Please use this identifier to cite or link to this item:
Title: Threat analysis of android capability leaks
Authors: Cilia, Rachel
Keywords: Android (Electronic resource)
Operating systems (Computers) -- Security measures
Computer software -- Development
Issue Date: 2016
Abstract: Android uses a permission-based security model wherein sensitive information and phone features are protected with user granted permissions. However, a malicious ap- plication may inherit a permission from another application without the user's consent or knowledge through exploitation. These are known as capability leaks. The aim of this work is to conduct threat analysis of such leaks. The first part of this work attempts to enumerate all possible inter-process communica- tion (IPC) constructs which may lead to capability leaks as well as assess the exploit-ability of each of them through the implementation of a penetration testing tool. This tool enu- merates Activity and Service components which are unsecured and make use of permissions and then attempts to exploit these components. Additional information may be needed to successfully exploit the component, hence the application package is disassembled to obtain an intermediate representation of the source code which is then scanned. It was concluded that the ease of exploitation depends on the ease of nding the required information to successfully exploit the vulnerable component. The penetration test tool created in this work is the rst of its kind as there are currently no penetration test tools available. The risk assessment is followed up with memory forensics wherein snapshots of the device's memory are taken after simulating capability leaks across di erent IPC constructs and hence locate ongoing capability leaks. Artefact locations across the di erent Android layers were predicted and then tested by implementing a memory analysis tool which attempts to locate these artefacts. This tool parses Linux data structures to locate memory maps of active processes and hence locate artefacts in memory which provide information on communicating processes. Memory artefacts of the object used to initialize communication were successfully found in the Android Runtime. Memory mappings to the process heap were also scanned for artefacts, however, none were located as these memory sections are frequently recycled.
Description: B.SC.(HONS)COMP.SCI.
Appears in Collections:Dissertations - FacICT - 2016
Dissertations - FacICTCS - 2016

Files in This Item:
File Description SizeFormat 
  Restricted Access
986.83 kBAdobe PDFView/Open Request a copy

Items in OAR@UM are protected by copyright, with all rights reserved, unless otherwise indicated.