Defects-in-Depth: Analyzing the Integration of Effective Defenses against One-Day Exploits in Android Kernels

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

With the mobile phone market exceeding one billion units sold in 2023, ensuring the security of these devices is critical.
However, recent research has revealed worrying delays in the deployment of security-critical kernel patches, leaving devices vulnerable to publicly known one-day exploits. While
the mainline Android kernel has seen an increase in defense mechanisms, their integration and effectiveness in vendor supplied kernels are unknown at a large scale.
In this paper, we systematically analyze publicly available one-day exploits targeting the Android kernel over the past three years. We identify multiple exploitation flows repre-
senting vulnerability-agnostic strategies to gain high privileges. We then demonstrate that integrating defense-in-depth mechanisms from the mainline Android kernel could mitigate
84.6 % of these exploitation flows. In a subsequent analysis of 994 devices, we reveal a widespread absence of effective defenses across vendors. Depending on the vendor, only 28.8 % to 54.6 % of exploitation flows are mitigated, indicating a 4.62 to 2.951 times worse scenario than the mainline kernel.
Further delving into defense mechanisms, we reveal weaknesses in vendor-specific defenses and advanced exploitation techniques bypassing defense implementations. As these de-
velopments pose additional threats, we discuss potential solutions. Lastly, we discuss factors contributing to the absence of effective defenses and offer improvement recommenda-
tions. We envision that our findings will guide the inclusion of effective defenses, ultimately enhancing Android security.
Original languageEnglish
Title of host publicationUsenix Security Symposium 2024
Publication statusAccepted/In press - 14 Aug 2024
Event33rd USENIX Security Symposium: USENIX Security 2024 - Philadelphia Marriott Downtown, Philadelphia, United States
Duration: 14 Aug 202416 Aug 2024
https://www.usenix.org/conference/usenixsecurity24

Conference

Conference33rd USENIX Security Symposium: USENIX Security 2024
Abbreviated titleUSENIX
Country/TerritoryUnited States
CityPhiladelphia
Period14/08/2416/08/24
Internet address

Fingerprint

Dive into the research topics of 'Defects-in-Depth: Analyzing the Integration of Effective Defenses against One-Day Exploits in Android Kernels'. Together they form a unique fingerprint.

Cite this