Author(s)

Hui Li, Limin Shen, Chuan Ma, Meimei Wang, Honglei Tan and Hongwei Zhang

Corresponding Author

Limin Shen

ABSTRACT

For the problem of the user’s privacy data obtained through conspiracy attack with privilege escalation in a number of applications of the Android system, the detection method was proposed based on permission, component communication, data flow and role model. We classified the roles based on the detection of component’s communication, component’s permission and sensitive path pairs of application’s components, and finally the sensitive information flow paths in multi-role were detected, thereby the detection method constituting to privilege escalation attack for multi-application was ascertained. The experience result showed that we proposed method was effective for detect privilege escalation attack, and pointed out applications with potential security hazards.

KEYWORDS

Privilege escalation attack; privacy data; component communication; role model; sensitive path pairs