A Rose by Any Other Name or an Insane Root? Adventures in Name Resolution

Vijayakumar, Hayawardh; Schiffman, Joshua; Jaeger, Trent

doi:10.1109/ec2nd.2011.17

Cited by 2 publications

(5 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is difficult to determine statically. The STING system [50] provides passive runtime monitoring of processes for use of bindings that could be used to perform file squatting and link traversal attacks using DAC policies, so such a runtime monitoring approach could be extended to utilize attack operations generated by POLYSCOPE. Second, once we know when a victim may be threatened by an attack operation, we need to generate test cases that could exploit the victim.…”

Section: Discussionmentioning

confidence: 99%

“…Current fuzzing techniques [20] do not target these types of attack operations. Runtime monitoring techniques [50,47] and similar techniques for assessing use of Android intents [1] generate simple test cases, enabling detection of unprotected cases. We aim to generate test cases that account for the conditional checks in the program fully.…”

Section: Discussionmentioning

confidence: 99%

“…As users may benefit from the ability of multiple apps to access the same data (e.g., to edit photos and other media generated by other apps), Android provides the ability for multiple apps to share access to external storage. However, researchers have shown that vulnerabilities are caused when multiple mutually untrusting subjects can modify the same directory [50], so many vulnerabilities have been found in external storage, such as the Checkpoint vulnerability [30].…”

Section: The Android External Storage Problemmentioning

confidence: 99%

“…This vulnerability could have a serious negative impact, as ContactsProvider is a very privileged process and have access to sensitive files. Researchers have shown that these two classes of attacks are possible when the access control policy allows an adversary to write filesystem resources used by the victim [50].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

PolyScope: Multi-Policy Access Control Analysis to Triage Android Scoped Storage

Lee¹,

Chen²,

Enck³

et al. 2023

Preprint

View full text Add to dashboard Cite

Android's filesystem access control is its foundation for system integrity. It combines mandatory (e.g., SELinux) and discretionary (e.g., Unix permissions) access control with other specialized access controls (e.g., Android permissions), aiming to protect Android/OEM services from third-party applications. However, OEMs often introduce vulnerabilities when they add market-differentiating features because they fail to correctly reconfigure this complex combination of policies. In this paper, we propose the POLYSCOPE tool to triage Android filesystem access control policies to find the authorized operations that may be exploited by adversaries to escalate their privileges, called attack operations. In this paper, we demonstrate the effectiveness of POLYSCOPE by assessing the impact of the recently introduced Scoped Storage defense for Android. POLYSCOPE introduces three major advantages over prior access control policy analyses for this analysis: (1) independent extension and analysis of individual policy models, to ease the addition of Scoped Storage; (2) knowledge of the flexibility that untrusted parties have to modify access control policies; and (3) the ability to identify attack operations that system configurations allow. We apply POLYSCOPE to three Google and five OEM Android releases, finding that Scoped Storage reduces the number of attack operations possible on external storage resources by over 50%. However, we also find two previously unknown vulnerabilities because OEMs only adopt Scoped Storage partially, limiting its benefit. Thus, we show how to use POLYSCOPE to assess an ideal scenario where all apps are compliant to Scoped Storage, which can the number of untrusted parties that can access attack operations by over 65% on OEM systems. As a result, we find that POLYSCOPE can help Android OEMs triage complex access control policies to identify the specific attack operations worthy of further examination.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

Section: The Android External Storage Problemmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

PolyScope: Multi-Policy Access Control Analysis to Triage Android Scoped Storage

Lee¹,

Chen²,

Enck³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Vijayakumar et al [55] introduced a software prototype that stops attacks targeting vulnerabilities based on name resolution (such as TOCTOU) by combining four incomplete defense techniques (specifically, system resource restrictions, capabilities, namespace management, and program resource restrictions) to build a complete solution. It is implemented as a SELinux module in version 2.6.35 of the Linux kernel.…”

Section: Based On Dynamic Kernel-space Detectionmentioning

confidence: 99%

Defense and Attack Techniques Against File-Based TOCTOU Vulnerabilities: A Systematic Review

2022

View full text Add to dashboard Cite

File-based Time-of-Check to Time-of-Use (TOCTOU) race conditions are a well-known type of security vulnerability. A wide variety of techniques have been proposed to detect, mitigate, avoid, and exploit these vulnerabilities over the past 35 years. However, despite these research efforts, TOCTOU vulnerabilities remain unsolved due to their non-deterministic nature and the particularities of the different filesystems involved in running vulnerable programs, especially in Unix-like operating system environments. In this paper, we present a systematic literature review on defense and attack techniques related to the file-based TOCTOU vulnerability. We apply a reproducible methodology to search, filter, and analyze the most relevant research proposals to define a global and understandable vision of existing solutions. The results of this analysis are finally used to discuss future research directions that can be explored to move towards a universal solution to this type of vulnerability. INDEX TERMS file-based race condition, TOCTOU vulnerability, avoidance techniques

show abstract

A Rose by Any Other Name or an Insane Root? Adventures in Name Resolution

Cited by 2 publications

References 11 publications

PolyScope: Multi-Policy Access Control Analysis to Triage Android Scoped Storage

PolyScope: Multi-Policy Access Control Analysis to Triage Android Scoped Storage

Defense and Attack Techniques Against File-Based TOCTOU Vulnerabilities: A Systematic Review

Contact Info

Product

Resources

About