An Android Security Extension to Protect Personal Information against Illegal Accesses and Privilege Escalation Attacks

Yeongung Park, Chanhee Lee, Jonghwa Kim, Seong-je Cho, Jongmoo Choi
2012 Journal of Internet Services and Information Security  
Recently, it is widespread for malware to collect sensitive information owned by third-party applications as well as to escalate its privilege to the system level (the highest level) on the Android platform. An attack of obtaining root-level privilege in an Android environment can form a serious threat to users from the viewpoint of breaking down the whole security system. This paper proposes a new scheme that effectively prevents privilege escalation attacks and protects users' personal
more » ... tion in Android. Our proposed scheme can detect and respond to malware that illegally acquires rootlevel privilege using pWhitelist, a list of trusted programs with root-level permission. Moreover, the scheme does not permit even a privileged program to access users' personal information based on the principle of least privilege. As a result, it protects personal information against illegal accesses by malicious applications even though they illegally obtain root-level permissions by exploiting vulnerabilities of trusted programs.
doi:10.22667/jisis.2012.11.31.029 dblp:journals/jisis/ParkLKCC12 fatcat:7ssx3cdnpbcwjb2wdnz73ledlu