Taming transitive permission attack via bytecode rewriting on Android application
Version 2 2024-06-17, 18:05Version 2 2024-06-17, 18:05
Version 1 2016-07-29, 14:20Version 1 2016-07-29, 14:20
journal contribution
posted on 2024-06-17, 18:05 authored by D Wang, H Jin, D Zou, P Xu, T Zhu, G ChenGoogle Android is popular for mobile devices in recent years. The openness and popularity of Android make it a primary target for malware. Even though Android's security mechanisms could defend most malware, its permission model is vulnerable to transitive permission attack, a type of privilege escalation attacks. Many approaches have been proposed to detect this attack by modifying the Android OS. However, the Android's fragmentation problem and requiring rooting Android device hinder those approaches large-scale adoption. In this paper, we present an instrumentation framework, called SEAPP, for Android applications (or “apps”) to detect the transitive permission attack on unmodified Android. SEAPP automatically rewrites an app without requiring its source codes and produces a security-harden app. At runtime, call-chains are built among these apps and detection process is executed before a privileged API is invoked. Our experimental results show that SEAPP could work on a large number of benign apps from the official Android market and malicious apps, with a repackaged success rate of over 99.8%. We also show that our framework effectively tracks call-chains among apps and detects known transitive permission attack with low overhead. Copyright © 2016 John Wiley & Sons, Ltd.
History
Journal
Security and communication networksVolume
9Pagination
2100-2114Location
Hoboken, N.J.Publisher DOI
ISSN
1939-0114eISSN
1939-0122Language
engPublication classification
C Journal article, C1 Refereed article in a scholarly journalCopyright notice
2016, John Wiley & SonsIssue
13Publisher
John Wiley & SonsUsage metrics
Categories
Keywords
Licence
Exports
RefWorksRefWorks
BibTeXBibTeX
Ref. managerRef. manager
EndnoteEndnote
DataCiteDataCite
NLMNLM
DCDC