Next Article in Journal
Efficiency Analysis of Regional Innovation Development Based on DEA Malmquist Index
Next Article in Special Issue
MoLaBSS: Server-Specific Add-On Biometric Security Layer Model to Enhance the Usage of Biometrics
Previous Article in Journal
Forecasting Net Income Estimate and Stock Price Using Text Mining from Economic Reports
Previous Article in Special Issue
Security and Privacy of QR Code Applications: A Comprehensive Study, General Guidelines and Solutions
Open AccessArticle

Risk Measurement Method for Privilege Escalation Attacks on Android Apps Based on Process Algebra

1
School of Information Science and Engineering, Yanshan University, Qinhuangdao 066004, China
2
School of Business Administration, Hebei Normal University of Science &Technology, Qinhuangdao 066004, China
3
Department of Commerce and Trade, Qinhuangdao Vocational and Technical College, Qinhuangdao 066100, China
4
School of Mathematics and Information Science & Technology, Hebei Normal University of Science &Technology, Qinhuangdao 066004, China
*
Author to whom correspondence should be addressed.
Information 2020, 11(6), 293; https://doi.org/10.3390/info11060293
Received: 11 April 2020 / Revised: 2 May 2020 / Accepted: 28 May 2020 / Published: 30 May 2020
(This article belongs to the Special Issue Cyberspace Security, Privacy & Forensics)
On the Android platform, information leakage can use an application-layer privilege escalation attack composed of multi-app collusion. However, the detection effect of a single app that can construct privilege escalation attacks is not good. Furthermore, the existing software and app measurement methods are not applicable to the measurement of collusion privilege escalation attacks. We propose a method for measuring the risk of a single app by using process algebra to model and determine the attack behavior, and we construct a measurement function based on sensitive data transitions and the feature set of attack behavior. Through the analysis of the privilege escalation attack model, the feature set of attack behavior is obtained. Then, based on the extracted behavior feature set, process algebra is used to model the dangerous behavior of an app. The dangerous behavior of the app is determined by weak equivalence and non-equivalence, and finally the risk of the app is measured based on the measurement function. Three known applications are used to verify the attack, and the risk measurement values are above 0.98. Based on the classification of applications on the market, we select typical apps in each category to build the test set. Benchmark tests and test set experiments show that the risk measurement results are consistent with the actual detection results, verifying the feasibility and effectiveness of this method. View Full-Text
Keywords: process algebra; privilege escalation attack; risk measurement; behavior feature set process algebra; privilege escalation attack; risk measurement; behavior feature set
Show Figures

Figure 1

MDPI and ACS Style

Shen, L.; Li, H.; Wang, H.; Wang, Y.; Feng, J.; Jian, Y. Risk Measurement Method for Privilege Escalation Attacks on Android Apps Based on Process Algebra. Information 2020, 11, 293.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Search more from Scilit
 
Search
Back to TopTop