Detecting applications with excessive privileges and applications vulnerable to privilege escalation attack in android

The rapid growth of capabilities and various services provided by smartphones transformed this device to a repository of private data and important resources and consequently an attractive target for attackers. Among the leaders in the world of smartphones, Android is a novel platform with rapidly g...

Full description

Saved in:
Bibliographic Details
Main Author: Kashefi, Iman
Format: Thesis
Language:English
Published: 2013
Subjects:
Online Access:http://eprints.utm.my/id/eprint/34602/1/ImanKashefiMFC2013.pdf
http://eprints.utm.my/id/eprint/34602/
http://dms.library.utm.my:8080/vital/access/manager/Repository/vital:82637?queryType=vitalDismax&query=+Detecting+applications+with+excessive+privileges+and+applications+vulnerable+to+privilege+escalation+attack+in+android&public=true
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.utm.34602
record_format eprints
spelling my.utm.346022021-06-10T02:35:58Z http://eprints.utm.my/id/eprint/34602/ Detecting applications with excessive privileges and applications vulnerable to privilege escalation attack in android Kashefi, Iman Unspecified The rapid growth of capabilities and various services provided by smartphones transformed this device to a repository of private data and important resources and consequently an attractive target for attackers. Among the leaders in the world of smartphones, Android is a novel platform with rapidly growing market share. Number of Android users grows tremendously and preliminary study has shown that there are a number of the users that have little or no knowledge about the security of android based platforms. This is a serious issue because Android has delegated security decisions to the users themselves and furthermore there is no effective auditing on application development in android market. This research focuses on the most important attacks in Android which are concerned with the applications try to acquire excessive privileges by user approval, colluding together or even misusing other applications. The detection mechanisms proposed in this study addressed the mentioned attacks by proposing a method for detecting applications which are able to collude together to acquire excessive privileges and also a method to improve the precision of the existing mechanism for detecting applications vulnerable to be misused by privilege escalation attack. Excessive privileges are detected primarily by checking the application ability to share their permissions and then by comparing the acquired permissions against a set of predefined rules. Proposed mechanisms are integrated and implemented in form of an Android application by using Java (Android) language. The functionality of the implemented application is tested and validated by applying it on a series of applications downloaded from “Google play” and comparing the results with the existing methods. Experiments showed that the mechanism is able to detect applications vulnerable to privilege escalation attack accurately and also applications which are able to collude to obtain excessive permissions and were ignored by the existing methods. 2013 Thesis NonPeerReviewed application/pdf en http://eprints.utm.my/id/eprint/34602/1/ImanKashefiMFC2013.pdf Kashefi, Iman (2013) Detecting applications with excessive privileges and applications vulnerable to privilege escalation attack in android. Masters thesis, Universiti Teknologi Malaysia, Faculty of Computer Science and Information System. http://dms.library.utm.my:8080/vital/access/manager/Repository/vital:82637?queryType=vitalDismax&query=+Detecting+applications+with+excessive+privileges+and+applications+vulnerable+to+privilege+escalation+attack+in+android&public=true
institution Universiti Teknologi Malaysia
building UTM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknologi Malaysia
content_source UTM Institutional Repository
url_provider http://eprints.utm.my/
language English
topic Unspecified
spellingShingle Unspecified
Kashefi, Iman
Detecting applications with excessive privileges and applications vulnerable to privilege escalation attack in android
description The rapid growth of capabilities and various services provided by smartphones transformed this device to a repository of private data and important resources and consequently an attractive target for attackers. Among the leaders in the world of smartphones, Android is a novel platform with rapidly growing market share. Number of Android users grows tremendously and preliminary study has shown that there are a number of the users that have little or no knowledge about the security of android based platforms. This is a serious issue because Android has delegated security decisions to the users themselves and furthermore there is no effective auditing on application development in android market. This research focuses on the most important attacks in Android which are concerned with the applications try to acquire excessive privileges by user approval, colluding together or even misusing other applications. The detection mechanisms proposed in this study addressed the mentioned attacks by proposing a method for detecting applications which are able to collude together to acquire excessive privileges and also a method to improve the precision of the existing mechanism for detecting applications vulnerable to be misused by privilege escalation attack. Excessive privileges are detected primarily by checking the application ability to share their permissions and then by comparing the acquired permissions against a set of predefined rules. Proposed mechanisms are integrated and implemented in form of an Android application by using Java (Android) language. The functionality of the implemented application is tested and validated by applying it on a series of applications downloaded from “Google play” and comparing the results with the existing methods. Experiments showed that the mechanism is able to detect applications vulnerable to privilege escalation attack accurately and also applications which are able to collude to obtain excessive permissions and were ignored by the existing methods.
format Thesis
author Kashefi, Iman
author_facet Kashefi, Iman
author_sort Kashefi, Iman
title Detecting applications with excessive privileges and applications vulnerable to privilege escalation attack in android
title_short Detecting applications with excessive privileges and applications vulnerable to privilege escalation attack in android
title_full Detecting applications with excessive privileges and applications vulnerable to privilege escalation attack in android
title_fullStr Detecting applications with excessive privileges and applications vulnerable to privilege escalation attack in android
title_full_unstemmed Detecting applications with excessive privileges and applications vulnerable to privilege escalation attack in android
title_sort detecting applications with excessive privileges and applications vulnerable to privilege escalation attack in android
publishDate 2013
url http://eprints.utm.my/id/eprint/34602/1/ImanKashefiMFC2013.pdf
http://eprints.utm.my/id/eprint/34602/
http://dms.library.utm.my:8080/vital/access/manager/Repository/vital:82637?queryType=vitalDismax&query=+Detecting+applications+with+excessive+privileges+and+applications+vulnerable+to+privilege+escalation+attack+in+android&public=true
_version_ 1703960425517809664
score 13.211869