of the data execution prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003 (2006), http://support.microsoft.com/kb/875352/EN-US/
Moore, H.D.: Cracking the iPhone (2007), http://blog.metasploit.com/2007/10/cracking-iphone-part-1.html
Mulliner, C.: Fuzzing the phone in your phones. In: Black Hat USA (June 2009), http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf
Nauman, M., Khan, S., Zhang, X.: Apex: Extending Android permission model and enforcement with user-defined runtime constraints. In: ASIACCS 2010, pp. 328–332. ACM, New York (2010)
Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in Android. In: ACSAC 2009, pp. 340–349. IEEE Computer Society, Los Alamitos (2009)
Palm Source, Inc. Open Binder. Version 1 (2005), http://www.angryredplanet.com/~hackbod/openbinder/docs/html/index.html
PaX Team, http://pax.grsecurity.net/
Pincus, J., Baker, B.: Beyond stack smashing: Recent advances in exploiting buffer overruns. IEEE Security and Privacy 2(4), 20–27 (2004)
Schmidt, A.-D., Schmidt, H.-G., Batyuk, L., Clausen, J.H., Camtepe, S.A., Albayrak, S., Yildizli, C.: Smartphone malware evolution revisited: Android next target? In: Proceedings of the 4th IEEE International Conference on Malicious and Unwanted Software (Malware 2009), pp. 1–7 (2009)
Schmidt, A.-D., Schmidt, H.-G., Clausen, J., Yuksel, K.A., Kiraz, O., Camtepe, A., Albayrak, S.: Enhancing security of Linux-based Android devices. In: 15th International Linux Kongress, Lehmann (October 2008)
Shabtai, A., Fledel, Y., Elovici, Y.: Securing Android-powered mobile devices using SELinux. IEEE Security and Privacy 8, 36–44 (2010)
Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S.: Google Android: A state-of-the-art review of security mechanisms. CoRR, abs/0912.5101 (2009)
Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google Android: A comprehensive security assessment. IEEE Security and Privacy 8(2), 35–44 (2010)
Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In: ACM CCS 2007, pp. 552–561 (2007)
Shin, W., Kiyomoto, S., Fukushima, K., Tanaka, T.: A formal model to analyze the permission authorization and enforcement in the Android framework. Invited paper. In: SecureCom 2010 (2010)
Tan, G., Croft, J.: An empirical security study of the native code in the JDK. In: Proceedings of the 17th Conference on Security Symposium, SS 2008, pp. 365–377. USENIX Association, Berkeley (2008)
Vendicator. Stack Shield: A ”stack smashing” technique protection tool for Linux, http://www.angelfire.com/sk/stackshield
Vennon, T.: Android malware. A study of known and potential malware threats. Technical report, SMobile Global Threat Center (February 2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Davi, L., Dmitrienko, A., Sadeghi, AR., Winandy, M. (2011). Privilege Escalation Attacks on Android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds) Information Security. ISC 2010. Lecture Notes in Computer Science, vol 6531. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-18178-8_30
Download citation
DOI: https://doi.org/10.1007/978-3-642-18178-8_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-18177-1
Online ISBN: 978-3-642-18178-8
eBook Packages: Computer ScienceComputer Science (R0)