Towards permission-based attestation for the Android platform

Authors:
Ingo Bente;Gabi Dreo;Bastian Hellmann;Stephan Heuser;Joerg Vieweg;Josef von Helden;Johannes Westhuis
Affiliations:
Trust@FHH Research Group, Fachhochschule Hannover - University of Applied Sciences and Arts in Hannover;Universitaet der Bundeswehr Muenchen;Trust@FHH Research Group, Fachhochschule Hannover - University of Applied Sciences and Arts in Hannover;Fraunhofer SIT, Darmstadt;Trust@FHH Research Group, Fachhochschule Hannover - University of Applied Sciences and Arts in Hannover;Trust@FHH Research Group, Fachhochschule Hannover - University of Applied Sciences and Arts in Hannover;Trust@FHH Research Group, Fachhochschule Hannover - University of Applied Sciences and Arts in Hannover
Venue:
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Year:
2011

Citing 5
Cited 1

Property-based attestation for computing platforms: caring about properties, not mechanisms

NSPW '04 Proceedings of the 2004 workshop on New security paradigms
A Software-Based Trusted Platform Module Emulator

Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Stealthy video capturer: a new video-based spyware in 3G smartphones

Proceedings of the second ACM conference on Wireless network security
Defending against sensor-sniffing attacks on mobile phones

Proceedings of the 1st ACM workshop on Networking, systems, and applications for mobile handhelds
On lightweight mobile phone application certification

Proceedings of the 16th ACM conference on Computer and communications security

A flexible software development and emulation framework for ARM trustzone

INTRUST'11 Proceedings of the Third international conference on Trusted Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose a new attestation approach for the Android platform that integrates Trusted Computing concepts and Android's permission-based access control features. Recent research in the field of mobile security has shown that malware is a real threat. Trusted Computing in general and especially the concept of remote attestation can be leveraged to counter both the dissemination and the potential impact of such malware. However, current attestation approaches are not well suited for mobile platforms and crucial Trusted Computing components are still missing for them. Our approach introduces the necessary Trusted Computing building blocks for the Android platform. Furthermore, we detail how the permissions that are used by an Android phone's installed apps can be attested to a remote party at runtime. Additionally, we highlight areas that are subject of future work.