Title :
A privilege escalation vulnerability checking system for android applications
Author :
Chan, Patrick P F ; Hui, Lucas C K ; Yiu, S.M.
Author_Institution :
Dept. of Comput. Sci., Univ. of Hong Kong, Hong Kong, China
Abstract :
Android is a free, open source mobile platform based on the Linux kernel. The openness of the application platform attracts developers, both benign and malicious. Android depends on privilege separation to isolate applications from each other and from the system. However, a recent research reported that a genuine application exploited at runtime or a malicious application can escalate granted permissions. The attack depends on a carelessly designed application which fails to protect the permissions granted to it. In this research, we propose a vulnerability checking system to check if an application can be potentially leveraged by an attacker to launch such privilege escalation attack. We downloaded 1038 applications from the wild and found 217 potentially vulnerable applications that need further inspection.
Keywords :
Linux; operating systems (computers); security of data; Android applications; Linux kernel; malicious application; open source mobile platform; privilege escalation vulnerability checking system; Androids; History; Humanoid robots; Java; Operating systems; Receivers; Security;
Conference_Titel :
Communication Technology (ICCT), 2011 IEEE 13th International Conference on
Conference_Location :
Jinan
Print_ISBN :
978-1-61284-306-3
DOI :
10.1109/ICCT.2011.6157963
