Role Behavior Detection Method of Privilege Escalation Attacks for Android Applications

doi:10.23940/ijpe.19.06.p14.16311641

Int J Performability Eng ›› 2019, Vol. 15 ›› Issue (6): 1631-1641.doi: 10.23940/ijpe.19.06.p14.16311641

Previous Articles Next Articles

Role Behavior Detection Method of Privilege Escalation Attacks for Android Applications

Hui Li^a,b,*, Limin Shen^a, Chuan Ma^a, and Mingyuan Liu^a

a School of Information Science and Engineering, Yanshan University, Qinhuangdao, 066004, China
b School of Business Administration, Hebei Normal University of Science and Technology, Qinhuangdao, 066004, China

Submitted on ;
Contact: * E-mail address: lh_23@163.com
About author:Hui Li is a doctoral student in the School of Computer Science and Technology at Yanshan University. Her research interests include information security, mobile application security, and mobile information systems.Limin Shen graduated from the School of Computer Science and Technology at Yanshan University with a Ph.D. He visited Illinois Institute of Technology in the U.S.A. for collaborative research from 2005 to 2007. He is currently a professor and Ph.D. supervisor at Yanshan University. He is also a senior member of CCF and a member of the China Software Engineering Professional Committee. His current research interests include information security, collaborative computing, and system integration.Chuan Ma received his doctoral degree in computer science and technology from Yanshan University. His research interests include information security and mobile security.Mingyuan Liu is a master's student in the School of Computer Science and Technology at Yanshan University. Her research interests include information security and network security.
Supported by:
This work was partly financially supported through grants from the National Natural Science Foundation of China (No. 61772450), Natural Science Foundation of Hebei Province (No. F2017203307, F2016203290), Science and Technology Project of Hebei Province (No.17210701D), and Youth Fund for Science and Technology Research of Institution of Higher Education in Hebei Province (No. QN2016073).

Abstract

Abstract: For privilege escalation attacks in the Android system, the detection method of role behavior was proposed based on component features and process algebra. The classification of roles was constructed from the analysis of the privilege escalation attack model. Feature extraction from components includes component permissions, component communication, API calls, and sensitive data flow. Process algebra was used to construct modes of role behavior, and roles of applications were identified through equivalence relation. Finally, the dangerous path was detected in multi-applications, and then applications constituting to privilege escalation attacks were ascertained. The experiment showed that the proposed method can effectively detect privilege escalation attacks, the potential safe hazards in applications were pointed out, and the role of applications was identified.

Key words: Android, privilege escalation attack, role behavior, detection method, process algebra

Hui Li, Limin Shen, Chuan Ma, and Mingyuan Liu. Role Behavior Detection Method of Privilege Escalation Attacks for Android Applications [J]. Int J Performability Eng, 2019, 15(6): 1631-1641.

Add to citation manager EndNote|Reference Manager|ProCite|BibTeX|RefWorks

References

[1] S. H. Qing, “Research Progress on Android Security,” Journal of Software, Vol. 27, No. 1, pp. 45-71, 2016
[2] “Nokia Threat Intelligence Report-2017,”(https://networks.nokia.com/solutions/threat-intelligence, Last accessed on January 30, 2019)
[3] “Nokia Threat Intelligence Report-2019,”(https://networks.nokia.com/solutions/threat-intelligence, Last accessed on January 30, 2019)
[4] “The 42nd China Statistical Report on Internet Development,”
(http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwtjbg/201808/t20180820_70488.htm, Last accessed on February 1, 2019)
[5] “China Mobile Security Report in Q2 2017,” ( Q2 2017,” (http://zt.360.cn/1101061855.php?dtid=1101061451&did=490633771, Last accessed on February 1, 2019
[6] “China Mobile Security Report in Q32018,” (http://zt.360.cn/1101061855.php?dtid=1101061451&did=210801941, Last accessed on February 1, 2019
[7] Y. B. Zhongyang, Z. Xin, B. Mao,L. Xie, “DroidAlarm: An All-Sided Static Analysis Tool for Android Privilege-Escalation Malware,” in Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 353-358, 2013
[8] S. Heuser, M. Negro, P. K. Pendyala,A. R. Sadeghi, “DroidAuditor: Forensic Analysis of Application-Layer Privilege Escalation Attacks on Android,” inProceedings of International Conference on Financial Cryptography and Data Security, pp. 260-268, 2017
[9] W. M. Zhou, Y. Q. Zhang, and X. F. Liu, “POSTER: A New Framework Against Privilege Escalation Attacks on Android,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 1411-1413, 2013
[10] S. Bhandari, F. Herbreteau, V. Laxmi, A. Zemmari, P. S. Roop, and M. S. Gaur, “Detecting Inter-App Information Leakage Paths,” in Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 908-910, 2017
[11] S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A. R. Sadeghi,B. Shastry, “Poster: The Quest for Security Against Privilege Escalation Attacks on Android,” in Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 741-744, 2011
[12] H. T. Lee, D. Kim, M. Park,S. J. Cho, “Protecting Data on Android Platform Against Privilege Escalation Attack,” International Journal of Computer Mathematics, Vol. 93, No. 2, pp. 401-414, 2016
[13] R. H. Niazi, J. A. Shamsi, T. Waseem, and M. M. Khan, “Signature-based Detection of Privilege-Escalation Attacks on Android,” in Proceedings of 2015 Conference on Information Assurance and Cyber Security (CIACS), pp. 44-49, 2016
[14] “The Effectiveness of Install-Time Permission Systems for Third-Party Applications,”
(http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-143.pdf, Last accessed on March12, 2019)
[15] C. Wang, R. B. Zhang,G. Li, “Technology of Detection for Privilege Escalation Attack on Android,” Transducer and Microsystem Technologies, Vol. 36, No. 1, pp. 146-148, 2017
[16] D. Yu, “Research and Implementation of a Detection Method for Privilege Escalation Attack of Android System,” Peking University, Beijing, 2013
[17] D. Dasgupta, A. Roy,D. Ghosh, “Multi-User Permission Strategy to Access Sensitive Information,”Information Sciences, Vol. 423, pp. 24-49, 2018
[18] D. J. Wu, C. H. Mao, T. E. Wei, H. M. Lee, and K. P. Wu, “DroidMat: Android Malware Detection Through Manifest and API Calls Tracing,” in Proceedings of the 2012 Seventh Asia Joint Conference on Information Security, pp. 62-69, 2012
[19] L. Davi, A. Dmitrienko, A. R. Sadeghi,M. Winandy, “Privilege Escalation Attacks on Android,” inProceedings of the 13th International Conference on Information Security, pp. 346-360, 2011
[20] K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie, “PScout: Analyzing the Android Permission Specification,” in Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 217-228, 2012
[21] S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, et al., “FlowDroid: PreciseContext, Flow, Field, Object-Sensitive and Lifecycle-Aware Taint Analysis for Android Apps,” inProceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 259-269, 2014
[22] C. A. R.Hoare, “Communicating Sequential Processes,” Springer, New York, 1978
[23] R. Milner, “A Calculus of Communicating Systems,” Springer-Verlag, 1980

Role Behavior Detection Method of Privilege Escalation Attacks for Android Applications

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 2

Recommended 0

[1]	Kaire Anupama, Y. Chalapathi Rao, Vijaya Kumar Gurrala. A Machine Learning Approach to Monitor Water Quality in Aquaculture [J]. Int J Performability Eng, 2020, 16(12): 1845-1852.
[2]	Song Huang, Sen Yang, Yongming Yao, and Lele Chen. Equivalent Version Sets Testing Method for Android Applications based on Code Analysis [J]. Int J Performability Eng, 2019, 15(7): 2008-2018.