Xmandroid
¨ Technische Universitat Darmstadt
Center for Advanced Security Research Darmstadt
Technical Report TR-2011-04
XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks
Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad-Reza Sadeghi
System Security Lab Technische Universit¨t Darmstadt, Germany a
Technische Universit¨t Darmstadt a Center for Advanced Security Research Darmstadt D-64293 Darmstadt, Germany
TR-2011-04 First Revision: April 30, 2011 Last Update: June 30, 2011
XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks
Sven Bugiel sven.bugiel@cased.de Lucas Davi lucas.davi@cased.de Alexandra Dmitrienko alexandra.dmitrienko@cased.de Thomas Fischer thomas.fischer@rub.de Ahmad-Reza Sadeghi ahmad.sadeghi@cased.de System Security Lab Center for Advanced Security Research Darmstadt (CASED) Germany
ABSTRACT
Google Android has become a popular mobile operating system which is increasingly deployed by mobile device manufactures for various platforms. Recent attacks show that Android’s permission framework is vulnerable to applicationlevel privilege escalation attacks, i.e., an application may indirectly gain privileges to perform unauthorized actions. The existing proposals for security extensions to Android’s middleware (e.g., Kirin, Saint, TaintDroid, or QUIRE) cannot fully and adequately mitigate these attacks or detect Trojans such as Soundcomber that exploit covert channels in the Android system. In this paper we present the design and implementation of XManDroid (eXtended Monitoring on Android), a security framework that extends the monitoring mechanism of Android to detect and prevent application-level privilege escalation attacks at runtime based on a systemcentric system policy. Our implementation dynamically analyzes applications’ transitive permission usage while inducing a minimal performance overhead unnoticeable for the user. Depending on system policy
Center for Advanced Security Research Darmstadt
Technical Report TR-2011-04
XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks
Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad-Reza Sadeghi
System Security Lab Technische Universit¨t Darmstadt, Germany a
Technische Universit¨t Darmstadt a Center for Advanced Security Research Darmstadt D-64293 Darmstadt, Germany
TR-2011-04 First Revision: April 30, 2011 Last Update: June 30, 2011
XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks
Sven Bugiel sven.bugiel@cased.de Lucas Davi lucas.davi@cased.de Alexandra Dmitrienko alexandra.dmitrienko@cased.de Thomas Fischer thomas.fischer@rub.de Ahmad-Reza Sadeghi ahmad.sadeghi@cased.de System Security Lab Center for Advanced Security Research Darmstadt (CASED) Germany
ABSTRACT
Google Android has become a popular mobile operating system which is increasingly deployed by mobile device manufactures for various platforms. Recent attacks show that Android’s permission framework is vulnerable to applicationlevel privilege escalation attacks, i.e., an application may indirectly gain privileges to perform unauthorized actions. The existing proposals for security extensions to Android’s middleware (e.g., Kirin, Saint, TaintDroid, or QUIRE) cannot fully and adequately mitigate these attacks or detect Trojans such as Soundcomber that exploit covert channels in the Android system. In this paper we present the design and implementation of XManDroid (eXtended Monitoring on Android), a security framework that extends the monitoring mechanism of Android to detect and prevent application-level privilege escalation attacks at runtime based on a systemcentric system policy. Our implementation dynamically analyzes applications’ transitive permission usage while inducing a minimal performance overhead unnoticeable for the user. Depending on system policy