A privilege escalation vulnerability checking system for android applications

Chan, Patrick; Hui, Lucas Chi Kwong; Yiu, Siu-Ming

doi:10.1109/icct.2011.6157963

Cited by 12 publications

(14 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Table tells us that there are 679 applications that do not call any sensitive functions listed in Table from exported interfaces, which cannot endanger our mobiles but reported as vulnerable in in these 1929 applications with exported interfaces. The other 1250 applications have public exported interfaces and invoke sensitive functions from these interfaces, which may endanger our phones.…”

Section: Evaluation and Resultsmentioning

confidence: 99%

“…A similar system has been presented in , however, without code‐level detecting, the system only checks the AndroidManifest file that provides indispensable information about the application, which leads to a higher false positive ratio. Our contributions in this paper are as follows: (1) we have designed and implemented a novel code‐level tool, PaddyFrog, to detect the confused deputy vulnerability in Android applications.…”

Section: Introductionmentioning

confidence: 99%

“…Our contributions in this paper are as follows: (1) we have designed and implemented a novel code‐level tool, PaddyFrog, to detect the confused deputy vulnerability in Android applications. PaddyFrog detects the confused deputy vulnerability based on the AndroidManifest file and the Control Flow Graph (CFG), which describes the invoking relationship among components and function call flow within components, which overcomes the limitations of ; (2) we ran PaddyFrog on 7190 applications downloaded from two of the most popular alternative markets in China (HiApk and Anzhi Market ). PaddyFrog detected at least 1240 applications that have this vulnerability; (3) we presented two case studies to illustrate why our method can reach lower false positive rate than past works.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

PaddyFrog: systematically detecting confused deputy vulnerability in Android applications

Cui

Ban

et al. 2015

Security Comm. Networks

View full text Add to dashboard Cite

An enormous number of applications have been developed for Android in recent years, making it one of the most popular mobile operating systems. However, it is obvious that more vulnerabilities would appear along with the booming amounts of applications. Poorly designed applications may contain security vulnerabilities that can dramatically undermine users' security and privacy. In this paper, we studied a kind of recently reported application vulnerability named confused deputy – a specific type of privilege escalation vulnerability, which can result in unauthorized operations, and so on. We proposed a novel system with code‐level static analysis to analyze the applications and automatically detect possible confused deputy vulnerabilities. To tackle analysis challenges imposed by Android's component‐based programming paradigm, we employed special control flow graph construction techniques to build call relations among components and function call graph within components. We developed a prototype of this system named PaddyFrog and evaluated with 7190 real world Android applications from two of the most popular markets in China. We found 1240 applications with confused deputy vulnerability and proved to be exploitable. The median execution time of this system on an application is 14.4s, which is fast enough to be used in volumes of applications testing scenarios. Copyright © 2015 John Wiley & Sons, Ltd.

show abstract

Section: Evaluation and Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

PaddyFrog: systematically detecting confused deputy vulnerability in Android applications

Cui

Ban

et al. 2015

Security Comm. Networks

View full text Add to dashboard Cite

show abstract

“…A vulnerable and exported component can be visited by the other apps in the same device, which can lead to many types of vulnerabilities, e.g., capability leak [1,2], content provider leakage [3,4], privilege escalation [5,6], confused deputy [7], component hijacking [8,9], intent spoofing [10], etc. But these vulnerabilities can only be exploited locally (the vulnerable app and the malicious app must run in a same device).…”

Section: Related Workmentioning

confidence: 99%

“…To understand the universality of port-opening Android apps, we made a statistical analysis to the apps downloaded from Google Play 4 and Wandoujia (a famous Android app store in China 5 ). The download time of the apps is from July 2016 to October 2016.…”

Section: Universality Of Port-opening Android Appsmentioning

confidence: 99%

When Android Apps Open Ports to Handle Network Requests: Functionality or Security Vulnerability?

Yue¹,

Zhang²

2017

IJSIA

View full text Add to dashboard Cite

show abstract

Identifying Android malware with system call co‐occurrence matrices

Xiao

Jiang

et al. 2016

Trans. Emerging Tel. Tech.

View full text Add to dashboard Cite

With the popularity of Android devices, mobile malware in Android has became more prevalent. Malware causes lots of harm to users, such as stealing personal information and using too much battery or CPU. Detecting mobile malware is the main task in Android security. In this work, we use a dynamic analysis method to distinguish malware with system call sequences. At first, we track the system calls of applications under different events. Then two different feature models, the frequency vector and the co-occurrence matrix, are employed to extract features from the system call sequence. Finally, we apply Adaptive Regularization Of Weight Vectors and other machine learning algorithms to identify Android malware based on the aforementioned two models, respectively. We evaluate our method with 1189 benign applications and 1227 malicious applications. The experiment results show that the co-occurrence matrix can achieve a much better detection rate than the frequency vector. Our best detection rate is 97.7 per cent with false positive rate being 1.34 per cent, which is better than those of the existing methods.

show abstract

A privilege escalation vulnerability checking system for android applications

Cited by 12 publications

References 6 publications

PaddyFrog: systematically detecting confused deputy vulnerability in Android applications

PaddyFrog: systematically detecting confused deputy vulnerability in Android applications

When Android Apps Open Ports to Handle Network Requests: Functionality or Security Vulnerability?

Identifying Android malware with system call co‐occurrence matrices

Contact Info

Product

Resources

About