Abstract
Vulnerabilities in Android kernel give opportunity for attacker to damage the system. Privilege escalation is one of the most dangerous attacks, as it helps attacker to gain root privilege by exploiting kernel vulnerabilities. Mitigation technologies, static detection methods and dynamic defense methods have been suggested to prevent privilege escalation attack, but they still have some disadvantages. In this paper, we propose an improved method named PtmxGuard to enhance Android kernel and defeat privilege escalation attack. We focus on a typical attack pattern that attacker hijacks the control flow of Android kernel to modify process credentials by corrupting critical global function pointers. PtmxGuard enforces Code Pointer Integrity to Android kernel, checks the accuracy and reliability of those pointers when they’re triggered by related system calls, and intercepts the system calls when attack activities are detected. Experiment result demonstrates that PtmxGuard can defense privilege escalation attack effectively.
Highlights
Android has become the most popular operation system applied to smart mobile device [1]
Android system allocates a distinct system identity called User ID (UID) to each application, and Android kernel regards each application as a unique Linux user
We propose an improved approach named PtmxGuard to enhance Android kernel and defeat privilege escalation attack
Summary
Android has become the most popular operation system applied to smart mobile device [1]. Known as root exploit, is the process of exploiting kernel vulnerabilities to obtain the highest privilege [3]. There are some other dynamical approaches to defeat privilege escalation attack, such as PREC, RGBDroid and Security Identifier Randomization [12,13,14,15,16] We presented an improved method to enhance Android kernel and defense privilege escalation attack. We proposed an improved method named PtmxGuard to protect Android kernel from privilege escalation attack.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have