Skip to main content

Monitoring of Root Privilege Escalation in Android Kernel

  • Conference paper
  • First Online:
Cloud Computing and Security (ICCCS 2018)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11067))

Included in the following conference series:

Abstract

The Android system has become the first operating system of the intelligent terminal market share as well as an important target of network attack. The root privilege of the Android system gives the user absolute control over the device, but root also lowers the security of the device and opens privileged access channels for the attacker. Temporary root has become an attacker’s favored attack technology based on the command issued by the attacker to complete root, and then to clear the root feature. Such a subtle attack on the detection of research work poses a great challenge. This paper presents a new monitoring method KRPM, which breaks the traditional defense idea, adopts active monitoring and alarming method, obtains all the current process information directly from the kernel, builds state graphs for access permission of the progress, and recognizes the process of root privilege escalation and process hiding. Through various experimental KRPM, the detection effect is good and the universality is strong, which can effectively monitor root power attack and exploit hidden rootkit.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Zhang, H., She, D., Qian, Z.: Android root and its providers: a double-edged sword. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, USA, pp. 1093–1104, 12–16 October 2015

    Google Scholar 

  2. http://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2014-3153

  3. http://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2015-3636

  4. http://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2016-5195

  5. Chen, H., Mao, Y., Wang, X., Zhou, D., Zeldovich, N., Kaashoek, M.F.: Linux kernel vulnerabilities: state-of-the-art defenses and open problems. In: Proceedings of the Second Asia-Pacific Workshop on Systems, Shanghai, China, 11–12 July 2011

    Google Scholar 

  6. https://www.androidcentral.com/android-security-bulletin-may-2016-live-here-what-you-need-know

  7. Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, Low Wood Bay, Lake District, UK, pp. 281–294, 25–29 June 2012

    Google Scholar 

  8. Team, P.: PaX Address Space Layout Randomization (ASLR). Alphascript Publishing, Rapid City (2010)

    Google Scholar 

  9. Shabtai, A., Fledel, Y., Elovici, Y.: Securing android-powered mobile devices using SELinux. IEEE Secur. Priv. 8(3), 36–44 (2010). https://doi.org/10.1109/MSP.2009.144

    Article  Google Scholar 

  10. Edge, J.: RLIMIT NPROC and setuid(). Linux Weekly News (2011). http://lwn.net/Articles/451985

  11. Chen, Y., Zhang, Y., Wang, Z., Xia, L., Bao, C., Wei, T.: Adaptive android kernel live patching. In: Proceedings of the 26th USENIX Security Symposium, Vancouver, Canada, 16–18 August 2017

    Google Scholar 

  12. Sun, M., Lui, J.C.S., Zhou, Y.: Blender: self-randomizing address space layout for android apps. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 457–480. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45719-2_21

    Chapter  Google Scholar 

  13. Wei, L., Zuo, Y., Ding, Y., Dong, P., Huang, C., Gao, Y.: Security identifier randomization: a method to prevent kernel privilege-escalation attacks. In: Proceedings of the 30th International Conference on Advanced Information Networking and Applications Workshops, Crans-Montana, Switzerland, pp. 838–842, 23–25 March 2016

    Google Scholar 

  14. Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege escalation attacks on android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, Ivana (eds.) ISC 2010. LNCS, vol. 6531, pp. 346–360. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-18178-8_30

    Chapter  Google Scholar 

  15. Sun, S.T., Cuadros, A., Beznosov, K.: Android rooting: methods, detection, and evasion. In: Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, Denver, Colorado, USA, pp. 3–14, 12 October 2015

    Google Scholar 

  16. Geist, D., Nigmatullin, M., Bierens, R.: Jailbreak/Root Detection Evasion Study on iOS and Android. MSc System and Network Engineering (2016)

    Google Scholar 

  17. Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. 32(2), 5 (2014). https://doi.org/10.1145/2619091

    Article  Google Scholar 

  18. Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., Wallach, D.S.: QUIRE: lightweight provenance for smart phone operating systems. In: Proceedings of the USENIX Security Symposium, San Francisco, USA, 8–12 August 2011

    Google Scholar 

  19. Park, Y., et al.: RGBDroid: a novel response-based approach to android privilege escalation attacks. In: Proceedings of the 5th USENIX Workshop on Large-Scale Exploits & Emergent Threats, LEET 2012, San Jose, USA, 24 April 2012

    Google Scholar 

  20. Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R., Shastry, B.: Towards taming privilege-escalation attacks on Android. In: Proceedings of the 20th Annual Network and Distributed System Security Symposium, San Diego, USA, 24–27 February 2013

    Google Scholar 

  21. Feng, P., Zhang, P., et al.: Design and implementation of a new Linux kernel-level rootkit. J. Inf. Eng. Univ. 17(2), 231–237 (2016)

    Google Scholar 

  22. Keniston, J., Panchamukhi, P.S.: Kernel Probes[EB/OL], 30 August 2015. https://www.kernel.org/doc/Documentation/kprobes.txt

  23. Riley, R.: A framework for prototyping and testing data-only rootkit attacks. Comput. Secur. 37(1), 62–71 (2013)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Xueli Hu .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hu, X., Xi, Q., Wang, Z. (2018). Monitoring of Root Privilege Escalation in Android Kernel. In: Sun, X., Pan, Z., Bertino, E. (eds) Cloud Computing and Security. ICCCS 2018. Lecture Notes in Computer Science(), vol 11067. Springer, Cham. https://doi.org/10.1007/978-3-030-00018-9_43

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-00018-9_43

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-00017-2

  • Online ISBN: 978-3-030-00018-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics