Abstract
On the Android platform, information leakage can use an application-layer privilege escalation attack composed of multi-app collusion. However, the detection effect of a single app that can construct privilege escalation attacks is not good. Furthermore, the existing software and app measurement methods are not applicable to the measurement of collusion privilege escalation attacks. We propose a method for measuring the risk of a single app by using process algebra to model and determine the attack behavior, and we construct a measurement function based on sensitive data transitions and the feature set of attack behavior. Through the analysis of the privilege escalation attack model, the feature set of attack behavior is obtained. Then, based on the extracted behavior feature set, process algebra is used to model the dangerous behavior of an app. The dangerous behavior of the app is determined by weak equivalence and non-equivalence, and finally the risk of the app is measured based on the measurement function. Three known applications are used to verify the attack, and the risk measurement values are above 0.98. Based on the classification of applications on the market, we select typical apps in each category to build the test set. Benchmark tests and test set experiments show that the risk measurement results are consistent with the actual detection results, verifying the feasibility and effectiveness of this method.
Highlights
With the rapid development of the mobile internet and the Internet of Things(IoT), the Android system, which accounts for 40.39% of operation system (OS) market share, has become an important application platform [1]
Based on an analysis of the model of collusion privilege escalation attacks, six features of the app, namely dangerous permissions of the app, dangerous permissions of the components, component intent communication, sensitive application programming interface (API) calls, sensitive data flow acquisition, and dissemination of sensitive data, are obtained as the feature set of attack behavior, and the number of transitions is extracted by using static technology
A risk measurement was carried out based on the measurement function
Summary
With the rapid development of the mobile internet and the Internet of Things(IoT), the Android system, which accounts for 40.39% of operation system (OS) market share, has become an important application platform [1]. The Nokia Thread Intelligence Report2019 points out that, in 2018, the average monthly infection rate in mobile networks was 0.31%, and Android devices were responsible for 47.15% of the observed malware infections [7]. Definition and classification of privilege escalation attacks on android app. Privilege escalation attacks means that an application with lower (less) permissions can access components with higher (more) permissions without being restricted by tasks. A malicious program without any permission can obtain the required permission through a third-party app. This attack can be divided into two categories: kernel-level and application-level. Our study is focused on the application-layer collusion privilege escalation attack
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
