Practical and lightweight domain isolation on android

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2011, Pages 51-62

  Bugiel, Sven ^a   Davi, Lucas ^a   Dmitrienko, Alexandra ^b   Heuser, Stephan ^b   Sadeghi, Ahmad Reza ^a,b   Shastry, Bhargava ^b  

^a DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

^b FRAUNHOFER INSTITUTE FOR SECURE INFORMATION TECHNOLOGY SIT   (Germany)

Author keywords

access control; android; domain isolation; enterprise

Indexed keywords

ANDROID; CONTEXT-BASED; DATA ACCESS; DOMAIN ISOLATION; ENTERPRISE; FILE SYSTEMS; INTER-DOMAIN; INTERNET ACCESS; INTERPROCESS COMMUNICATION; KERNEL LAYER; LIFE-TIMES; MANDATORY ACCESS CONTROL; MIDDLEWARE LAYER; NETWORK DATA; NETWORK TRAFFIC; SECURITY FRAMEWORKS; SOFTWARE STACKS; TRUST LEVEL; VIRTUALIZATIONS;

COMMUNICATION; COMPUTER OPERATING SYSTEMS; COMPUTER PRIVACY; MIDDLEWARE; MOBILE DEVICES; NETWORK LAYERS; PORTABLE EQUIPMENT; ROBOTS; SECURITY SYSTEMS;

ACCESS CONTROL;

EID: 80755127062     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2046614.2046624     Document Type: Conference Paper

References (46)

1. enterproid. http://www.enterproid.com/.
2. ARM. TrustZone technology overview. http://www.arm.com/products/security/ trustzone/index.html.
3. K. Barr, P. Bungale, S. Deasy, V. Gyuris, P. Hung, C. Newell, H. Tuch, and B. Zoppis. The VMware mobile virtualization platform: is that a hypervisor in your pocket? SIGOPS Operating Systems Review, 2010.
4. T. Bradley. DroidDream becomes Android market nightmare. http://www.pcworld.com/ businesscenter/article/221247/droiddream-becomes- android-market-nightmare.html, 2011.
5. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A.-R. Sadeghi. XManDroid: A new Android evolution to mitigate privilege escalation attacks. Technical Report TR-2011-04, Technische Universität Darmstadt, 2011.
6. P. Carton. New burst of momentum for Google Android OS. http://www.investorplace.com/18151/google-android-os-major-corporate-smart- phone-winner/, 2010.
7. M. Conti, V. T. N. Nguyen, and B. Crispo. CRePE: Context-related policy enforcement for Android. In 13th Information Security Conference (ISC), 2010.
8. N. Daisuke and G. L. Tona. Tomoyo-android: TOMOYO Linux on Android. http://code.google.com/p/tomoyo-android/.
9. L. Davi, A. Dmitrienko, C. Kowalski, and M. Winandy. Trusted virtual domains on OKL4: Secure information sharing on smartphones. In 6th ACM Workshop on Scalable Trusted Computing (STC), 2011.
10. L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy. Privilege escalation attacks on Android. In 13th Information Security Conference (ISC), 2010.
11. A. Distefano, A. Grillo, A. Lentini, and G. F. Italiano. SecureMyDroid: enforcing security in the mobile devices lifecycle. In ACM CSIIRW, 2010.
12. A. Dmitrienko, K. Eriksson, D. Kuhlmann, G. Ramunno, A.-R. Sadeghi, S. Schulz, M. Schunter, M. Winandy, L. Catuogno, and J. Zhan. Trusted Virtual Domains { design, implementation and lessons learned. In INTRUST, 2009.
13. J.-E. Ekberg and S. Bugiel. Trust in a small package: Minimized MRTM software implementation for mobile secure environments. In 4th ACM Workshop on Scalable Trusted Computing (STC), 2009.
14. W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2010.
15. W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification. In 16th ACM Conference on Computer and Communications Security (CCS), 2009.
16. W. Enck, M. Ongtang, and P. McDaniel. Understanding Android security. IEEE Security and Privacy Magazine, 2009.
17. A. P. Felt, H. Wang, A. Moshchuk, S. Hanna, and E. Chin. Permission re-delegation: Attacks and defenses. In USENIX Security Symposium, 2011.
18. Gartner Inc. http://www.gartner.com/it/page.jsp?id=1689814, 2011.
19. D. Goodin. Android bugs let attackers install malware without warning. http://www.theregister.co.uk/2010/11/10/android-malware-attacks/, 2010.
20. Google. The Android developer's guide - Android Manifest permissions. http://developer.android. com/reference/android/Manifest.permission.html, 2010.
21. Google Inc. Google Android. http://www.android.com/.
22. T. Harada, T. Horie, and K. Tanaka. Task Oriented Management Obviates Your Onus on Linux. In Linux Conference, 2004.
23. J.-Y. Hwang, S.-B. Suh, S.-K. Heo, C.-J. Park, J.-M. Ryu, S.-Y. Park, and C.-R. Kim. Xen on ARM: System virtualization using Xen hypervisor for ARM-based secure mobile phones. In IEEE CCNC, Jan. 2008.
24. A. Lineberry, D. L. Richardson, and T. Wyatt. These aren't the permissions you're looking for. BlackHat USA 2010. http://dtors.files.wordpress. com/ 2010/08/blackhat-2010-slides.pdf, 2010.
25. Lookout Mobile Security. Security alert: Geinimi, sophisticated new Android Trojan found in wild. http://blog.mylookout.com/2010/12/geinimi-trojan/, 2010.
26. National Security Agency. Security-Enhanced Linux. http://www.nsa.gov/ research/selinux.
27. M. Nauman, S. Khan, and X. Zhang. Apex: Extending Android permission model and enforcement with user-defined runtime constraints. In ACM ASIACCS, 2010.
28. M. Nauman, S. Khan, X. Zhang, and J.-P. Seifert. Beyond kernel-level integrity measurement: Enabling remote attestation for the Android platform. In TRUST, 2010.
29. Nils. Building Android sandcastles in Android's sandbox. BlackHat Abu Dhabi 2010. https://media.blackhat.com/bh-ad-10/Nils/Black- Hat-AD-2010-android- sandcastle-wp.pdf, 2010.
30. J. Oberheide. Android Hax. SummerCon 2010. http://jon.oberheide.org/ files/summercon10-androidhax-jonoberheide.pdf, 2010.
31. M. Ongtang, K. Butler, and P. McDaniel. Porscha: Policy oriented secure content handling in Android. In ACSAC, 2010.
32. M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel. Semantically rich application-centric security in Android. In ACSAC, 2009.
33. Open Kernel Labs. Ok:android. http://www.ok-labs.com/products/ok-android.
34. Palm Source, Inc. Open Binder. Version 1. http://www.angryredplanet.com/ ~hackbod/ openbinder/docs/html/index.html, 2005.
35. V. Rao and T. Jaeger. Dynamic mandatory access control for multiple stakeholders. In ACM Symposium on Access Control Models and Technologies (SACMAT), 2009.
36. J. M. Rushby. Design and verification of secure systems. In 8th ACM Symposium on Operating System Principles (SOSP), 1981.
37. R. Schlegel, K. Zhang, X. Zhou, M. Intwala, A. Kapadia, and X. Wang. Soundcomber: A stealthy and context-aware sound trojan for smartphones. In 18th Annual Network and Distributed System Security Conference (NDSS), 2011.
38. D. Sehr, R. Muth, C. Biffle, V. Khimenko, E. Pasko, K. Schimpf, B. Yee, and B. Chen. Adapting software fault isolation to contemporary CPU architectures. In USENIX Security Symposium, 2010.
39. M. Selhorst, C. Stüble, F. Feldmann, and U. Gnaida. Towards a trusted mobile desktop. In TRUST, 2010.
40. A. Shabtai, Y. Fledel, and Y. Elovici. Securing Android-powered mobile devices using SELinux. IEEE Security and Privacy Magazine, 2010.
41. J. Srage and J. Azema. M-Shield mobile security technology, 2005. TI White paper. http://focus.ti. com/pdfs/wtbu/ti-mshield-whitepaper.pdf.
42. Trusted Computing Group. Mobile Trusted Module Specification. Version 1.0 Revision 6, 26 June 2008.
43. Trusted Computing Group (TCG). TNC Architecture for Interoperability, Version 1.4, Revision 4, 2009.
44. J. Winter. Trusted computing building blocks for embedded linux-based ARM trustzone platforms. In 3rd ACM Workshop on Scalable Trusted Computing (STC), 2008.
45. X. Zhang, O. Aciiçmez, and J.-P. Seifert. A trusted mobile phone reference architecture via secure kernel. In 2nd ACM Workshop on Scalable Trusted Computing (STC), 2007.
46. X. Zhang, J.-P. Seifert, and O. Aciiçmez. SEIP: simple and efficient integrity protection for open mobile platforms. In 12th International Conference on Information and Communications Security (ICICS), 2010.