Deakin University
Browse

Taming transitive permission attack via bytecode rewriting on Android application

Version 2 2024-06-17, 18:05
Version 1 2016-07-29, 14:20
journal contribution
posted on 2024-06-17, 18:05 authored by D Wang, H Jin, D Zou, P Xu, T Zhu, G Chen
Google Android is popular for mobile devices in recent years. The openness and popularity of Android make it a primary target for malware. Even though Android's security mechanisms could defend most malware, its permission model is vulnerable to transitive permission attack, a type of privilege escalation attacks. Many approaches have been proposed to detect this attack by modifying the Android OS. However, the Android's fragmentation problem and requiring rooting Android device hinder those approaches large-scale adoption. In this paper, we present an instrumentation framework, called SEAPP, for Android applications (or “apps”) to detect the transitive permission attack on unmodified Android. SEAPP automatically rewrites an app without requiring its source codes and produces a security-harden app. At runtime, call-chains are built among these apps and detection process is executed before a privileged API is invoked. Our experimental results show that SEAPP could work on a large number of benign apps from the official Android market and malicious apps, with a repackaged success rate of over 99.8%. We also show that our framework effectively tracks call-chains among apps and detects known transitive permission attack with low overhead. Copyright © 2016 John Wiley & Sons, Ltd.

History

Journal

Security and communication networks

Volume

9

Pagination

2100-2114

Location

Hoboken, N.J.

ISSN

1939-0114

eISSN

1939-0122

Language

eng

Publication classification

C Journal article, C1 Refereed article in a scholarly journal

Copyright notice

2016, John Wiley & Sons

Issue

13

Publisher

John Wiley & Sons