Towards Taming Privilege-Escalation Attacks on Android

Author(s): Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad-Reza Sadeghi and Bhargava Shastry

Download: Paper (PDF)

Date: 7 Feb 2012

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2012

Abstract:

Android is vulnerable to application-level privilege escalation attacks (confused deputy and colluding applications). We present the design and implementation of a security framework for Android towards mitigating these attacks through a system-centric and policy-driven approach with runtime monitoring of communication channels between applications at multiple layers (middleware IPC, file-system, and network).