Skip to main content
Log in

Unified security enhancement framework for the Android operating system

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

In these days there are many malicious applications that collect sensitive information owned by third-party applications by escalating their privileges to the higher level on the Android operating system. An attack of obtaining the root-level privilege in the Android operating system can be a serious threat to users because it can break down the whole system security. This paper proposes a new Android security framework that can meet the following three goals: (1) preventing privilege escalation attacks, (2) maintaining system integrity, and (3) protecting users’ personal information. To achieve these goals, our proposed framework introduces three mechanisms: Root Privilege Protection (RPP), Resource Misuse Protection (RMP), and Private Data Protection (PDP). RPP keeps track of a list of trusted programs with root-level privileges and can detect and respond to malware that illegally tries to acquire root-level privileges by exploiting system-level vulnerabilities. RMP keeps track of a list of critical system resources and can protect system resources from illegal manipulation by malicious applications. PDP keeps personal information safe by enforcing strict access controls so that even privileged applications cannot access users’ private data if the applications violate the least privilege rule. The framework is verified using experiments on the Android operating system, which shows that our framework achieved the goals with processing overheads of 25.33 % on average.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

Similar content being viewed by others

References

  1. Nauman M, Khan S, Zhang X (2010) Apex: extending Android permission model and enforcement with user defined runtime constraints. In: Proceedings of the 5th ACM symposium on information, computer and communications security, pp 328–332

    Google Scholar 

  2. Bugiel S, Davi L, Dmitrienko A, Fischer T, Sadeghi A-R (2011) XManDroid: a new Android evolution to mitigate privilege escalation attacks. Technical report TR-2011-04, System Security Lab Technische Universitat Darmstadt, Germany, June

  3. Bugiel S, Davi L, Dmitrienko A, Fischer T, Sadeghi A-R, Shastry B (2012) Towards taming privilege-escalation attacks on Android. In: The 19th annual network & distributed system security symposium (NDSS), Feb 2012

    Google Scholar 

  4. Husted N, Saidi H, Gehani A (2011) Smartphone security limitations: conflicting traditions. In: Proc of the 2011 workshop on governance of technology, information, and policies (GTIP’11), Dec 2011, pp 5–12

    Chapter  Google Scholar 

  5. Park Y, Lee CH, Lee C, Lim J, Han S, Park M, Cho S (2012) RGBDroid: a novel response-based approach to Android privilege escalation attacks. In: The 5th USENIX workshop on large-scale exploits and emergent threats (LEET’12), Apr 2012

    Google Scholar 

  6. Zhou Y, Jiang X (2012) Dissecting Android malware: characterization and evolution. In: Proc of the 33rd IEEE symposium on security and privacy, May 2012, pp 95–109

    Google Scholar 

  7. Jiang X (2011) Security alert: new sophisticated Android malware DroidKungFu found in alternative Chinese app markets. NC State University, June. http://www.csc.ncsu.edu/faculty/jiang/DroidKungFu.html

  8. Bradley T (2011) DroidDream becomes Android market nightmare. PC World, Mar. http://www.pcworld.com/businesscenter/article/221247/droiddream_becomes_android_market_nightmare.html

  9. CVE-2009-1185. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185

  10. Jiang X (2011) GingerMaster: first Android malware utilizing a root exploit on Android 2.3 (gingerbread). NC State University, Aug. http://www.cs.ncsu.edu/faculty/jjang/GingerMaster/

  11. Enck W, Ongtang M, McDaniel P (2009) On lightweight mobile phone application certification. In: The 16th ACM conference on computer and communications security (CCS’09), Nov 2009

    Google Scholar 

  12. Ongtang M, McLaughlin S, Enck W, McDaniel P (2009) Semantically rich application-centric security in Android. In: Proceedings of the 25th annual computer security applications conference (ACSAC’09), Dec 2009

    Google Scholar 

  13. Enck W, Gilbert P, Byung-gon C, Cox LP, Jung J, McDaniel P, Sheth AN (2010) TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones. In: Proceedings of the 9th USENIX symposium on operating systems design and implementation (OSDI’10), pp 393–408

    Google Scholar 

  14. Android Open Source Project, Android security overview. http://source.android.com/tech/security/index.html

  15. Dietz M, Shekhar S, Pisetsky Y, Shu A, Wallach DS (2011) Quire: lightweight provenance for smartphone operating systems. In: The 20th USENIX security symposium

    Google Scholar 

  16. Park Y, Lee C, Kim J, Cho S, Choi J (2012) An Android security extension to protect personal information against illegal accesses and privilege escalation attacks. J Internet Serv Inf Secur 2(3/4):29–42

    Google Scholar 

  17. Linux Intrusion Detection System (LIDS). http://www.lids.org

  18. Metula E (2009) .Net framework rootkits: backdoors inside your framework. Technical report, Black Hat, Apr

  19. Le L (2010) Payload already inside: data reuse for ROP exploits. Whitepaper, Black Hat, USA

    Google Scholar 

  20. Nakamura Y, Sameshima Y (2008) SELinux for consumer electronics devices. In: Proceedings of Linux symposium, pp 125–133

    Google Scholar 

  21. Fiorin L, Ferrante A, Padarnitsas K, Regazzoni F (2012) Security enhanced Linux on embedded systems: a hardware-accelerated implementation. In: Design automation conference (ASP-DAC), Jan–Feb 2012, pp 29–34

    Google Scholar 

Download references

Acknowledgements

This research was supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology (NRF-2010-0024495), and by Ministry of Culture, Sports and Tourism (MCST) and from Korea Copyright Commission in 2013.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Seong-je Cho.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Lee, C., Kim, J., Cho, Sj. et al. Unified security enhancement framework for the Android operating system. J Supercomput 67, 738–756 (2014). https://doi.org/10.1007/s11227-013-0991-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-013-0991-y

Keywords

Navigation