| Android system has the largest market share in the mobile smartphone operating system, however this prosperity exposed the vulnerabilities of Android which attract attackers. Two reasons were accused for the security defect:the disordered management of App market and the fragmentation of Android versions, with the release of Android4.0and later versions, Google gradually strengthened the control in these two areas, the current security status of the Android system has been improved greatly.In addition to the ecological fragility, Android’s internal security mechanisms are also defective to lead to security risks. There are many efforts that try to enhance Android security, each method has its typical application scenarios, but usual lack practicability and ultimately was not accepted by the official Android. In this paper we utilized the MAC of SELinux, which has been incorporated with the source code of Android, a privilege escalation security framework has been presented, in this framework we can assure that privileged applications could only operate in a limited set of privileged commands, users can benefit from privilege escalation while make the possible security threats lowest. The main contents of this paper include:Firstly, proposed a secure framework for privilege escalation. Study existing solutions of privilege escalation, analyze the deficiencies and identify the possible improvements. Study access control of SELinux and track its migration to Android, the framework leverage extensible policy of SELinux, policies are provided by application developers and could be managed in centralized way. With this framework, the potential risk is predictable and issue is traceable.secondly, an analysis was given for the security framework of privilege escalation. Describe components need to modified of the existing system, introduce key functional code and calling procedure in the implementation. A test application was implemented to verify the feasibility and effectiveness of our framework. |
PDF Full Text Request