{"title":"减少Android上异步通道上的特权升级攻击","authors":"Katharina Mollus, D. Westhoff, T. Markmann","doi":"10.1109/I4CS.2014.6860558","DOIUrl":null,"url":null,"abstract":"Recently we presented QuantDroid [7], a quantitative approach towards mitigating privilege escalation attacks on Android. By monitoring all synchronous IPC via overt channels on-the-fly, a so called flow-graph service detects an abnormal amount of traffic exchanged between DVMs running different Apps to indicate a potential horizontal privilege escalation attack. However, although certainly a valuable first step, our initial QuantDroid approach fails when dealing with asynchronous IPC via persistent storage containers on the Android system. To also address this issue, in this work we extend QuantDroid to QuantDroid++ by providing i) a central storage of taints when operating on system-internal databases of Android, ii) an extension of the SQL cursor object to preserve taints and link requested data with such taints, and, finally iii) an inspection of the information flow with such newly available taints for all relevant database operations.","PeriodicalId":226884,"journal":{"name":"2014 14th International Conference on Innovations for Community Services (I4CS)","volume":"251 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Curtailing privilege escalation attacks over asynchronous channels on Android\",\"authors\":\"Katharina Mollus, D. Westhoff, T. Markmann\",\"doi\":\"10.1109/I4CS.2014.6860558\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recently we presented QuantDroid [7], a quantitative approach towards mitigating privilege escalation attacks on Android. By monitoring all synchronous IPC via overt channels on-the-fly, a so called flow-graph service detects an abnormal amount of traffic exchanged between DVMs running different Apps to indicate a potential horizontal privilege escalation attack. However, although certainly a valuable first step, our initial QuantDroid approach fails when dealing with asynchronous IPC via persistent storage containers on the Android system. To also address this issue, in this work we extend QuantDroid to QuantDroid++ by providing i) a central storage of taints when operating on system-internal databases of Android, ii) an extension of the SQL cursor object to preserve taints and link requested data with such taints, and, finally iii) an inspection of the information flow with such newly available taints for all relevant database operations.\",\"PeriodicalId\":226884,\"journal\":{\"name\":\"2014 14th International Conference on Innovations for Community Services (I4CS)\",\"volume\":\"251 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-06-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 14th International Conference on Innovations for Community Services (I4CS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/I4CS.2014.6860558\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 14th International Conference on Innovations for Community Services (I4CS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/I4CS.2014.6860558","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Curtailing privilege escalation attacks over asynchronous channels on Android
Recently we presented QuantDroid [7], a quantitative approach towards mitigating privilege escalation attacks on Android. By monitoring all synchronous IPC via overt channels on-the-fly, a so called flow-graph service detects an abnormal amount of traffic exchanged between DVMs running different Apps to indicate a potential horizontal privilege escalation attack. However, although certainly a valuable first step, our initial QuantDroid approach fails when dealing with asynchronous IPC via persistent storage containers on the Android system. To also address this issue, in this work we extend QuantDroid to QuantDroid++ by providing i) a central storage of taints when operating on system-internal databases of Android, ii) an extension of the SQL cursor object to preserve taints and link requested data with such taints, and, finally iii) an inspection of the information flow with such newly available taints for all relevant database operations.