EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Security considerations related to the use of mobile devices in the operation of critical infrastructures

Alessandro Armando, Alessio Merlo and Luca Verderame

International Journal of Critical Infrastructure Protection, 2014, vol. 7, issue 4, 247-256

Abstract: An increasing number of attacks by mobile malware have begun to target critical infrastructure assets. Since malware attempts to defeat the security mechanisms provided by an operating system, it is of paramount importance to understand the strengths and weaknesses of the security frameworks of mobile device operating systems such as Android. Many recently discovered vulnerabilities suggest that security issues may be hidden in the cross-layer interplay between the Android layers and the underlying Linux kernel. This paper presents an empirical security evaluation of the interactions between Android layers. The experiments indicate that the Android Security Framework does not discriminate between callers of invocations to the Linux kernel, thereby enabling Android applications to directly interact with the kernel. This paper shows how this trait allows malware to adversely affect the security of mobile devices by exploiting previously unknown vulnerabilities unveiled by analyses of the Android interplay. The impact of the resulting attacks on critical infrastructures is discussed. Finally, an enhancement to the Android Security Framework is proposed for detecting and preventing direct kernel invocations by applications, thereby dramatically reducing the impact of malware.

Keywords: Mobile devices; Android; Malware; Cross-layer interplay; Security; Critical infrastructure (search for similar items in EconPapers)
Date: 2014
References: View complete reference list from CitEc
Citations: View citations in EconPapers (1)

Downloads: (external link)
http://www.sciencedirect.com/science/article/pii/S1874548214000626
Full text for ScienceDirect subscribers only

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:eee:ijocip:v:7:y:2014:i:4:p:247-256

DOI: 10.1016/j.ijcip.2014.10.002

Access Statistics for this article

International Journal of Critical Infrastructure Protection is currently edited by Leon Strous

More articles in International Journal of Critical Infrastructure Protection from Elsevier
Bibliographic data for series maintained by Catherine Liu ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:eee:ijocip:v:7:y:2014:i:4:p:247-256