History-based access control for mobile code
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
TrustedBSD: Adding Trusted Operating System Features to FreeBSD
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
Mobile Phones as Computing Devices: The Viruses are Coming!
IEEE Pervasive Computing
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Can you infect me now?: malware propagation in mobile phone networks
Proceedings of the 2007 ACM workshop on Recurring malcode
A systematic approach for cell-phone worm containment
Proceedings of the 17th international conference on World Wide Web
Stealthy video capturer: a new video-based spyware in 3G smartphones
Proceedings of the second ACM conference on Wireless network security
VirusMeter: Preventing Your Cellphone from Spies
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
pBMDS: a behavior-based malware detection system for cellphone devices
Proceedings of the third ACM conference on Wireless network security
Context-aware dynamic security configuration for mobile communication device
NTMS'09 Proceedings of the 3rd international conference on New technologies, mobility and security
Exploitation and threat analysis of open mobile devices
Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
SEIP: simple and efficient integrity protection for open mobile platforms
ICICS'10 Proceedings of the 12th international conference on Information and communications security
L4Android: a generic operating system framework for secure smartphones
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Defending users against smartphone apps: techniques and future directions
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Challenges for dynamic analysis of iOS applications
iNetSec'11 Proceedings of the 2011 IFIP WG 11.4 international conference on Open Problems in Network Security
Quantifying and Classifying Covert Communications on Android
Mobile Networks and Applications
| Hi-index | 0.00 |
Wireless devices that integrate the functionality of PDAs and cell phones are becoming commonplace, making different types of network services available to mobile applications. However, the integration of different services allows an attacker to cross service boundaries. For example, an attack carried out through the wireless network interface may eventually provide access to the phone functionality. This type of attacks can cause considerable damage because some of the services (e.g., the GSM-based services) charge the user based on the traffic or time of use. In this paper, we demonstrate the feasibility of these attacks by developing a proof-of-concept exploit that crosses service boundaries. To address these security issues, we developed a solution based on resource labeling. We modified the kernel of an integrated wireless device so that processes and files are marked in a way that allows one to regulate the access to different system resources. Labels are set when certain network services are accessed. The labeling is then transferred between processes and system resources as a result of either access or execution. We also defined a language for creating labeling rules, and demonstrated how the system can be used to prevent attacks that attempt to cross service boundaries. Experimental evaluation shows that the implementation introduces little overhead. Our security solution is orthogonal to other protection schemes and provides a critical defense for the growing problem of cell phone viruses and worms