The android security project mainly deals with mitigating (application level) privilege escalation attacks in android using the Message Filter model. Of late many applications, even those which focus primarilty on security-related issues, have been shown to be susceptible to these attacks.

Privilege escalation attacks can happen both at kernel and user level. Kernel level attack mainly results in applications gaining root access, whereas user level attack involves applications escalating their privileges to perform some malicious activity. Generally user level privilege escalation attacks are classified as confused deputy and collusion attacks. In confused deputy, a malicious application tries to target the unprotected interfaces in other applications to send SMS, download files and do premium rate phone calls. Collusion attack involves two or more applications combining their privileges and mounting an attack. For e.g An application which has "contacts" permission colluding with other application that has internet access to send the contact details to an external server.

Basically the Message Filter model (Message filters for hardening the linux kernel) is based on our previous work (Message Filter abstraction for object oriented systems). Message Filters are built on top of object oriented wrappers for linux kernel to dynamically add various filtering capabilities to the kernel. It supports dynamic addition/deletion of filters and is also generic enough to handle wide range of security issues. As message filters operate at kernel level, they are more efficient and secure than other user space frameworks.

Latest Development

Using the Message Filter model we have implemented security policies to handle privilege escalation attacks. Message filters transparently intercept system calls and add security policies at run time. We have also developed a simple SMS limiter filter, which works by limiting the number of SMS sent per day or hour thereby reducing the damage in the face of an attack.