Practical and lightweight domain isolation on Android

In this paper, we introduce a security framework for practical and lightweight domain isolation on Android to mitigate unauthorized data access and communication among applications of different trust levels (e.g., private and corporate). We present the design and implementation of our framework, TrustDroid, which in contrast to existing solutions enables isolation at different layers of the Android software stack: (1) at the middleware layer to prevent inter-domain application communication and data access, (2) at the kernel layer to enforce mandatory access control on the file system and on Inter-Process Communication (IPC) channels, and (3) at the network layer to mediate network traffic. For instance, (3) allows network data to be only read by a particular domain, or enables basic context-based policies such as preventing Internet access by untrusted applications while an employee is connected to the company's network. Our approach accurately addresses the demands of the business world, namely to isolate data and applications of different trust levels in a practical and lightweight way. Moreover, our solution is the first leveraging mandatory access control with TOMOYO Linux on a real Android device (Nexus One). Our evaluation demonstrates that TrustDroid only adds a negligible overhead, and in contrast to contemporary full virtualization, only minimally affects the battery's life-time.

[1]  Yuval Elovici,et al.  Securing Android-Powered Mobile Devices Using SELinux , 2010, IEEE Security & Privacy.

[2]  Johannes Winter,et al.  Trusted computing building blocks for embedded linux-based ARM trustzone platforms , 2008, STC '08.

[3]  Patrick D. McDaniel,et al.  Understanding Android Security , 2009, IEEE Security & Privacy Magazine.

[4]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[5]  Lucas Davi,et al.  Trusted virtual domains on OKL4: secure information sharing on smartphones , 2011, STC '11.

[6]  Ahmad-Reza Sadeghi,et al.  Privilege Escalation Attacks on Android , 2010, ISC.

[7]  Helen J. Wang,et al.  Permission Re-Delegation: Attacks and Defenses , 2011, USENIX Security Symposium.

[8]  John M. Rushby,et al.  Design and verification of secure systems , 1981, SOSP.

[9]  Harvey Tuch,et al.  The VMware mobile virtualization platform: is that a hypervisor in your pocket? , 2010, OPSR.

[10]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[11]  Sang-Bum Suh,et al.  Xen on ARM: System Virtualization Using Xen Hypervisor for ARM-Based Secure Mobile Phones , 2008, 2008 5th IEEE Consumer Communications and Networking Conference.

[12]  Jean-Pierre Seifert,et al.  Beyond Kernel-Level Integrity Measurement: Enabling Remote Attestation for the Android Platform , 2010, TRUST.

[13]  Xinwen Zhang,et al.  Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[14]  Apu Kapadia,et al.  Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones , 2011, NDSS.

[15]  Ahmad-Reza Sadeghi,et al.  XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks , 2011 .

[16]  Christian Stüble,et al.  Towards a Trusted Mobile Desktop , 2010, TRUST.

[17]  Bennet S. Yee,et al.  Adapting Software Fault Isolation to Contemporary CPU Architectures , 2010, USENIX Security Symposium.

[18]  Patrick D. McDaniel,et al.  Porscha: policy oriented secure content handling in Android , 2010, ACSAC '10.

[19]  Jean-Pierre Seifert,et al.  A trusted mobile phone reference architecturevia secure kernel , 2007, STC '07.

[20]  Mauro Conti,et al.  CRePE: Context-Related Policy Enforcement for Android , 2010, ISC.

[21]  Ahmad-Reza Sadeghi,et al.  Trusted Virtual Domains - Design, Implementation and Lessons Learned , 2009, INTRUST.

[22]  Patrick D. McDaniel,et al.  Semantically Rich Application-Centric Security in Android , 2009, 2009 Annual Computer Security Applications Conference.

[23]  Giuseppe F. Italiano,et al.  SecureMyDroid: enforcing security in the mobile devices lifecycle , 2010, CSIIRW '10.

[24]  Trent Jaeger,et al.  Dynamic mandatory access control for multiple stakeholders , 2009, SACMAT '09.

[25]  Sven Bugiel,et al.  Trust in a small package: minimized MRTM software implementation for mobile secure environments , 2009, STC '09.

[26]  Jean-Pierre Seifert,et al.  SEIP: Simple and Efficient Integrity Protection for Open Mobile Platforms , 2010, ICICS.

[27]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.