Run-Time Enforcement of Information-Flow Properties on Android

(Extended Abstract)
  • Limin Jia
  • Jassim Aljuraidan
  • Elli Fragkaki
  • Lujo Bauer
  • Michael Stroucken
  • Kazuhide Fukushima
  • Shinsaku Kiyomoto
  • Yutaka Miyake
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8134)


Recent years have seen a dramatic increase in the number and importance of mobile devices. The security properties that these devices provide to their applications, however, are inadequate to protect against many undesired behaviors. A broad class of such behaviors is violations of simple information-flow properties. This paper proposes an enforcement system that permits Android applications to be concisely annotated with information-flow policies, which the system enforces at run time. Information-flow constraints are enforced both between applications and between components within applications, aiding developers in implementing least privilege. We model our enforcement system in detail using a process calculus, and use the model to prove noninterference. Our system and model have a number of useful and novel features, including support for Android’s single- and multiple-instance components, floating labels, declassification and endorsement capabilities, and support for legacy applications. We have developed a prototype of our system on Android 4.0.4 and tested it on a Nexus S phone, verifying that it can enforce practically useful policies that can be implemented with minimal modification to off-the-shelf applications.


Shared State Secrecy Label Android Application Integrity Label Enforcement System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aljuraidan, J., Fragkaki, E., Bauer, L., Jia, L., Fukushima, K., Kiyomoto, S., Miyake, Y.: Run-time enforcement of information-flow properties on Android. Technical Report CMU-CyLab-12-015, Carnegie Mellon University (2012)Google Scholar
  2. 2.
    Arden, O., George, M.D., Liu, J., Vikram, K., Askarov, A., Myers, A.C.: Sharing mobile code securely with information flow control. In: Proc. IEEE S&P (2012)Google Scholar
  3. 3.
    Austin, T.H., Flanagan, C.: Multiple facets for dynamic information flow. In: Proc. POPL (2012)Google Scholar
  4. 4.
    Bohannon, A., Pierce, B.C., Sjöberg, V., Weirich, S., Zdancewic, S.: Reactive noninterference. In: Proc. CCS (2009)Google Scholar
  5. 5.
    Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R., Shastry, B.: Towards taming privilege-escalation attacks on Android. In: Proc. NDSS (2012)Google Scholar
  6. 6.
    Chaudhuri, A.: Language-based security on Android. In: Proc. PLAS (2009)Google Scholar
  7. 7.
    Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: Proc. MobiSys (2011)Google Scholar
  8. 8.
    Chudnov, A., Naumann, D.A.: Information flow monitor inlining. In: Proc. IEEE CSF (2010)Google Scholar
  9. 9.
    Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege escalation attacks on Android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 346–360. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., Wallach, D.S.: Quire: Lightweight provenance for smart phone operating systems. In: Proc. USENIX Sec. (2011)Google Scholar
  11. 11.
    Enck, W., Gilbert, P., gon Chun, B., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In: Proc. OSDI (2010)Google Scholar
  12. 12.
    Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of Android application security. In: Proc. USENIX Sec. (2011)Google Scholar
  13. 13.
    Felt, A.P., Wang, H., Moshchuk, A., Hanna, S., Chin, E.: Permission re-delegation: Attacks and defenses. In: Proc. USENIX Sec. (2011)Google Scholar
  14. 14.
    Focardi, R., Gorrieri, R.: A classification of security properties for process algebras. J. of Comput. Secur. 3, 5–33 (1994)Google Scholar
  15. 15.
    Fragkaki, E., Bauer, L., Jia, L., Swasey, D.: Modeling and enhancing android’s permission system. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 1–18. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  16. 16.
    Hedin, D., Sabelfeld, A.: Information-flow security for a core of JavaScript. In: Proc. IEEE CSF (2012)Google Scholar
  17. 17.
    Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: Retrofitting Android to protect data from imperious applications. In: Proc. CCS (2011)Google Scholar
  18. 18.
    Krohn, M., Tromer, E.: Noninterference for a practical DIFC-based operating system. In: Proc. IEEE S&P (2009)Google Scholar
  19. 19.
    Krohn, M., Yip, A., Brodsky, M., Cliffer, N., Kaashoek, M.F., Kohler, E., Morris, R.: Information flow control for standard OS abstractions. In: Proc. SOSP (2007)Google Scholar
  20. 20.
    Loftus, J.: DefCon dings reveal Google product security risks (2011), (accessed July 10, 2012)
  21. 21.
    Marforio, C., Francillon, A., Čapkun, S.: Application collusion attack on the permission-based security model and its implications for modern smartphone systems. Technical Report 724, ETH Zurich (April 2011)Google Scholar
  22. 22.
    Moore, S., Chong, S.: Static analysis for efficient hybrid information-flow control. In: Proc. IEEE CSF (2011)Google Scholar
  23. 23.
    Myers, A.C.: Practical mostly-static information flow control. In: Proc. POPL (1999)Google Scholar
  24. 24.
    Nauman, M., Khan, S., Zhang, X.: Apex: extending Android permission model and enforcement with user-defined runtime constraints. In: Proc. ASIACCS (2010)Google Scholar
  25. 25.
    NTT Data Corporation: TOMOYO Linux (2012), (accessed April 10, 2012)
  26. 26.
    Ongtang, M., McLaughlin, S.E., Enck, W., McDaniel, P.D.: Semantically rich application-centric security in Android. In: Proc. ACSAC (2009)Google Scholar
  27. 27.
    Passeri, P.: One year of Android malware (full list) (2011), (accessed July 10, 2012)
  28. 28.
    Rafnsson, W., Sabelfeld, A.: Limiting information leakage in event-based communication. In: Proc. PLAS (2011)Google Scholar
  29. 29.
    Russo, A., Sabelfeld, A.: Dynamic vs. static flow-sensitive security analysis. In: Proc. IEEE CSF (2010)Google Scholar
  30. 30.
    Ryan, P.Y.A., Schneider, S.A.: Process algebra and non-interference. J. Comput. Secur. 9(1-2) (2001)Google Scholar
  31. 31.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal Sel. Area. Comm. 21(1), 5–19 (2003)CrossRefGoogle Scholar
  32. 32.
    Schlegel, R., Zhang, K., Zhou, X., Intwala, M., Kapadia, A., Wang, X.: Soundcomber: A stealthy and context-aware sound trojan for smartphones. In: Proc. NDSS (2011)Google Scholar
  33. 33.
    Shin, W., Kiyomoto, S., Fukushima, K., Tanaka, T.: A formal model to analyze the permission authorization and enforcement in the Android framework. In: Proc. SocialCom/PASSAT (2010)Google Scholar
  34. 34.
    Shin, W., Kwak, S., Kiyomoto, S., Fukushima, K., Tanaka, T.: A small but non-negligible flaw in the Android permission scheme. In: Proc. POLICY (2010)Google Scholar
  35. 35.
    Yip, A., Wang, X., Zeldovich, N., Kaashoek, M.F.: Improving application security with data flow assertions. In: Proc. SOSP (2009)Google Scholar
  36. 36.
    Zeldovich, N., Boyd-Wickizer, S., Kohler, E., Mazières, D.: Making information flow explicit in HiStar. In: Proc. OSDI (2006)Google Scholar
  37. 37.
    Zeldovich, N., Boyd-Wickizer, S., Mazières, D.: Securing distributed systems with information flow control. In: Proc. NSDI (2008)Google Scholar
  38. 38.
    Zhang, D., Askarov, A., Myers, A.C.: Language-based control and mitigation of timing channels. In: Proc. PLDI (2012)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Limin Jia
    • 1
  • Jassim Aljuraidan
    • 1
  • Elli Fragkaki
    • 1
  • Lujo Bauer
    • 1
  • Michael Stroucken
    • 1
  • Kazuhide Fukushima
    • 2
  • Shinsaku Kiyomoto
    • 2
  • Yutaka Miyake
    • 2
  1. 1.Carnegie Mellon UniversityPittsburghUSA
  2. 2.KDDI R&D Laboratories, Inc.TokyoJapan

Personalised recommendations