IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
The inlined reference monitor approach to security policy enforcement
The inlined reference monitor approach to security policy enforcement
Dr. Android and Mr. Hide: fine-grained permissions in android applications
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Easily instrumenting android applications for security purposes
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
SEC'13 Proceedings of the 22nd USENIX conference on Security
Compac: enforce component-level access control in android
Proceedings of the 4th ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
The success of Android phones makes them a prominent target for malicious software, in particular since the Android permission system turned out to be inadequate to protect the user against security and privacy threats. This work presents AppGuard, a powerful and flexible system for the enforcement of user-customizable security policies on untrusted Android applications. AppGuard does not require any changes to a smartphone's firmware or root access. Our system offers complete mediation of security-relevant methods based on callee-site inline reference monitoring. We demonstrate the general applicability of AppGuard by several case studies, e.g., removing permissions from overly curious apps as well as defending against several recent real-world attacks on Android phones. Our technique exhibits very little space and runtime overhead. AppGuard is publicly available, has been invited to the Samsung Apps market, and has had more than 500,000 downloads so far.