1. Introduction
Android consists of a Java stack built on top of a native Linux kernel. Services and functionalities are achieved through
the interplay of components residing at different layers of the operating system. The Android Security Framework (ASF)
consists of a number of cross-layer security solutions combining basic Linux security mechanisms (e.g. Discretionary Access
Control), the app isolation offered by the Java Virtual Machine execution environment and Android-specific mechanisms
(e.g. the Android permission system).
The security offered by the ASF has been recently challenged by the discovery of a number of vulnerabilities involving all
layers of the Android stack (see, e.g., [1–3]). The analysis of these interplay-related vulnerabilities indicates that
• the security mechanisms of the Android stack (both Java native and Android-specific) are not completely integrated with
those in the Linux kernel, thereby allowing insecure interplay among layers;
• malicious and unprivileged Android applications can directly interact with the underlying Linux kernel, thereby
by-passing the controls performed by the ASF.