{"title":"Curtailing privilege escalation attacks over asynchronous channels on Android","authors":"Katharina Mollus, D. Westhoff, T. Markmann","doi":"10.1109/I4CS.2014.6860558","DOIUrl":null,"url":null,"abstract":"Recently we presented QuantDroid [7], a quantitative approach towards mitigating privilege escalation attacks on Android. By monitoring all synchronous IPC via overt channels on-the-fly, a so called flow-graph service detects an abnormal amount of traffic exchanged between DVMs running different Apps to indicate a potential horizontal privilege escalation attack. However, although certainly a valuable first step, our initial QuantDroid approach fails when dealing with asynchronous IPC via persistent storage containers on the Android system. To also address this issue, in this work we extend QuantDroid to QuantDroid++ by providing i) a central storage of taints when operating on system-internal databases of Android, ii) an extension of the SQL cursor object to preserve taints and link requested data with such taints, and, finally iii) an inspection of the information flow with such newly available taints for all relevant database operations.","PeriodicalId":226884,"journal":{"name":"2014 14th International Conference on Innovations for Community Services (I4CS)","volume":"251 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 14th International Conference on Innovations for Community Services (I4CS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/I4CS.2014.6860558","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
Abstract
Recently we presented QuantDroid [7], a quantitative approach towards mitigating privilege escalation attacks on Android. By monitoring all synchronous IPC via overt channels on-the-fly, a so called flow-graph service detects an abnormal amount of traffic exchanged between DVMs running different Apps to indicate a potential horizontal privilege escalation attack. However, although certainly a valuable first step, our initial QuantDroid approach fails when dealing with asynchronous IPC via persistent storage containers on the Android system. To also address this issue, in this work we extend QuantDroid to QuantDroid++ by providing i) a central storage of taints when operating on system-internal databases of Android, ii) an extension of the SQL cursor object to preserve taints and link requested data with such taints, and, finally iii) an inspection of the information flow with such newly available taints for all relevant database operations.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
