Quire: Lightweight provenance for smart phone operating systems

Proceedings of the 20th USENIX Security Symposium

Volumn , Issue , 2011, Pages 347-362

  DIetz, Michael ^a   Shekhar, Shashi ^a   Pisetsky, Yuliy ^a   Shu, Anhei ^a   Wallach, Dan S ^a  

^a NONE

Author keywords

[No Author keywords available]

Indexed keywords

IN NETWORKS; LOCAL RESOURCES; NETWORK CONNECTION; PAYMENT SYSTEMS; REMOTE SYSTEMS; SECURITY MECHANISM; SIGNATURE SCHEME; SMARTPHONE APPS;

SMARTPHONES;

EID: 85066347237     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (39)

1. M. Abadi, M. Burrows, B. Lampson, and G. D. Plotkin. A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems, 15(4):706-734, Sept. 1993.
2. A. Barth, C. Jackson, and J. C. Mitchell. Robust defenses for cross-site request forgery. In 15th ACM Conference on Computer and Communications Security (CCS '08), Alexandria, VA, Oct. 2008.
3. A. Barth, C. Jackson, and C. Reis. The security architecture of the Chromium browser. Technical Report, http://www.adambarth.com/papers/2008/barthjackson-reis.pdf, 2008.
4. S. Berger, R. Cáceres, K. A. Goldman, R. Perez, R. Sailer, and L. van Doorn. vTPM: Virtualizing the trusted platform module. In 15th Usenix Security Symposium, Vancouver, B.C., Aug. 2006.
5. D. F. C. Brewer and M. J. Nash. The Chinese wall security policy. In Proceedings of the 1989 IEEE Symposium on Security and Privacy, pages 206-214, Oakland, California, May 1989.
6. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A.-R. Sadeghi. XManDroid: A new Android evolution to mitigate privilege escalation attacks. Technical Report TR-2011-04, Technische Universität Darmstadt, Apr. 2011. http://www.trust.informatik.tu-darmstadt.de/fileadmin/ user_upload/Group_TRUST/PubsPDF/xmandroid.pdf.
7. M. Castro and B. Liskov. Practical Byzantine fault tolerance and proactive recovery. ACM Transactions on Computer Systems (TOCS), 20(4):398-461, 2002.
8. D. Chaum and E. Van Heyst. Group signatures. In Proceedings of the 10th Annual International Conference on Theory and Application of Cryptographic Techniques (EUROCRYPT '91), pages 257-265, Berlin, Heidelberg, 1991.
9. E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. Analyzing inter-application communication in Android. In Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services (MobiSys 2011), June 2011.
10. M. Conti, V. T. N. Nguyen, and B. Crispo. CRePE: Context-related policy enforcement for Android. In Proceedings of the Thirteen Information Security Conference (ISC '10), Boca Raton, FL, Oct. 2010.
11. L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy. Privilege Escalation Attacks on Android. In Proceedings of the 13th Information Security Conference (ISC '10), Oct. 2010.
12. L. Desmet, W. Joosen, F. Massacci, P. Philippaerts, F. Piessens, I. Siahaan, and D. Vanoverberghe. Securityby-contract on the.NET platform. Information Security Technical Report, 13(1):25-32, 2008.
13. W. Enck, P. Gilbert, C. Byung-gon, L. P. Cox, J. Jung, P. McDaniel, and S. A. N. TaintDroid: An informationflow tracking system for realtime privacy monitoring on smartphones. In Proceeding of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI '10), pages 393-408, 2010.
14. W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification. In 16th ACM Conference on Computer and Communications Security (CCS '09), Chicago, IL, Nov. 2009.
15. A. P. Felt, H. J. Wang, A. Moshchuck, S. Hanna, and E. Chin. Permission re-delegation: Attacks and defenses. In 20th Usenix Security Symposium, San Fansisco, CA, Aug. 2011.
16. T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: A virtual machine-based platform for trusted computing. In Proceedings of the 19th Symposium on Operating System Principles (SOSP '03), Bolton Landing, NY, Oct. 2003.
17. E. Hammer-Lahav, D. Recordon, and D. Hardt. The OAuth 2.0 Protocol. http://tools.ietf.org/html/draft-ietfoauth-v2-10, 2010.
18. N. Hardy. The confused deputy. ACM Operating Systems Review, 22(4):36-38, Oct. 1988.
19. J. Howell, C. Jackson, H. J. Wang, and X. Fan. MashupOS: Operating system abstractions for client mashups. In Proceedings of the 11th USENIX Workshop on Hot Topics in Operating Systems (HotOS '07), pages 1-7, 2007.
20. S. Ioannidis, S. M. Bellovin, and J. Smith. Sub-operating systems: A new approach to application security. In SIGOPS European Workshop, Sept. 2002.
21. B. Kaliski and M. Robshaw. Message authentication with md5. CryptoBytes, 1:5-8, 1995.
22. J. T. Kohl and C. Neuman. The Kerberos network authentication service (V5). http://www.ietf.org/rfc/rfc1510.txt, Sept. 1993.
23. M. Migliavacca, I. Papagiannis, D. M. Eyers, B. Shand, J. Bacon, and P. Pietzuch. DEFCON: High-performance event processing with information security. In Proceedings of the 2010 USENIX Annual Technical Conference, Boston, MA, June 2010.
24. A. C. Myers. JFlow: Practical mostly-static information flow control. In Proceedings of the 26th ACM SIGPLANSIGACT Symposium on Principles of Programming Languages (POPL '99), pages 228-241, 1999.
25. A. C. Myers and B. Liskov. A decentralized model for information flow control. ACM SIGOPS Operating Systems Review, 31(5):129-142, 1997.
26. A. C. Myers and B. Liskov. Complete, safe information flow with decentralized labels. In Proceedings of the 1998 IEEE Symposium on Security and Privacy, pages 186-197, Oakland, California, May 1998.
27. A. C. Myers and B. Liskov. Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology (TOSEM), 9(4):410-442, 2000.
28. M. Nauman, S. Khan, and X. Zhang. Apex: Extending Android permission model and enforcement with userdefined runtime constraints. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pages 328-332, 2010.
29. M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel. Semantically rich application-centric security in Android. In Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC '09), Honolulu, HI, Dec. 2009.
30. G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos. Paranoid Android: Zero-day protection for smartphones using the cloud. In Annual Computer Security Applications Conference (ACSAC '10), Austin, TX, Dec. 2010.
31. C. Reis, A. Barth, and C. Pizano. Browser security: Lessons from Google Chrome. Communications of the ACM, 52(8):45-49, 2009.
32. J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278-1308, Sept. 1975.
33. S. VanDeBogart, P. Efstathopoulos, E. Kohler, M. Krohn, C. Frey, D. Ziegler, F. Kaashoek, R. Morris, and D. Mazières. Labels and event processes in the Asbestos operating system. ACM Transactions on Computer Systems (TOCS), 25(4), Dec. 2007.
34. D. S.Wallach and E.W. Felten. Understanding Java stack inspection. In Proceedings of the 1998 IEEE Symposium on Security and Privacy, pages 52-63, Oakland, California, May 1998.
35. D. S. Wallach, E. W. Felten, and A. W. Appel. The security architecture formerly known as stack inspection: A security mechanism for language-based systems. ACM Transactions on Software Engineering and Methodology, 9(4):341-378, Oct. 2000.
36. H. J.Wang, C. Grier, A. Moshchuk, S. T. King, P. Choudhury, and H. Venter. The multi-principal OS construction of the Gazelle web browser. In Proceedings of the 18th USENIX Security Symposium, 2009.
37. T. Weigold, T. Kramp, and M. Baentsch. Remote client authentication. IEEE Security & Privacy, 6(4):36-43, July 2008.
38. E.Wobber, M. Abadi, M. Burrows, and B. Lampson. Authentication in the Taos operating system. ACM Transactions on Computer Systems (TOCS), 12(1):3-32, 1994.
39. N. Zeldovich, S. Boyd-Wickizer, and D. Mazières. Securing distributed systems with information flow control. In Proceedings of the 5th Symposium on Networked Systems Design and Implementation (NSDI '08), San Francisco, CA, Apr. 2008.