An Empirical Evaluation of the Android Security Framework

Abstract : The Android OS consists of a Java stack built on top of a native Linux kernel. A number of recently discovered vulnerabilities suggests that some security issues may be hidden in the interplay between the Java stack and the Linux kernel. We have conducted an empirical security evaluation of the interaction among layers. Our experiments indicate that the Android Security Framework (ASF) does not discriminate the caller of invocations targeted to the Linux kernel, thereby allowing Android applications to directly interact with the Linux kernel. We also show that this trait lets malicious applications adversely affect the user’s privacy as well as the usability of the device. Finally, we propose an enhancement in the ASF that allows for the detection and prevention of direct kernel invocations from applications.
Document type :
Conference papers
Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.176-189, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_14〉
Liste complète des métadonnées

Cited literature [16 references]  Display  Hide  Download

https://hal.inria.fr/hal-01463826
Contributor : Hal Ifip <>
Submitted on : Thursday, February 9, 2017 - 5:23:46 PM
Last modification on : Thursday, February 9, 2017 - 5:37:20 PM
Document(s) archivé(s) le : Wednesday, May 10, 2017 - 2:51:38 PM

File

978-3-642-39218-4_14_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Alessandro Armando, Alessio Merlo, Luca Verderame. An Empirical Evaluation of the Android Security Framework. Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.176-189, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_14〉. 〈hal-01463826〉

Share

Metrics

Record views

65

Files downloads

28