Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies

In this paper we tackle the challenge of providing a generic security architecture for the Android OS that can serve as a flexible and effective ecosystem to instantiate different security solutions. In contrast to prior work our security architecture, termed FlaskDroid, provides mandatory access control simultaneously on both Android's middleware and kernel layers. The alignment of policy enforcement on these two layers is non-trivial due to their completely different semantics. We present an efficient policy language (inspired by SELinux) tailored to the specifics of Android's middleware semantics. We show the flexibility of our architecture by policy-driven instantiations of selected security models such as the existing work Saint as well as a new privacy-protecting, user-defined and fine-grained per-app access control model. Other possible instantiations include phone booth mode, or dual persona phone. Finally we evaluate our implementation on SE Android 4.0.4 illustrating its efficiency and effectiveness.

[1]  Byung-Gon Chun,et al.  Vision: automated security validation of mobile apps at app markets , 2011, MCS '11.

[2]  Michael Backes,et al.  AppGuard - Enforcing User Requirements on Android Apps , 2013, TACAS.

[3]  Apu Kapadia,et al.  Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones , 2011, NDSS.

[4]  Todd Millstein,et al.  Dr. Android and Mr. Hide: Fine-grained security policies on unmodified Android , 2011 .

[5]  Xinwen Zhang,et al.  Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[6]  Lujo Bauer,et al.  More than skin deep: measuring effects of the underlying model on access-control system usability , 2011, CHI.

[7]  Yajin Zhou,et al.  Detecting Passive Content Leaks and Pollution in Android Applications , 2013, NDSS.

[8]  Hao Chen,et al.  TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion , 2011, HotSec.

[9]  Trent Jaeger,et al.  Dynamic mandatory access control for multiple stakeholders , 2009, SACMAT '09.

[10]  Mauro Conti,et al.  MOSES: supporting operation modes on smartphones , 2012, SACMAT '12.

[11]  Ahmad-Reza Sadeghi,et al.  Towards Taming Privilege-Escalation Attacks on Android , 2012, NDSS.

[12]  Trent Jaeger,et al.  Protecting the integrity of trusted applications in mobile phone systems , 2011, Secur. Commun. Networks.

[13]  Shashi Shekhar,et al.  QUIRE: Lightweight Provenance for Smart Phone Operating Systems , 2011, USENIX Security Symposium.

[14]  Ahmad-Reza Sadeghi,et al.  myTunes: Semantically Linked and User-Centric Fine-Grained Privacy Control on Android , 2012 .

[15]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[16]  Jean-Pierre Seifert,et al.  SEIP: Simple and Efficient Integrity Protection for Open Mobile Platforms , 2010, ICICS.

[17]  Atul Prakash,et al.  Methods and limitations of security policy reconciliation , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[18]  Ahmad-Reza Sadeghi,et al.  Towards a Framework for Android Security Modules: Extending SE Android Type Enforcement to Android Middleware , 2012 .

[19]  Trent Jaeger,et al.  Runtime verification of authorization hook placement for the linux security modules framework , 2002, CCS '02.

[20]  Xuxian Jiang,et al.  Unsafe exposure analysis of mobile in-app advertisements , 2012, WISEC '12.

[21]  N. Asokan,et al.  Old, new, borrowed, blue --: a perspective on the evolution of mobile platform security architectures , 2011, CODASPY '11.

[22]  Ross J. Anderson,et al.  Aurasium: Practical Policy Enforcement for Android Applications , 2012, USENIX Security Symposium.

[23]  Helen J. Wang,et al.  Permission Re-Delegation: Attacks and Defenses , 2011, USENIX Security Symposium.

[24]  Todd D. Millstein,et al.  Dr. Android and Mr. Hide: fine-grained permissions in android applications , 2012, SPSM '12.

[25]  Mike Hibler,et al.  The Flask Security Architecture: System Support for Diverse Security Policies , 1999, USENIX Security Symposium.

[26]  Mauro Conti,et al.  CRePE: Context-Related Policy Enforcement for Android , 2010, ISC.

[27]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[28]  Patrick D. McDaniel,et al.  Semantically Rich Application-Centric Security in Android , 2009, 2009 Annual Computer Security Applications Conference.

[29]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[30]  Patrick D. McDaniel,et al.  Understanding Android Security , 2009, IEEE Security & Privacy Magazine.

[31]  Niels Provos,et al.  Improving Host Security with System Call Policies , 2003, USENIX Security Symposium.

[32]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[33]  Jaideep Vaidya,et al.  RoleMiner: mining roles using subset enumeration , 2006, CCS '06.

[34]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[35]  Joshua D. Guttman,et al.  Verifying information flow goals in Security-Enhanced Linux , 2005, J. Comput. Secur..

[36]  Ahmad-Reza Sadeghi,et al.  Privilege Escalation Attacks on Android , 2010, ISC.

[37]  Gail-Joon Ahn,et al.  Detecting and Resolving Firewall Policy Anomalies , 2012, IEEE Transactions on Dependable and Secure Computing.

[38]  Patrick D. McDaniel,et al.  Porscha: policy oriented secure content handling in Android , 2010, ACSAC '10.

[39]  Zhi Xu,et al.  TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors , 2012, WISEC '12.

[40]  Ahmad-Reza Sadeghi,et al.  Practical and lightweight domain isolation on Android , 2011, SPSM '11.

[41]  Stephen Smalley,et al.  Security Enhanced (SE) Android: Bringing Flexible MAC to Android , 2013, NDSS.

[42]  Using GConf as an Example of How to Create an Userspace Object Manager , 2007 .

[43]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.

[44]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[45]  Yajin Zhou,et al.  Taming Information-Stealing Smartphone Applications (on Android) , 2011, TRUST.

[46]  Atul Prakash,et al.  Methods and limitations of security policy reconciliation , 2006, TSEC.

[47]  Hubert Ritzdorf,et al.  Analysis of the communication between colluding applications on modern smartphones , 2012, ACSAC '12.

[48]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.