An Attack-Defense Model for the Binder on the Android Kernel Level
In this paper, we consider to seek vulnerabilities and we conduct possible attacks on the crucial and essential parts of Android OSs architecture including the framework and the Android kernel layers. As a regard, we explain the Binder component of Android OS from security point of view. Then, we demonstrate how to penetrate into the Binder and control data exchange mechanism in Android OS by proposing a kernel level attack model based on the hooking method. In addition, we provide a method to detect these kinds of attacks on Android frameworks and the kernel layer. As a result, by implementing the attack model, it is illustrated that the Android processes are detectable and the data can be extracted from any process and system calls. On the other hand, by using our detection proposed method the possibility of using this attack approach in the installed applications on the Android smartphones will be sharply decreased.
 F. Daryabar, A. Dehghantanha, B. Eterovic-Soric, and K.-K. R. Choo, “Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices,” Aust. J. Forensic Sci., pp. 1–28, 2016.
 N. Artenstein and I. Revivo, “Man in the binder: He who controls ipc, controls the droid,” Eur. BlackHat Conf, 2014.
 A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, “A survey of mobile malware in the wild,” in Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, 2011, pp. 3–14.
 K. Tam, S. J. Khan, A. Fattori, and L. Cavallaro, “CopperDroid: Automatic Reconstruction of Android Malware Behaviors.,” in NDSS, 2015.
 R. Raveendranath, V. Rajamani, A. J. Babu, and S. K. Datta, “Android malware attacks and countermeasures: Current and future directions,” in Control, Instrumentation, Communication and Computational Technologies (ICCICCT), 2014 International Conference on, 2014, pp. 137–143.
 I. Lookout, “Lookout Mobile Threat Report August 2011,” 2011.
 J. Crussell, C. Gibler, and H. Chen, “Attack of the clones: Detecting cloned applications on android markets,” in Computer Security–ESORICS 2012, Springer, 2012, pp. 37–54.
 W. Zhou, X. Zhang, and X. Jiang, “AppInk: watermarking android apps for repackaging deterrence,” in Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, 2013, pp. 1–12.
 W. Zhou, Y. Zhou, X. Jiang, and P. Ning, “Detecting repackaged smartphone applications in third-party android marketplaces,” in Proceedings of the second ACM conference on Data and Application Security and Privacy, 2012, pp. 317–326.
 R. Potharaju, A. Newell, C. Nita-Rotaru, and X. Zhang, “Plagiarizing smartphone applications: attack strategies and defense techniques,” in Engineering Secure Software and Systems, Springer, 2012, pp. 106–120.
 S. Hanna, L. Huang, E. Wu, S. Li, C. Chen, and D. Song, “Juxtapp: A scalable system for detecting code reuse among android applications,” in Detection of Intrusions and Malware, and Vulnerability Assessment, Springer, 2012, pp. 62–81.
 M. Zheng, M. Sun, and J. Lui, “DroidRay: a security evaluation system for customized android firmwares,” in Proceedings of the 9th ACM symposium on Information, computer and communications security, 2014, pp. 471–482.
 L. Wu, M. Grace, Y. Zhou, C. Wu, and X. Jiang, “The impact of vendor customizations on android security,” in Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, 2013, pp. 623–634.
 W. Enck, M. Ongtang, and P. McDaniel, “Understanding android security,” IEEE Secur. Priv., no. 1, pp. 50–57, 2009.
 A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, “Android permissions demystified,” in Proceedings of the 18th ACM conference on Computer and communications security, 2011, pp. 627–638.
 K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie, “Pscout: analyzing the android permission specification,” in Proceedings of the 2012 ACM conference on Computer and communications security, 2012, pp. 217–228.
 W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, “A Study of Android Application Security.,” USENIX Secur. Symp., vol. 2, p. 2, 2011.
 S. Jana and V. Shmatikov, “Memento: Learning secrets from process footprints,” in Security and Privacy (SP), 2012 IEEE Symposium on, 2012, pp. 143–157.
 J. Jeon et al., “Dr. Android and Mr. Hide: fine-grained permissions in android applications,” in Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices, 2012, pp. 3–14.
 M. Conti, V. T. N. Nguyen, and B. Crispo, “CRePE: context-related policy enforcement for android,” in Information Security, Springer, 2010, pp. 331–345.
 S. Bugiel, S. Heuser, and A.-R. Sadeghi, “Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies.,” in Usenix security, 2013, pp. 131–146.
 M. Salehi, F. Daryabar, and M.H. Tadayon, “Welcome to Binder: A kernel level attack model for the Binder in Android operating system.,” in 8th International Symposium on Telecommunications (IST), 2016.
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)