Skip to Main content Skip to Navigation
Conference papers

An Empirical Evaluation of the Android Security Framework

Abstract : The Android OS consists of a Java stack built on top of a native Linux kernel. A number of recently discovered vulnerabilities suggests that some security issues may be hidden in the interplay between the Java stack and the Linux kernel. We have conducted an empirical security evaluation of the interaction among layers. Our experiments indicate that the Android Security Framework (ASF) does not discriminate the caller of invocations targeted to the Linux kernel, thereby allowing Android applications to directly interact with the Linux kernel. We also show that this trait lets malicious applications adversely affect the user’s privacy as well as the usability of the device. Finally, we propose an enhancement in the ASF that allows for the detection and prevention of direct kernel invocations from applications.
Document type :
Conference papers
Complete list of metadata

Cited literature [16 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, February 9, 2017 - 5:23:46 PM
Last modification on : Wednesday, May 19, 2021 - 4:52:03 PM
Long-term archiving on: : Wednesday, May 10, 2017 - 2:51:38 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Alessandro Armando, Alessio Merlo, Luca Verderame. An Empirical Evaluation of the Android Security Framework. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. pp.176-189, ⟨10.1007/978-3-642-39218-4_14⟩. ⟨hal-01463826⟩



Record views


Files downloads