Issue |
ITM Web Conf.
Volume 12, 2017
The 4th Annual International Conference on Information Technology and Applications (ITA 2017)
|
|
---|---|---|
Article Number | 05010 | |
Number of page(s) | 7 | |
Section | Session 5: Information Processing Methods and Techniques | |
DOI | https://doi.org/10.1051/itmconf/20171205010 | |
Published online | 05 September 2017 |
PtmxGuard: An Improved Method for Android Kernel to Prevent Privilege Escalation Attack
1 National Secrecy Science and Technology Evaluation Center, Beijing, China
2 School of Economics and Management, Beijing Jiaotong University, Beijing, China
3 Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China
4 School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China
* Email: liying@iie.ac.cn
Vulnerabilities in Android kernel give opportunity for attacker to damage the system. Privilege escalation is one of the most dangerous attacks, as it helps attacker to gain root privilege by exploiting kernel vulnerabilities. Mitigation technologies, static detection methods and dynamic defense methods have been suggested to prevent privilege escalation attack, but they still have some disadvantages. In this paper, we propose an improved method named PtmxGuard to enhance Android kernel and defeat privilege escalation attack. We focus on a typical attack pattern that attacker hijacks the control flow of Android kernel to modify process credentials by corrupting critical global function pointers. PtmxGuard enforces Code Pointer Integrity to Android kernel, checks the accuracy and reliability of those pointers when they’re triggered by related system calls, and intercepts the system calls when attack activities are detected. Experiment result demonstrates that PtmxGuard can defense privilege escalation attack effectively.
© The Authors, published by EDP Sciences, 2017
This is an Open Access article distributed under the terms of the Creative Commons Attribution License 4.0, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Current usage metrics show cumulative count of Article Views (full-text article views including HTML views, PDF and ePub downloads, according to the available data) and Abstracts Views on Vision4Press platform.
Data correspond to usage on the plateform after 2015. The current usage metrics is available 48-96 hours after online publication and is updated daily on week days.
Initial download of the metrics may take a while.