Practical and lightweight domain isolation on Android

Authors:
Sven Bugiel;Lucas Davi;Alexandra Dmitrienko;Stephan Heuser;Ahmad-Reza Sadeghi;Bhargava Shastry
Affiliations:
Technische Universität Darmstadt, Darmstadt, Germany;Technische Universität Darmstadt, Darmstadt, Germany;Fraunhofer SIT, Darmstadt, Germany;Fraunhofer SIT, Darmstadt, Germany;Technische Universität Darmstadt, Darmstadt, Germany;Fraunhofer SIT, Darmstadt, Germany
Venue:
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Year:
2011

Citing 22
Cited 18

Design and verification of secure systems

SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
A trusted mobile phone reference architecturevia secure kernel

Proceedings of the 2007 ACM workshop on Scalable trusted computing
Trusted computing building blocks for embedded linux-based ARM trustzone platforms

Proceedings of the 3rd ACM workshop on Scalable trusted computing
Understanding Android Security

IEEE Security and Privacy
Dynamic mandatory access control for multiple stakeholders

Proceedings of the 14th ACM symposium on Access control models and technologies
On lightweight mobile phone application certification

Proceedings of the 16th ACM conference on Computer and communications security
Trust in a small package: minimized MRTM software implementation for mobile secure environments

Proceedings of the 2009 ACM workshop on Scalable trusted computing
Semantically Rich Application-Centric Security in Android

ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Apex: extending Android permission model and enforcement with user-defined runtime constraints

ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Securing Android-Powered Mobile Devices Using SELinux

IEEE Security and Privacy
SecureMyDroid: enforcing security in the mobile devices lifecycle

Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Beyond kernel-level integrity measurement: enabling remote attestation for the android platform

TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Towards a trusted mobile desktop

TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
The VMware mobile virtualization platform: is that a hypervisor in your pocket?

ACM SIGOPS Operating Systems Review
Porscha: policy oriented secure content handling in Android

Proceedings of the 26th Annual Computer Security Applications Conference
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones

OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Adapting software fault isolation to contemporary CPU architectures

USENIX Security'10 Proceedings of the 19th USENIX conference on Security
SEIP: simple and efficient integrity protection for open mobile platforms

ICICS'10 Proceedings of the 12th international conference on Information and communications security
CRePE: context-related policy enforcement for android

ISC'10 Proceedings of the 13th international conference on Information security
Privilege escalation attacks on android

ISC'10 Proceedings of the 13th international conference on Information security
Permission re-delegation: attacks and defenses

SEC'11 Proceedings of the 20th USENIX conference on Security
Trusted virtual domains on OKL4: secure information sharing on smartphones

Proceedings of the sixth ACM workshop on Scalable trusted computing

Trusted virtual domains on OKL4: secure information sharing on smartphones

Proceedings of the sixth ACM workshop on Scalable trusted computing
An amulet for trustworthy wearable mHealth

Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications
Defending users against smartphone apps: techniques and future directions

ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Unsafe exposure analysis of mobile in-app advertisements

Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
MOSES: supporting operation modes on smartphones

Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Aurasium: practical policy enforcement for Android applications

Security'12 Proceedings of the 21st USENIX conference on Security symposium
SmartTokens: delegable access control with NFC-Enabled smartphones

TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Dr. Android and Mr. Hide: fine-grained permissions in android applications

Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Know your enemy: the risk of unauthorized access in smartphones by insiders

Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services
Native code execution control for attack mitigation on android

Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors

Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Crossover: secure and usable user interface for mobile devices with multiple isolated OS personalities

Proceedings of the 29th Annual Computer Security Applications Conference
DR BACA: dynamic role based access control for Android

Proceedings of the 29th Annual Computer Security Applications Conference
FireDroid: hardening security in almost-stock Android

Proceedings of the 29th Annual Computer Security Applications Conference
Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies

SEC'13 Proceedings of the 22nd USENIX conference on Security
Compac: enforce component-level access control in android

Proceedings of the 4th ACM conference on Data and application security and privacy
DroidBarrier: know what is executing on your android

Proceedings of the 4th ACM conference on Data and application security and privacy
A taxonomy of privilege escalation attacks in Android applications

International Journal of Security and Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we introduce a security framework for practical and lightweight domain isolation on Android to mitigate unauthorized data access and communication among applications of different trust levels (e.g., private and corporate). We present the design and implementation of our framework, TrustDroid, which in contrast to existing solutions enables isolation at different layers of the Android software stack: (1) at the middleware layer to prevent inter-domain application communication and data access, (2) at the kernel layer to enforce mandatory access control on the file system and on Inter-Process Communication (IPC) channels, and (3) at the network layer to mediate network traffic. For instance, (3) allows network data to be only read by a particular domain, or enables basic context-based policies such as preventing Internet access by untrusted applications while an employee is connected to the company's network. Our approach accurately addresses the demands of the business world, namely to isolate data and applications of different trust levels in a practical and lightweight way. Moreover, our solution is the first leveraging mandatory access control with TOMOYO Linux on a real Android device (Nexus One). Our evaluation demonstrates that TrustDroid only adds a negligible overhead, and in contrast to contemporary full virtualization, only minimally affects the battery's life-time.