MuTent: Dynamic Android Intent Protection with Ownership-Based Key Distribution and Security Contracts

Intents are the plain-text based message object used for ICC by the Android framework. Hence the framework essentially lacks an inbuilt security mechanism to protect the visibility, accessibility, and integrity of Intent’s data that facilitates adversaries to intercept or manipulate the data. In this work, we investigate the Intent protection mechanism and propose a security-enhanced Intent library μTent that allows Android apps to securely exchange sensitive data during ICC. Differently from the existing mechanism, μTent provides accessibility and visibility of Intent data by validating the receiver’s capability and provides integrity by using encryption and the Arc security contract code. Especially, ICC is initiated by exchanging μTent and follows a novel ownership-based key distribution model, that restricts the malware apps without permission from deciphering data. Through the evaluation, we show that μTent can improve the security for popular Android apps with minimal performance overheads, demonstrated using

[1]  Helen J. Wang,et al.  Permission Re-Delegation: Attacks and Defenses , 2011, USENIX Security Symposium.

[2]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[3]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[4]  Hubert Ritzdorf,et al.  Analysis of the communication between colluding applications on modern smartphones , 2012, ACSAC '12.

[5]  Michael D. Ernst,et al.  An overview of JML tools and applications , 2003, International Journal on Software Tools for Technology Transfer.

[6]  Sankardas Roy,et al.  Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps , 2014, CCS.

[7]  Ali Feizollah,et al.  AndroDialysis: Analysis of Android Intent Effectiveness in Malware Detection , 2017, Comput. Secur..

[8]  Somesh Jha,et al.  Practical DIFC Enforcement on Android , 2016, USENIX Security Symposium.

[9]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[10]  Alireza Sadeghi,et al.  A Temporal Permission Analysis and Enforcement Framework for Android , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE).

[11]  Hubert Ritzdorf Analyzing Covert Channels on Mobile Devices , 2012 .

[12]  Jörg Schwenk,et al.  mXSS attacks: attacking well-secured web-applications by using innerHTML mutations , 2013, CCS.

[13]  Lujo Bauer,et al.  Run-Time Enforcement of Information-Flow Properties on Android - (Extended Abstract) , 2013, ESORICS.

[14]  Ahmad-Reza Sadeghi,et al.  Towards Taming Privilege-Escalation Attacks on Android , 2012, NDSS.

[15]  Ahmad-Reza Sadeghi,et al.  XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks , 2011 .

[16]  Sam Malek,et al.  Self-Protection of Android Systems from Inter-component Communication Attacks , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[17]  Silva Filho,et al.  Static analysis of implicit control flow: resolving Java reflection and Android intents , 2016 .

[18]  Mudhakar Srivatsa,et al.  EventGuard: A System Architecture for Securing Publish-Subscribe Networks , 2011, TOCS.

[19]  Wenke Lee,et al.  CHEX: statically vetting Android apps for component hijacking vulnerabilities , 2012, CCS.

[20]  Nenad Medvidovic,et al.  A SEALANT for Inter-App Security Holes in Android , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE).

[21]  Samuel T. King,et al.  Design, implementation and evaluation of covert channel attacks , 2010, 2010 IEEE International Conference on Technologies for Homeland Security (HST).

[22]  Emmett Witchel,et al.  Maxoid: transparently confining mobile applications with custom views of state , 2015, EuroSys.

[23]  Mariano Ceccato,et al.  AnFlo: Detecting Anomalous Sensitive Information Flows in Android Apps , 2018, 2018 IEEE/ACM 5th International Conference on Mobile Software Engineering and Systems (MOBILESoft).

[24]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[25]  Sven Bugiel,et al.  DroidCap: OS Support for Capability-based Permissions in Android , 2019, NDSS.

[26]  Tom Chothia,et al.  Spinner: Semi-Automatic Detection of Pinning without Hostname Verification , 2017, ACSAC.

[27]  Sophia Drossopoulou,et al.  Ownership, encapsulation and the disjointness of type and effect , 2002, OOPSLA '02.

[28]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.