Reducing attack surfaces for intra-application communication in android

Authors:
David Kantola;Erika Chin;Warren He;David Wagner
Affiliations:
University of California, Berkeley, Berkeley, CA, USA;University of California, Berkeley, Berkeley, CA, USA;University of California, Berkeley, Berkeley, CA, USA;University of California, Berkeley, Berkeley, CA, USA
Venue:
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Year:
2012

Citing 11
Cited 2

Robust defenses for cross-site request forgery

Proceedings of the 15th ACM conference on Computer and communications security
Semantically Rich Application-Centric Security in Android

ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones

OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Privilege escalation attacks on android

ISC'10 Proceedings of the 13th international conference on Information security
Analyzing inter-application communication in Android

MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
A study of android application security

SEC'11 Proceedings of the 20th USENIX conference on Security
Permission re-delegation: attacks and defenses

SEC'11 Proceedings of the 20th USENIX conference on Security
Quire: lightweight provenance for smart phone operating systems

SEC'11 Proceedings of the 20th USENIX conference on Security
Android permissions demystified

Proceedings of the 18th ACM conference on Computer and communications security
These aren't the droids you're looking for: retrofitting android to protect data from imperious applications

Proceedings of the 18th ACM conference on Computer and communications security
An empirical study of the robustness of Inter-component Communication in Android

DSN '12 Proceedings of the 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

A taxonomy of privilege escalation attacks in Android applications

International Journal of Security and Networks
Automatic detection of inter-application permission leaks in Android applications

IBM Journal of Research and Development

Quantified Score

Hi-index	0.00

Visualization

Abstract

The complexity of Android's message-passing system has led to numerous vulnerabilities in third-party applications. Many of these vulnerabilities are a result of developers confusing inter-application and intra-application communication mechanisms. Consequently, we propose modifications to the Android platform to detect and protect inter-application messages that should have been intra-application messages. Our approach automatically reduces attack surfaces in legacy applications. We describe our implementation for these changes and evaluate it based on the attack surface reduction and the extent to which our changes break compatibility with a large set of popular applications. We fix 100% of intra-application vulnerabilities found in our previous work, which represents 31.4% of the total security flaws found in that work. Furthermore, we find that 99.4% and 93.0% of Android applications are compatible with our sending and receiving changes, respectively.