Analysis of the communication between colluding applications on modern Smartphones

ACM International Conference Proceeding Series

Volumn , Issue , 2012, Pages 51-60

  Marforio, Claudio ^a   Ritzdorf, Hubert ^a   Francillon, Aurélien ^b   Capkun, Srdjan ^a  

^a ETH ZURICH   (Switzerland)

^b EURECOM   (France)

Author keywords

[No Author keywords available]

Indexed keywords

COVERT CHANNELS; INFORMATION FLOWS; MOBILE PLATFORM; PERMISSION-BASED SECURITY; RESEARCH COMMUNITIES; RESEARCH TOOLS; SAMSUNG; SENSITIVE INFORMATIONS;

COMMUNICATION CHANNELS (INFORMATION THEORY); DATA COMMUNICATION SYSTEMS; NETWORK SECURITY; SECURITY SYSTEMS; TELEPHONE SETS; THROUGHPUT;

SMARTPHONES;

EID: 84872117493     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2420950.2420958     Document Type: Conference Paper

References (36)

1. J. Anderson, J. Bonneau, and F. Stajano. Inglorious Installers: Security in the Application Marketplace. In Workshop on the Economics of Information Security, WEIS '10, 2010.
2. D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji. A methodology for empirical analysis of permission-based security models and its application to Android. In Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS '10, pages 73-84, New York, NY, USA, 2010. ACM.
3. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A.-R. Sadeghi. XManDroid: A new Android evolution to mitigate privilege escalation attacks. Technical Report TR-2011-04, Technische Universität Darmstadt, April 2011.
4. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry. Towards taming privilege-escalation attacks on Android. In Proceedings of the 19th Annual Network and Distributed System Security Symposium, NDSS '12, February 2012.
5. J. Burns. Developing secure mobile applications for Android. https://www.isecpartners.com/files/iSEC-Securing-Android-Apps.pdf (accessed October 2012), 2008.
6. L. Cavallaro, P. Saxena, and R. Sekar. On the limits of information flow techniques for malware analysis and containment. In Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA '08, pages 143-163, Berlin, Heidelberg, 2008. Springer-Verlag.
7. A. Chaudhuri. Language-based security on Android. In Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, PLAS '09, pages 1-7, New York, NY, USA, 2009. ACM.
8. L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy. Privilege escalation attacks on Android. In Proceedings of the 13th International Conference on Information Security, ISC'10, pages 346-360, Berlin, Heidelberg, 2011. Springer-Verlag.
9. D. E. Denning and P. J. Denning. Data security. ACM Comput. Surv., 11(3):227-249, Sept. 1979.
10. W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI'10, pages 1-6, Berkeley, CA, USA, 2010. USENIX Association.
11. W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification. In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS '09, pages 235-245, New York, NY, USA, 2009. ACM.
12. C. G. Girling. Covert Channels in LAN's. IEEE Transactions on Software Engineering, 13(2):292-296, 1987.
13. V. Gligor. A guide to understanding covert channel analysis of trusted systems, version 1 (light pink book). NCSC-TG-030, Library No. S-240,572, November 1993. National Computer Security Center, TCSEC Rainbow Series Library.
14. Google. Android OS (up to version 2.3.7). http://developer.android.com/.
15. GRSecurity. The GRSecurity project. http://grsecurity.net/features.php.
16. T. Harada, T. Horie, and K. Tanaka. Task oriented management obviates your onus on linux (TOMOYO Linux). Linux Conference, 2004.
17. W.-M. Hu. Reducing timing channels with fuzzy time. In Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy, pages 8-20, May 1991.
18. B. W. Lampson. A note on the confinement problem. Commun. ACM, 16(10):613-615, Oct. 1973.
19. A. M. Lineberry. These aren't the permissions you're looking for. BlackHat USA, August 2010.
20. S. B. Lipner. A comment on the confinement problem. In Proceedings of the 5th ACM Symposium on Operating Systems Principles, SOSP '75, pages 192-196, New York, NY, USA, 1975. ACM.
21. Microsoft. Security for Windows Phone 7. http://msdn.microsoft.com/enus/ library/ff402533%28v=VS.92%29.aspx (accessed October 2012).
22. S. K. Nair, P. N. D. Simpson, B. Crispo, and A. S. Tanenbaum. A virtual machine based information flow control system for policy enforcement. Electron. Notes Theor. Comput. Sci., 197(1):3-16, Feb. 2008. (Pubitemid 351253789)
23. Nokia. Symbian OS. http://symbian.nokia.com.
24. J. Oberheide. Android Hax. SummerCon 2010, June 2010. http://jon.oberheide.org/files/summercon10- androidhax-jonoberheide.pdf (accessed October 2012).
25. J. Oberheide and F. Jahanian. When mobile is harder than fixed (and vice versa): demystifying security challenges in mobile environments. In Proceedings of the 11th Workshop on Mobile Computing Systems and Applications, HotMobile '10, pages 43-48, New York, NY, USA, 2010. ACM.
26. M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel. Semantically rich application-centric security in Android. In Proceedings of the 25th Annual Computer Security Applications Conference, ACSAC '09, pages 340 -349, dec. 2009.
27. F. A. Petitcolas, R. J. Anderson, and M. G. Kuhn. Information hiding-a survey. Proceedings of the IEEE, 87(7):1062-1078, July 1999.
28. G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos. Paranoid Android: versatile protection for smartphones. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC '10, pages 347-356, New York, NY, USA, 2010. ACM.
29. R. Schlegel, K. Zhang, X. Zhou, M. Intwala, A. Kapadia, and X. Wang. Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones. In Proceedings of the 18th Annual Network and Distributed System Security Symposium, NDSS '11, pages 17-33, Feb. 2011.
30. A. B. Shaffer, M. Auguston, C. E. Irvine, and T. E. Levin. A security domain model to assess software for exploitable covert channels. In Proceedings of the 3rd ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, PLAS '08, pages 45-56, New York, NY, USA, 2008. ACM.
31. S. Smalley, NSA, and Trust Mechanisms (R2X). SEAndroid. http://selinuxproject.org/page/SEAndroid (accessed October 2012).
32. The Lookout Blog. Lookout's privacy advisor protects your private information. http://blog.mylookout.com/2010/11/lookout%E2%80%99s-privacy- advisorprotects-your-private-information/ (accessed October 2012).
33. M. Tiwari, J. K. Oberg, X. Li, J. Valamehr, T. Levin, B. Hardekopf, R. Kastner, F. T. Chong, and T. Sherwood. Crafting a usable microkernel, processor, and I/O system with strict and provable information flow security. In Proceedings of the 38th Annual International Symposium on Computer Architecture, ISCA '11, pages 189-200, New York, NY, USA, 2011. ACM.
34. C.-R. Tsai, V. D. Gligor, and C. S. Shandersekaran. On the identification of covert storage channels in secure systems. IEEE Transactions on Software Engineering, 16:569-580, June 1990.
35. T. Vennon and D. Stroop. Threat analysis of the Android market. Technical report, GTC, June 2010. Smobile systems technical report, Available at http://threatcenter.smobilesystems.com/wpcontent/uploads/2010/06/ Android-Market-Threat-Analysis-6-22-10-v1.pdf (accessed October 2012).
36. Z. Wang and R. B. Lee. Covert and side channels due to processor architecture. In Proceedings of the 22nd Annual Computer Security Applications Conference, ACSAC '06, pages 473 -482, dec. 2006. (Pubitemid 351232939)