A root privilege management scheme with revocable authorization for Android devices

摘要

As a critical part in mobile cloud computing, the vulnerability of Android devices can directly affect the security of the mobile cloud. The unsecured Android can be potentially exploited by malwares to obtain the root privilege. Root privilege misuse is the critical issue for Android security, which breaks the integrity of Android security and rises the risk of permission escalation from malwares. The existing solutions still fail to balance the trade-off between the users desires on using root privilege and the Android security, which lays risks in leading to the root privilege misuse. To address this issue, a root privilege management scheme named Root Privilege Manager (RPM) is proposed, which adopts the root privilege access control to guarantee the exclusive root access opportunity of the authenticated apps. RPM verifies the authorization and integrity of root requesting apps based on the extracted authorization files during app installation, and then root access management controls the granting of root privilege based on the authenticated results. In this way, the end users are free from the embarrassment of appropriate decision-making while confront root access management. The prototype of RPM is implemented to evaluate its effectiveness, efficiency and performance. The experiments show RPM can effectively control the granting of root privilege and the time consumption in root access management is increased by 0.21%-0.94% respectively compared with the user management.