Run-Time Enforcement of Information-Flow Properties on Android
- Limin JiaAffiliated withCarnegie Mellon University
- , Jassim AljuraidanAffiliated withCarnegie Mellon University
- , Elli FragkakiAffiliated withCarnegie Mellon University
- , Lujo BauerAffiliated withCarnegie Mellon University
- , Michael StrouckenAffiliated withCarnegie Mellon University
- , Kazuhide FukushimaAffiliated withKDDI R&D Laboratories, Inc.
- , Shinsaku KiyomotoAffiliated withKDDI R&D Laboratories, Inc.
- , Yutaka MiyakeAffiliated withKDDI R&D Laboratories, Inc.
Recent years have seen a dramatic increase in the number and importance of mobile devices. The security properties that these devices provide to their applications, however, are inadequate to protect against many undesired behaviors. A broad class of such behaviors is violations of simple information-flow properties. This paper proposes an enforcement system that permits Android applications to be concisely annotated with information-flow policies, which the system enforces at run time. Information-flow constraints are enforced both between applications and between components within applications, aiding developers in implementing least privilege. We model our enforcement system in detail using a process calculus, and use the model to prove noninterference. Our system and model have a number of useful and novel features, including support for Android’s single- and multiple-instance components, floating labels, declassification and endorsement capabilities, and support for legacy applications. We have developed a prototype of our system on Android 4.0.4 and tested it on a Nexus S phone, verifying that it can enforce practically useful policies that can be implemented with minimal modification to off-the-shelf applications.
- Run-Time Enforcement of Information-Flow Properties on Android
- Book Title
- Computer Security – ESORICS 2013
- Book Subtitle
- 18th European Symposium on Research in Computer Security, Egham, UK, September 9-13, 2013. Proceedings
- pp 775-792
- Print ISBN
- Online ISBN
- Series Title
- Lecture Notes in Computer Science
- Series Volume
- Series ISSN
- Springer Berlin Heidelberg
- Copyright Holder
- Springer-Verlag Berlin Heidelberg
- Additional Links
- Industry Sectors
- eBook Packages
- Editor Affiliations
- 16. Information Security Group, University of London, Royal Holloway
- 17. Center for Secure Information Systems, George Mason University
- Author Affiliations
- 18. Carnegie Mellon University, Pittsburgh, USA
- 19. KDDI R&D Laboratories, Inc., Tokyo, Japan
To view the rest of this content please follow the download PDF link above.