The android security project mainly deals with mitigating (application level) privilege escalation attacks
in android using the Message Filter model. Of late many applications, even those which focus primarilty on security-related issues,
have been shown to be susceptible to these attacks.
Privilege escalation attacks can happen both at kernel and user level. Kernel level attack mainly results in
applications gaining root access, whereas user level attack involves applications escalating their
privileges to perform some malicious activity. Generally user level privilege escalation attacks are
classified as confused deputy and collusion attacks. In confused deputy, a malicious application tries
to target the unprotected interfaces in other applications to send SMS, download files and do
premium rate phone calls. Collusion attack involves two or more applications combining their
privileges and mounting an attack. For e.g An application which has "contacts" permission colluding
with other application that has internet access to send the contact details to an external server.
Basically the Message Filter model (Message filters for hardening the linux kernel) is based on our
previous work (Message Filter abstraction for object oriented systems). Message Filters are built on
top of object oriented wrappers for linux kernel to dynamically add various filtering capabilities to the
kernel. It supports dynamic addition/deletion of filters and is also generic enough to handle wide range
of security issues. As message filters operate at kernel level, they are more efficient and secure than
other user space frameworks.
Using the Message Filter model we have implemented security policies to handle privilege
escalation attacks. Message filters transparently intercept system calls and add security policies at
run time. We have also developed a simple SMS limiter filter, which works by limiting the number of SMS sent
per day or hour thereby reducing the damage in the face of an attack.