Next Article in Journal
Efficiency Analysis of Regional Innovation Development Based on DEA Malmquist Index
Next Article in Special Issue
MoLaBSS: Server-Specific Add-On Biometric Security Layer Model to Enhance the Usage of Biometrics
Previous Article in Journal
Forecasting Net Income Estimate and Stock Price Using Text Mining from Economic Reports
Previous Article in Special Issue
Security and Privacy of QR Code Applications: A Comprehensive Study, General Guidelines and Solutions
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Information
Volume 11
Issue 6
10.3390/info11060293
Review Report
information-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Risk Measurement Method for Privilege Escalation Attacks on Android Apps Based on Process Algebra

Information 2020, 11(6), 293; https://doi.org/10.3390/info11060293
by Limin Shen 1, Hui Li 1,2,*, Hongyi Wang 3, Yihuan Wang 1, Jiayin Feng 1,4 and Yuqing Jian 1,4
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Information 2020, 11(6), 293; https://doi.org/10.3390/info11060293
Submission received: 11 April 2020 / Revised: 2 May 2020 / Accepted: 28 May 2020 / Published: 30 May 2020
(This article belongs to the Special Issue Cyberspace Security, Privacy & Forensics)

Round 1

Reviewer 1 Report

Technical note concerns Figure 4. It would be better to read if it were negative.

 

The article deals with very important issues of system security based on Android. This is especially important due to the fact that not only telephones become devices working under this system, but also applies to e.g. household appliances such as televisions, refrigerators and coffee makers. The authors present a method of analyzing and predicting the risk associated with attacks on Android applications. The article presents well the literature on the subject, which indicates a good understanding of the authors in the subject matter and knowledge of the state of art. The way of describing the issues raised in the article is clear and transparent. Technical note concerns Figure 4. It would be better to read if it were negative.

Author Response

Please see the attachment

Author Response File: Author Response.pdf

Reviewer 2 Report

The document presents a method to measure the risk of Android APK using a mathematical process.

The proposed method is quite complex, but the content of the paper is well explained.

Some improvement:

Figure 5 presents the cost of the process for a group of Android application. You can look at two groups of those apps, in (b) for example, but this problem is not detailed in the paper, why are there two type of apps?

same for figure 5a.

The type of applications chosen can determine the experimental results. An application that only needs an Internet connection is not the same as one similar to WhatsApp, which needs many privileges, and which can condition the final decision of the proposed method with interaction with the first simple application.

Figure 7 shows the size of the app, how it affects to the final results? whay the size is showed?

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

This manuscript is a resubmission of an earlier submission. The following is a list of the peer review reports and author responses from that submission.


Round 1

Reviewer 1 Report

The paper intended to address process algebra based risk measurement of the privilege escalation attacks in Android apps. The writing is poor and really made it very difficult to comprehend the contents of the paper.

Unfortunately, extensive editing of English language and style are required. The writing needs to improve substantially as there are many sentences that do not really make sense. An example sentence ‘However, the application layer privilege escalation attack composed of multi-app collusion is based on multiple independent and secure app collusions, marking it more covert.’ What does ‘ASM’ stands for? You need to define acronym such as ‘ASM’ before using them.

The introduction does not provide sufficient background and include all relevant references.

I believe the authors are addressing detection of malware on Android. What is the reason for interjecting ‘Internet of Things (IoT)’ in the paper? I see no reason unless you can provide strong justification. My understanding is that you are claiming that the detection effect of a single app is not good as in this statement ‘Because of the uniqueness of the attack, the detection effect of a single app is not good.’ This tells me that you wanted to consider multi-apps scenario. Having read the paper I am not quite sure this is the case.

A lot of undefined concepts in the paper such as ‘privilege escalation vulnerabilities’, ‘privilege escalation attack’, ‘application layer privilege escalation’, ‘confused deputy attacks’, ‘detection of multi-app collusion’, and many more. You need to define what these concepts mean. What leads to ‘privilege escalation attack’ to be realised?

What do you mean by ‘the percentage of privilege escalation vulnerabilities has increased, and the proportion of devices affected by privilege escalation vulnerabilities has also increased significantly’?

What do you mean by ‘the percentage of privilege escalation vulnerabilities has increased’? Please explain how this vulnerability increases and provide the evidences.

What do you mean by ‘the proportion of devices affected by privilege escalation vulnerabilities has also increased significantly’? Do you mean Android devices? Please explain how devices are affected by privilege escalation vulnerability. Also provide the evidences.

The list of references miss recent developments in the area. In particular, the majority of the related work cited in the paper are weakly related to the main theme of the paper. For example, papers in ‘software dependability’, ‘security trust of software’, ‘software trustworthiness’, ‘the detection of malware on Android’

The methods used are not adequately described and very confusing. Although the authors discuss about feature extraction, how the authors address this is not totally evident from the paper. For what the extracted ‘Feature Set’ are for the attack behavior and why they are extracted.

The research design is not appropriately described. For example, the experimental setup is not described and 51 apps are too small to use for testing. No validation for the experiments are given.

The results are not clearly presented and discussed. The conclusion is poorly presented like any other sections.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

This paper presents a method to measure the risk of a single Android app that can construct privilege escalation attacks. It makes up the deficiency of the current method lacking and in measuring inaccurate of collusion privilege escalation attack. Construction and extraction of attack behavior feature set is the first step in this method, including permissions of the application, component intent communication, sensitive data flow acquisition, etc. Then process algebra was used to build the application-behavior model and attack model based on behavior feature set. Behavior weak equivalence, non- equivalence, and risk measurement function were defined. They were used to determine the behavior of app and risk measurement. The method is evaluated with the case and 54 apps from app market, and measurement values of weak equivalent apps are above 0.86.

Strengths: 
1. This paper tries to address an interesting and important problem.

  1. The idea of modeling apps' behavior and attack behavior, using equivalent concept to determine apps' behavior, and constructing measurement function is good and original.
  2. It is technically sound to extract attack behavior feature set by static method.
  3. The experiment shows that this method is effective and reasonable.
  4. The title is applicable and appropriate.

This paper is well organized and has the potential of yielding a publication after addressing the following drawbacks carefully.

Weaknesses:

  1. The overall language of this paper is relatively smooth, but there are still some misnomers, grammatical errors, etc.
  2. The illustrations of this risk measurement method are not clear enough in section 1.
  3. The contents of related work section are elaborate simply. This part should be improved.
  4. The validity of the method was analyzed through experiments. But there is no detailed explanation for how to selected apps.
  5. In Formula (3), Definition 1, and Definition 2, some math language used is confusing.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 2 Report

After the author's modification, the paper has met the requirements. The reviewer recommends acceptance of the paper for publication.

Back to TopTop