{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,6,1]],"date-time":"2022-06-01T16:14:26Z","timestamp":1654100066222},"reference-count":27,"publisher":"IGI Global","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013,1,1]]},"abstract":"<p>Android uses permissions for application security management. Android also allows inter-application communication (IAC), which enables cooperation between different applications to perform complex tasks by using some components and Intents. In other words, Android provides more flexibility and places less restriction on application development. This is a major feature that differentiates Android from its competitors. However, IAC also facilitates malicious applications that can collude in attacks of privilege escalation. In this paper, the authors demonstrate with case studies that all IAC channels can potentially be utilized for privilege escalation attacks, and the authors propose a refinement to solve this problem by enforcing IAC permissions and exposing IAC to users.<\/p>","DOI":"10.4018\/jeei.2013010102","type":"journal-article","created":{"date-parts":[[2013,8,22]],"date-time":"2013-08-22T18:24:24Z","timestamp":1377195864000},"page":"16-27","source":"Crossref","is-referenced-by-count":2,"title":["Android Permission System Violation"],"prefix":"10.4018","volume":"4","author":[{"given":"Kyoung Soo","family":"Han","sequence":"first","affiliation":[{"name":"Department of Computer and Software, Hanyang University, Seoul, South Korea"}]},{"given":"Yeoreum","family":"Lee","sequence":"additional","affiliation":[{"name":"Department of Computer and Software, Hanyang University, Seoul, South Korea"}]},{"given":"Biao","family":"Jiang","sequence":"additional","affiliation":[{"name":"Microsoft (China), Co., Ltd., Shanghai, China"}]},{"given":"Eul Gyu","family":"Im","sequence":"additional","affiliation":[{"name":"Division of Computer Science and Engineering, Hanyang University, Seoul, South Korea"}]}],"member":"2432","reference":[{"key":"jeei.2013010102-0","unstructured":"Android API guides. (n.d.). Android developers. Retrieved December 12, 2012, from http:\/\/developer.android.com"},{"key":"jeei.2013010102-1","doi-asserted-by":"crossref","unstructured":"Au, K. W. Y., Zhou, Y. F., Huang, Z., & Lie, D. (2012). PScout: Analyzing the Android permission specification. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (pp. 217-228). ACM.","DOI":"10.1145\/2382196.2382222"},{"key":"jeei.2013010102-2","doi-asserted-by":"crossref","unstructured":"Barrera, D., Kayacik, H. G., van Oorschot, P. C., & Somayaji, A. (2010). A methodology for empirical analysis of permission-based security models and its application to android. In Proceedings of the 17th ACM Conference on Computer and Communications Security (pp. 73-84). ACM.","DOI":"10.1145\/1866307.1866317"},{"key":"jeei.2013010102-3","doi-asserted-by":"crossref","unstructured":"Beresford, A. R., Rice, A., Skehin, N., & Sohan, R. (2011, March). MockDroid: Trading privacy for application functionality on smartphones. In Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, (pp. 49-54). ACM.","DOI":"10.1145\/2184489.2184500"},{"key":"jeei.2013010102-4","unstructured":"Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., & Sadeghi, A. R. (2011). Xmandroid: A new android evolution to mitigate privilege escalation attacks. Technische Universit\u00e4t Darmstadt, Technical Report TR-2011-04."},{"key":"jeei.2013010102-5","unstructured":"Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A. R., & Shastry, B. (2012). Towards taming privilege-escalation attacks on Android. In Proceedings of the 19th Annual Network & Distributed System Security Symposium (NDSS), (Vol. 17, pp. 18-25)."},{"key":"jeei.2013010102-6","doi-asserted-by":"crossref","unstructured":"Chin, E., Felt, A. P., Greenwood, K., & Wagner, D. (2011). Analyzing inter-application communication in Android. In Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services (pp. 239-252). ACM.","DOI":"10.1145\/1999995.2000018"},{"key":"jeei.2013010102-7","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-18178-8_30"},{"key":"jeei.2013010102-8","unstructured":"Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., & Wallach, D. S. (2011). Quire: Lightweight provenance for smart phone operating systems. In Proceedings of the 20th USENIX Security Symposium."},{"key":"jeei.2013010102-9","unstructured":"Enck, W., Gilbert, P., Chun, B. G., Cox, L. P., Jung, J., McDaniel, P., & Sheth, A. N. (2010). TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, (pp. 1-6)."},{"key":"jeei.2013010102-10","unstructured":"Enck, W., Octeau, D., McDaniel, P., & Chaudhuri, S. (2011). A study of android application security. In Proceedings of the 20th USENIX Security Symposium (Vol. 2011)."},{"key":"jeei.2013010102-11","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2009.26"},{"key":"jeei.2013010102-12","doi-asserted-by":"crossref","unstructured":"Enck, W., Ongtang, M., & McDaniel, P. (2009). On lightweight mobile phone application certification. In Proceedings of the 16th ACM Conference on Computer and Communications Security (pp. 235-245). ACM.","DOI":"10.1145\/1653662.1653691"},{"key":"jeei.2013010102-13","doi-asserted-by":"crossref","unstructured":"Felt, A. P., Chin, E., Hanna, S., Song, D., & Wagner, D. (2011). Android permissions demystified. In Proceedings of the 18th ACM Conference on Computer and Communications Security (pp. 627-638). ACM.","DOI":"10.1145\/2046707.2046779"},{"key":"jeei.2013010102-14","doi-asserted-by":"crossref","unstructured":"Felt, A. P., Finifter, M., Chin, E., Hanna, S., & Wagner, D. (2011). A survey of mobile malware in the wild. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (pp. 3-14). ACM.","DOI":"10.1145\/2046614.2046618"},{"key":"jeei.2013010102-15","unstructured":"Felt, A. P., Wang, H. J., Moshchuk, A., Hanna, S., & Chin, E. (2011). Permission re-delegation: Attacks and defenses. In Proceedings of the 20th USENIX Security Symposium (Vol. 18, pp. 19-31)."},{"key":"jeei.2013010102-16","doi-asserted-by":"crossref","unstructured":"Hornyack, P., Han, S., Jung, J., Schechter, S., & Wetherall, D. (2011, October). These aren't the droids you're looking for: retrofitting android to protect data from imperious applications. In Proceedings of the 18th ACM conference on Computer and communications security, (pp. 639-652). ACM.","DOI":"10.1145\/2046707.2046780"},{"key":"jeei.2013010102-17","unstructured":"How to. Determine application capabilities. (n.d.). MSDN library. Retrieved November 21, 2012, from http:\/\/msdn.microsoft.com\/en-us\/library\/gg180730(v=vs.92).aspx"},{"key":"jeei.2013010102-18","unstructured":"Industry leaders announce open platform for mobile devices. (2007). Open handset alliance. Retrieved December 12, 2012, from http:\/\/www.openhandsetalliance.com\/press_110507.html"},{"key":"jeei.2013010102-19","doi-asserted-by":"crossref","unstructured":"Khan, S., Nauman, M., Othman, A. T., & Musa, S. (2012). How secure is your smartphone: An analysis of smartphone security mechanisms. In Proceedings of the 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec) (pp. 76-81). IEEE.","DOI":"10.1109\/CyberSec.2012.6246082"},{"key":"jeei.2013010102-20","article-title":"Study of privilege escalation attack on android and its countermeasures.","author":"R.Mathew","year":"2012","journal-title":"International Journal of Engineering Science"},{"key":"jeei.2013010102-21","doi-asserted-by":"crossref","unstructured":"Nauman, M., Khan, S., & Zhang, X. (2010). Apex: Extending android permission model and enforcement with user-defined runtime constraints. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (pp. 328-332). ACM.","DOI":"10.1145\/1755688.1755732"},{"key":"jeei.2013010102-22","doi-asserted-by":"publisher","DOI":"10.1002\/sec.360"},{"key":"jeei.2013010102-23","unstructured":"Schonfeld, E. (2012). How Google and Apple won the smartphone wars. Tech Crunch. Retrieved December 12, 2012, from http:\/\/techcrunch.com\/2012\/01\/02\/chart-google-apple-smartphone-wars\/"},{"key":"jeei.2013010102-24","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30436-1_36"},{"key":"jeei.2013010102-25","unstructured":"Yan, L. K., & Yin, H. (2012, August). Droidscope: Seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis. In Proceedings of the 21st USENIX Security Symposium."},{"key":"jeei.2013010102-26","doi-asserted-by":"crossref","unstructured":"Zhou, Y., & Jiang, X. (2012, May). Dissecting android malware: Characterization and evolution. In Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP) (pp. 95-109). IEEE.","DOI":"10.1109\/SP.2012.16"}],"container-title":["International Journal of E-Entrepreneurship and Innovation"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=81261","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,1]],"date-time":"2022-06-01T15:31:39Z","timestamp":1654097499000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jeei.2013010102"}},"subtitle":["Case Study and Refinement"],"short-title":[],"issued":{"date-parts":[[2013,1,1]]},"references-count":27,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2013,1]]}},"URL":"https:\/\/doi.org\/10.4018\/jeei.2013010102","relation":{},"ISSN":["1947-8585","1947-8593"],"issn-type":[{"value":"1947-8585","type":"print"},{"value":"1947-8593","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,1,1]]}}}