Taming transitive permission attack via bytecode rewriting on Android application

Wang, Daibin, Jin, Hai, Zou, Deqing, Xu, Peng, Zhu, Tianqing and Chen, Gang 2016, Taming transitive permission attack via bytecode rewriting on Android application, Security and communication networks, vol. 9, no. 13, pp. 2100-2114, doi: 10.1002/sec.1466.

Attached Files
Name Description MIMEType Size Downloads

Title Taming transitive permission attack via bytecode rewriting on Android application
Author(s) Wang, Daibin
Jin, Hai
Zou, Deqing
Xu, Peng
Zhu, TianqingORCID iD for Zhu, Tianqing orcid.org/0000-0003-3411-7947
Chen, Gang
Journal name Security and communication networks
Volume number 9
Issue number 13
Start page 2100
End page 2114
Total pages 15
Publisher John Wiley & Sons
Place of publication Hoboken, N.J.
Publication date 2016-09-10
ISSN 1939-0114
1939-0122
Keyword(s) android
transitive permission attack
privilege escalation attack
detection
bytecode rewriting
Summary Google Android is popular for mobile devices in recent years. The openness and popularity of Android make it a primary target for malware. Even though Android's security mechanisms could defend most malware, its permission model is vulnerable to transitive permission attack, a type of privilege escalation attacks. Many approaches have been proposed to detect this attack by modifying the Android OS. However, the Android's fragmentation problem and requiring rooting Android device hinder those approaches large-scale adoption. In this paper, we present an instrumentation framework, called SEAPP, for Android applications (or “apps”) to detect the transitive permission attack on unmodified Android. SEAPP automatically rewrites an app without requiring its source codes and produces a security-harden app. At runtime, call-chains are built among these apps and detection process is executed before a privileged API is invoked. Our experimental results show that SEAPP could work on a large number of benign apps from the official Android market and malicious apps, with a repackaged success rate of over 99.8%. We also show that our framework effectively tracks call-chains among apps and detects known transitive permission attack with low overhead. Copyright © 2016 John Wiley & Sons, Ltd.
Language eng
DOI 10.1002/sec.1466
Field of Research 080303 Computer System Security
Socio Economic Objective 970108 Expanding Knowledge in the Information and Computing Sciences
HERDC Research category C1 Refereed article in a scholarly journal
ERA Research output type C Journal article
Copyright notice ©2016, John Wiley & Sons
Persistent URL http://hdl.handle.net/10536/DRO/DU:30085148

Document type: Journal Article
Collection: School of Information Technology
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Versions
Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 1 times in TR Web of Science
Scopus Citation Count Cited 1 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 217 Abstract Views, 3 File Downloads  -  Detailed Statistics
Created: Fri, 29 Jul 2016, 14:20:43 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.