Attacking Android system security layers : an implementation of several proofs of concept

Thumbnail Image
Publication date
Defense date
Journal Title
Journal ISSN
Volume Title
Google Scholar
Research Projects
Organizational Units
Journal Issue
The purpose of the present thesis is to classify, explain and exemplify, via proofs of concept, some of the different approaches through which the Android system security elements can be overridden, granting access to unauthorized resources. The scope of the present thesis will comprehend the following stages, from definition to data analysis: - Identifying, listing and defining a set of different possible attacks to the Android system security layers. - Determining the feasibility and prerequisites per each defined attack. - Defining the success boundaries, per each. - Implementing proofs of concept able to reach those boundaries. - Collection and analysis of results, determining the estimated potential risk. Since the basis of the thesis consists of exploiting security flaws, feasibility will often depend on a complex set of factors, such as software versions, type of hardware, connectivity, etc. Thus, an attack can be considered feasible if there's at least one way to be reproduced - the minimum required environment will be explained for each different attack. Success boundaries are defined as the minimum set of collectable evidence, expected to be the outcome of a favorable attack. Therefore, it stands for the individual metric that determines success or failure of a single attack. A proof of concept will be the implementation of an attack, able to achieve the success boundaries from the environment defined in the feasibility stage. Estimated potential risk will be defined as a compound of metrics, such as sensitivity of reached data or device, denial of service, data tampering risks, reversibility, and reproducibility, amongst others. Since not all of these metrics are objective values, they will be weighed accordingly and explained separately in its computation.
Seguridad informática, Protección de datos, Android (Sistema operativo)
Bibliographic citation