Android Permission System Violation: Case Study and Refinement

Android Permission System Violation: Case Study and Refinement

Android uses permissions for application security management. Android also allows inter-application communication (IAC), which enables cooperation between different applications to perform complex tasks by using some components and Intents. In other words, Android provides more flexibility and place...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:International journal of e-entrepreneurship and innovation 2013-01, Vol.4 (1), p.16-27
Hauptverfasser: Han, Kyoung Soo, Lee, Yeoreum, Jiang, Biao, Im, Eul Gyu
Format: Artikel
Sprache:eng
Schlagworte:
Case studies
Channels
Constrictions
Cooperation
Exposure
Flexibility
Management
Operating systems
Security
Security management
Smartphones
Task complexity
Tasks
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Android uses permissions for application security management. Android also allows inter-application communication (IAC), which enables cooperation between different applications to perform complex tasks by using some components and Intents. In other words, Android provides more flexibility and places less restriction on application development. This is a major feature that differentiates Android from its competitors. However, IAC also facilitates malicious applications that can collude in attacks of privilege escalation. In this paper, the authors demonstrate with case studies that all IAC channels can potentially be utilized for privilege escalation attacks, and the authors propose a refinement to solve this problem by enforcing IAC permissions and exposing IAC to users.
ISSN:1947-8585
1947-8593
DOI:10.4018/jeei.2013010102