A Privilege Escalation Attack Detection Framework for Android using IPC Tracking

Abstract

Malicious applications can access and send out sensitive resources through a network.To detect this unwanted data access and leakages, Android system enforce the per-missions mechanism to applications to access sensitive resources. However, becauseof the vulnerability of the inter-process communications(IPC) structure in the exist-ing Android framework, malicious third-party applications can trick the permissionssystem and access sensitive resources (Privilege Escalation Attack). Consequently,non-permitted applications can access sensitive resources by making a route throughthe permitted applications. In this thesis, we proposed an encient detection schemefor handling these privacy issues by modifying the Android framework. We createdcall-chains of requests for resources by hooking all the IPCs. With the call-chains, wecan track the requests for sensitive resources and nd out the provenance of request.By checking the permissions of the caller application, we can detect access to sensi-tive resources from non-permitted applications. In this way we can provide a secureframework for preventing the unwanted data leakage from malicious application