Triaging Android Systems Using Bayesian Attack Graphs

Mobile computing systems, such as Android, face additional risks because their business models allow the deployment of untrusted, third-party apps. Unlike remote adversaries, these apps may exploit filesystem resources shared with more privileged apps and services to escalate privilege. Despite advancements in Android access control enforcement, adversaries continue to discover new vulnerabilities that exploit filesystem resources. A challenge is to prioritize the many privileged apps and services in an Android system for proactive vulnerability analysis against such attacks. To solve this problem, we propose a method to triage Android systems by transforming Android access control policies into Bayesian attack graphs automatically. Using the Bayesian attack graphs, we propose to prioritize programs based on their exploit probabilities (i.e., likelihood that this program may be exploited) and node centrality (i.e., importance of this program in propagating attacks). We perform a first feasibility and efficacy analysis of our approach by generating Bayesian attack graphs for Android 12 systems consisting of hundreds of applications, finding one new vulnerability and correlating recently discovered vulnerabilities. Our preliminary results show that this method offers a promising systematic approach for defenders to assess Android systems and identify the most crucial programs to test for vulnerabilities.