Would You Mind Forking This Process? A Denial of Service Attack on Android (and Some Countermeasures)

  • Alessandro Armando
  • Alessio Merlo
  • Mauro Migliardi
  • Luca Verderame
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 376)

Abstract

We present a previously undisclosed vulnerability of Android OS which can be exploited by mounting a Denial-of-Service attack that makes devices become totally unresponsive. We discuss the characteristics of the vulnerability – which affects all versions of Android – and propose two different fixes, each involving little patching implementing a few architectural countermeasures. We also provide experimental evidence of the effectiveness of the exploit as well as of the proposed countermeasures.

References

  1. 1.
    Gartner Group. Press Release (November 2011), http://www.gartner.com/it/page.jsp?id=1848514
  2. 2.
    Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, p. 21. USENIX Association, Berkeley (2011)Google Scholar
  3. 3.
    Fuchs, A.P., Chaudhuri, A., Foster, J.S.: Scandroid: Automated security certification of android applicationsGoogle Scholar
  4. 4.
    Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 627–638 (2011)Google Scholar
  5. 5.
    Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2010, pp. 328–332. ACM, New York (2010)CrossRefGoogle Scholar
  6. 6.
    Ongtang, M., Mclaughlin, S., Enck, W., Mcdaniel, P.: Semantically rich application-centric security in android. In: ACSAC 2009: Annual Computer Security Applications Conference (2009)Google Scholar
  7. 7.
    Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R.: Xmandroid: A new android evolution to mitigate privilege escalation attacks. Technical Report TR-2011-04, Technische Univ. Darmstadt (April 2011)Google Scholar
  8. 8.
    Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege Escalation Attacks on Android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 346–360. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  9. 9.
    Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, MobiSys 2011, pp. 239–252. ACM, New York (2011)CrossRefGoogle Scholar
  10. 10.
    Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S.: Google android: A state-of-the-art review of security mechanisms. CoRR, abs/0912.5101 (2009)Google Scholar
  11. 11.
    Dagon, D., Martin, T., Starner, T.: Mobile phones as computing devices: The viruses are coming! IEEE Pervasive Computing 3(4), 11–15 (2004)CrossRefGoogle Scholar
  12. 12.
    Di Cerbo, F., Girardello, A., Michahelles, F., Voronkova, S.: Detection of Malicious Applications on Android OS. In: Sako, H., Franke, K., Saitoh, S. (eds.) IWCF 2010. LNCS, vol. 6540, pp. 138–149. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  13. 13.
    Burguera, I., Zurutuza, U., Nadjm-Therani, S.: Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2011 (2011)Google Scholar
  14. 14.
    Schmidt, A.-D., Bye, R., Schmidt, H.-G., Clausen, J., Kiraz, O., Yuksel, K.A., Camtepe, S.A., Albayrak, S.: Static analysis of executables for collaborative malware detection on android. In: IEEE International Conference on Communications, ICC 2009, pp. 1–5 (June 2009)Google Scholar
  15. 15.
    Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming Information-Stealing Smartphone Applications (on Android). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 93–107. Springer, Heidelberg (2011)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Alessandro Armando
    • 1
    • 2
  • Alessio Merlo
    • 1
    • 3
  • Mauro Migliardi
    • 4
  • Luca Verderame
    • 1
  1. 1.DISTUniversità degli Studi di GenovaItaly
  2. 2.Security & Trust UnitFBK-irstTrentoItaly
  3. 3.Università e-CampusItaly
  4. 4.DEIUniversity of PadovaItaly

Personalised recommendations