An Empirical Evaluation of the Android Security Framework - Security and Privacy Protection in Information Processing Systems
Conference Papers Year : 2013

An Empirical Evaluation of the Android Security Framework

Abstract

The Android OS consists of a Java stack built on top of a native Linux kernel. A number of recently discovered vulnerabilities suggests that some security issues may be hidden in the interplay between the Java stack and the Linux kernel. We have conducted an empirical security evaluation of the interaction among layers. Our experiments indicate that the Android Security Framework (ASF) does not discriminate the caller of invocations targeted to the Linux kernel, thereby allowing Android applications to directly interact with the Linux kernel. We also show that this trait lets malicious applications adversely affect the user’s privacy as well as the usability of the device. Finally, we propose an enhancement in the ASF that allows for the detection and prevention of direct kernel invocations from applications.
Fichier principal
Vignette du fichier
978-3-642-39218-4_14_Chapter.pdf (565.52 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01463826 , version 1 (09-02-2017)

Licence

Identifiers

Cite

Alessandro Armando, Alessio Merlo, Luca Verderame. An Empirical Evaluation of the Android Security Framework. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. pp.176-189, ⟨10.1007/978-3-642-39218-4_14⟩. ⟨hal-01463826⟩
118 View
270 Download

Altmetric

Share

More