Android系统权限提升攻击检测技术

Technology of detection for privilege escalation attack on Android

权限机制是Android安全机制的核心,在对权限提升攻击原理分析的基础上,给出了一种权限提升攻击检测方案。充分利用组件间权限传递、通信连接的特点,从动态和静态两方面实现,其中基于缺陷的检测率高达78.7%,基于组件检测率也超过50%。实验结果表明:该方法能实现对提权攻击的有效检测,为解决提权攻击检测模型的可靠性问题提供了可行的解决途径。

Privilege mechanism is the core of Android security mechanism. On the basis of analysis on principle of privilege escalation, a scheme of privilege escalation attack detection is presented. The scheme makes full use of characteristics of permission transfer and communication connection between components, realize from dynamic and static states, detection rate based on defect is 78.7 %, and based on component is more than 50 %. Experimental results show that the detection method can effectively detect privilege escalation attack, which provides a feasible solution for solving problems of reliability of privilege escalation attack detection model.