Design and verification of secure systems
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
A trusted mobile phone reference architecturevia secure kernel
Proceedings of the 2007 ACM workshop on Scalable trusted computing
Trusted computing building blocks for embedded linux-based ARM trustzone platforms
Proceedings of the 3rd ACM workshop on Scalable trusted computing
Understanding Android Security
IEEE Security and Privacy
Dynamic mandatory access control for multiple stakeholders
Proceedings of the 14th ACM symposium on Access control models and technologies
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Trust in a small package: minimized MRTM software implementation for mobile secure environments
Proceedings of the 2009 ACM workshop on Scalable trusted computing
Semantically Rich Application-Centric Security in Android
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Apex: extending Android permission model and enforcement with user-defined runtime constraints
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Securing Android-Powered Mobile Devices Using SELinux
IEEE Security and Privacy
SecureMyDroid: enforcing security in the mobile devices lifecycle
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Beyond kernel-level integrity measurement: enabling remote attestation for the android platform
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Towards a trusted mobile desktop
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
The VMware mobile virtualization platform: is that a hypervisor in your pocket?
ACM SIGOPS Operating Systems Review
Porscha: policy oriented secure content handling in Android
Proceedings of the 26th Annual Computer Security Applications Conference
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Adapting software fault isolation to contemporary CPU architectures
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
SEIP: simple and efficient integrity protection for open mobile platforms
ICICS'10 Proceedings of the 12th international conference on Information and communications security
CRePE: context-related policy enforcement for android
ISC'10 Proceedings of the 13th international conference on Information security
Privilege escalation attacks on android
ISC'10 Proceedings of the 13th international conference on Information security
Permission re-delegation: attacks and defenses
SEC'11 Proceedings of the 20th USENIX conference on Security
Trusted virtual domains on OKL4: secure information sharing on smartphones
Proceedings of the sixth ACM workshop on Scalable trusted computing
Trusted virtual domains on OKL4: secure information sharing on smartphones
Proceedings of the sixth ACM workshop on Scalable trusted computing
An amulet for trustworthy wearable mHealth
Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications
Defending users against smartphone apps: techniques and future directions
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Unsafe exposure analysis of mobile in-app advertisements
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
MOSES: supporting operation modes on smartphones
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Aurasium: practical policy enforcement for Android applications
Security'12 Proceedings of the 21st USENIX conference on Security symposium
SmartTokens: delegable access control with NFC-Enabled smartphones
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Dr. Android and Mr. Hide: fine-grained permissions in android applications
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Know your enemy: the risk of unauthorized access in smartphones by insiders
Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services
Native code execution control for attack mitigation on android
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Proceedings of the 29th Annual Computer Security Applications Conference
DR BACA: dynamic role based access control for Android
Proceedings of the 29th Annual Computer Security Applications Conference
FireDroid: hardening security in almost-stock Android
Proceedings of the 29th Annual Computer Security Applications Conference
SEC'13 Proceedings of the 22nd USENIX conference on Security
Compac: enforce component-level access control in android
Proceedings of the 4th ACM conference on Data and application security and privacy
DroidBarrier: know what is executing on your android
Proceedings of the 4th ACM conference on Data and application security and privacy
A taxonomy of privilege escalation attacks in Android applications
International Journal of Security and Networks
Hi-index | 0.00 |
In this paper, we introduce a security framework for practical and lightweight domain isolation on Android to mitigate unauthorized data access and communication among applications of different trust levels (e.g., private and corporate). We present the design and implementation of our framework, TrustDroid, which in contrast to existing solutions enables isolation at different layers of the Android software stack: (1) at the middleware layer to prevent inter-domain application communication and data access, (2) at the kernel layer to enforce mandatory access control on the file system and on Inter-Process Communication (IPC) channels, and (3) at the network layer to mediate network traffic. For instance, (3) allows network data to be only read by a particular domain, or enables basic context-based policies such as preventing Internet access by untrusted applications while an employee is connected to the company's network. Our approach accurately addresses the demands of the business world, namely to isolate data and applications of different trust levels in a practical and lightweight way. Moreover, our solution is the first leveraging mandatory access control with TOMOYO Linux on a real Android device (Nexus One). Our evaluation demonstrates that TrustDroid only adds a negligible overhead, and in contrast to contemporary full virtualization, only minimally affects the battery's life-time.