Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security and Privacy in Communication Systems

SecureComm 2015: Security and Privacy in Communication Networks pp 3–22Cite as

FineDroid: Enforcing Permissions with System-Wide Application Execution Context

  • Conference paper

Abstract

To protect sensitive resources from unauthorized use, modern mobile systems, such as Android and iOS, design a permission-based access control model. However, current model could not enforce fine-grained control over the dynamic permission use contexts, causing two severe security problems. First, any code package in an application could use the granted permissions, inducing attackers to embed malicious payloads into benign apps. Second, the permissions granted to a benign application may be utilized by an attacker through vulnerable application interactions. Although ad hoc solutions have been proposed, none could systematically solve these two issues within a unified framework.

This paper presents the first such framework to provide context-sensitive permission enforcement that regulates permission use policies according to system-wide application contexts, which cover both intra-application context and inter-application context. We build a prototype system on Android, named FineDroid, to track such context during the application execution. To flexibly regulate context-sensitive permission rules, FineDroid features a policy framework that could express generic application contexts. We demonstrate the benefits of FineDroid by instantiating several security extensions based on the policy framework, for two potential users: administrators and developers. Furthermore, FineDroid is showed to introduce a minor overhead.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ad vulna: A vulnaggressive (vulnerable & aggressive) adware threatening millions. http://www.fireeye.com/blog/technical/2013/10/ad-vulna-a-vulnaggressive-vulnerable-aggressive-adware-threatening-millions.html

  2. Android asynctask class. http://developer.android.com/reference/android/os/AsyncTask.html

  3. Android handler class. http://developer.android.com/reference/android/os/Handler.html

  4. Android message class. http://developer.android.com/reference/android/os/Message.html

  5. Android remains the leader in the smartphone operating system market. http://www.idc.com/getdoc.jsp?containerId=prUS24108913

  6. Proguard. http://developer.android.com/tools/help/proguard.html

  7. Send\(\_\)sms capability leak in android open source project. http://www.csc.ncsu.edu/faculty/jiang/send_sms_leak.html

  8. Smishing vulnerability in multiple android platforms. http://www.csc.ncsu.edu/faculty/jiang/smishing.html

  9. Sophos security threat report (2013). http://www.sophos.com/en-us/security-news-trends/reports/security-threat-report/android-malware.aspx

  10. Backes, M., Bugiel, S., Gerling, S.: Scippa: System-centric ipc provenance on android. In: Proc. ACSAC 2014 (2014)

    Google Scholar 

  11. Bond, M.D., Mckinley, K.S.: Probabilistic calling context. In: Proc. of OOPSLA 2007 (2007)

    Google Scholar 

  12. Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R.: Xmandroid: A new android evolution to mitigate privilege escalation attacks. In: Technical report TR-2011-04, Technische Universität Darmstadt (2011)

    Google Scholar 

  13. Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R., Shastry, B.: Towards taming privilege-escalation attacks on android. In: Proc. of NDSS 2012 (2012)

    Google Scholar 

  14. Bugiel, S., Davi, L., Dmitrienko, A., Heuser, S., Sadeghi, A.-R., Shastry, B.: Practical and lightweight domain isolation on android. In: Proc. of SPSM 2011 (2011)

    Google Scholar 

  15. Bugiel, S., Heuser, S., Sadeghi, A.-R.: Flexible and fine-grained mandatoryaccess control on android for diverse security and privacy policies. In: Proc. of USENIXSecurity 2013 (2013)

    Google Scholar 

  16. Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-applicationcommunication in android. In: Proc. of MobiSys 2011 (2011)

    Google Scholar 

  17. Conti, M., Nguyen, V.T.N., Crispo, B.: Crepe: context-related policy enforcement for android. In: Proc. of ISC 2010 (2010)

    Google Scholar 

  18. Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., Wallach, D.S.: Quire:lightweight provenance for smart phone operating systems. In: Proc. of Security 2011 (2011)

    Google Scholar 

  19. Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., Mcdaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proc. of OSDI 2010 (2010)

    Google Scholar 

  20. Felt, A.P., Wang, H.J., Moshchuk, A., Hanna, S., Chin, E.: Permission redelegation: attacks and defenses. In: Proc. of USENIX Security 2011 (2011)

    Google Scholar 

  21. Grace, M., Zhou, Y., Wang, Z., Jiang, X.: Systematic detection of capabilityleaks in stock android smartphones. In: Proc. of NDSS 2012 (2012)

    Google Scholar 

  22. Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications. In: Proc. of CCS 2011 (2011)

    Google Scholar 

  23. Jeon, J., Micinski, K.K., Vaughan, J.A., Fogel, A., Reddy, N., Foster, J.S., Millstein, T.: Dr. android and mr. hide: fine-grained permissions in androidapplications. In: Proc. of SPSM 2012 (2012)

    Google Scholar 

  24. Lu, L., Li, Z., Wu, Z., Lee, W., Jiang, G.: Chex: statically vetting android apps for component hijacking vulnerabilities. In: Proc. of CCS 2012 (2012)

    Google Scholar 

  25. Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission modeland enforcement with user-defined runtime constraints. In: Proc. of AsiaCCS 2010 (2010)

    Google Scholar 

  26. Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in android. In: Proc. of ACSAC 2009 (2009)

    Google Scholar 

  27. Pearce, P., Felt, A.P., Nunez, G., Wagner, D.: Addroid: privilege separation forapplications and advertisers in android. In: Proc. of AsiaCCS 2012 (2012)

    Google Scholar 

  28. Poeplau, S., Fratantonio, Y., Bianchi, A., Kruegel, C., Vigna, G.: Executethis! analyzing unsafe and malicious dynamic code loading in android applications. In: Proc. of NDSS 2014 (2014)

    Google Scholar 

  29. Roesner, F., Kohno, T., Moshchuk, A., Parno, B., Wang, H., Cowan, C.: User-driven access control: rethinking permission granting in modern operating systems. In: Proc. of SP 2012 (2012)

    Google Scholar 

  30. Rohrer, F., Zhang, Y., Chitkushev, L., Zlateva, T.: Dr baca: dynamic role based access control for android. In: Prof. of ACSAC 2013 (2013)

    Google Scholar 

  31. Shekhar, S., Dietz, M., Wallach, D.S.: Adsplit: separating smartphoneadvertising from applications. In: Proc. of USENIX Security 2012 (2012)

    Google Scholar 

  32. Singh, K.: Practical context-aware permission control for hybrid mobile applications. In: Proc. of RAID 2013 (2013)

    Google Scholar 

  33. Smalley, S., Craig, R.: Security enhanced (se) android: bringing flexible mac toandroid. In: Proc. of NDSS 2013 (2013)

    Google Scholar 

  34. Sun, M., Tan, G.: Nativeguard: protecting android applications from third-party nativelibraries. In: Proc. of WiSec 2014 (2014)

    Google Scholar 

  35. Wang, Y., Hariharan, S., Zhao, C., Liu, J., Du, W.: Compac: enforcecomponent-level access control in android. In: Proc. of CODASPY 2014 (2014)

    Google Scholar 

  36. Wu, L., Grace, M., Zhou, Y., Wu, C., Jiang, X.: The impact of vendor customizations on android security. In: Proc. of CCS 2013 (2013)

    Google Scholar 

  37. Xu, R., Saidi, H., Anderson, R.: Aurasium: practical policy enforcement forandroid applications. In: Proc. of USENIX Security 2012 (2012)

    Google Scholar 

  38. Zhang, M., Yin, H.: AppSealer: automatic generation of vulnerability-specificpatches for preventing component hijacking attacks in android applications. In: Proc. ofNDSS 2014 (2014)

    Google Scholar 

  39. Zhang, X., Ahlawat, A., Du, W.: Aframe: isolating advertisements from mobile applications in android. In: Proc. of ACSAC 2013 (2013)

    Google Scholar 

  40. Zhang, Y., Yang, M., Xu, B., Yang, Z., Gu, G., Ning, P., Wang, X.S., Zang, B.: Vetting undesirable behaviors in android apps with permission use analysis. In: Proc. of CCS 2013 (2013)

    Google Scholar 

  41. Zhou, Y., Jiang, X.: Detecting passive content leaks and pollution in androidapplications. In: Proc. of NDSS 2013 (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, Fudan University, Shanghai, China

    Yuan Zhang & Min Yang

  2. Shanghai Key Laboratory of Data Science, Fudan University, Shanghai, China

    Yuan Zhang & Min Yang

  3. SUCCESS Lab, Teax A&M University, College Station, USA

    Guofei Gu

  4. University of California, Davis, USA

    Hao Chen

Authors
  1. Yuan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Min Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Guofei Gu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hao Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yuan Zhang .

Editor information

Editors and Affiliations

  1. The University of Texas at Dallas, Richardson, Texas, USA

    Bhavani Thuraisingham

  2. Indiana University at Bloomington, Bloomington, Indiana, USA

    XiaoFeng Wang

  3. SRI International, Menlo Park, California, USA

    Vinod Yegneswaran

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Zhang, Y., Yang, M., Gu, G., Chen, H. (2015). FineDroid: Enforcing Permissions with System-Wide Application Execution Context. In: Thuraisingham, B., Wang, X., Yegneswaran, V. (eds) Security and Privacy in Communication Networks. SecureComm 2015. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 164. Springer, Cham. https://doi.org/10.1007/978-3-319-28865-9_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-28865-9_1

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-28864-2

  • Online ISBN: 978-3-319-28865-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation