Computer Security – ESORICS 2013

Volume 8134 of the series Lecture Notes in Computer Science pp 775-792

Run-Time Enforcement of Information-Flow Properties on Android

(Extended Abstract)
  • Limin JiaAffiliated withCarnegie Mellon University
  • , Jassim AljuraidanAffiliated withCarnegie Mellon University
  • , Elli FragkakiAffiliated withCarnegie Mellon University
  • , Lujo BauerAffiliated withCarnegie Mellon University
  • , Michael StrouckenAffiliated withCarnegie Mellon University
  • , Kazuhide FukushimaAffiliated withKDDI R&D Laboratories, Inc.
  • , Shinsaku KiyomotoAffiliated withKDDI R&D Laboratories, Inc.
  • , Yutaka MiyakeAffiliated withKDDI R&D Laboratories, Inc.

* Final gross prices may vary according to local VAT.

Get Access


Recent years have seen a dramatic increase in the number and importance of mobile devices. The security properties that these devices provide to their applications, however, are inadequate to protect against many undesired behaviors. A broad class of such behaviors is violations of simple information-flow properties. This paper proposes an enforcement system that permits Android applications to be concisely annotated with information-flow policies, which the system enforces at run time. Information-flow constraints are enforced both between applications and between components within applications, aiding developers in implementing least privilege. We model our enforcement system in detail using a process calculus, and use the model to prove noninterference. Our system and model have a number of useful and novel features, including support for Android’s single- and multiple-instance components, floating labels, declassification and endorsement capabilities, and support for legacy applications. We have developed a prototype of our system on Android 4.0.4 and tested it on a Nexus S phone, verifying that it can enforce practically useful policies that can be implemented with minimal modification to off-the-shelf applications.