AppPolicyModules: Mandatory Access Control for Third-Party Apps

Android has recently introduced the support for Mandatory Access Control, which extends previous security services relying on the Android Permission Framework and on the kernel-level Discretionary Access Control. This extension has been obtained with the use of SELinux and its adaptation to Android (SEAndroid). Currently, the use of the MAC model is limited to the protection of system resources. All the apps that are installed by users fall in a single undifferentiated domain, untrusted_app. We propose an extension of the architecture that permits to associate with each app a dedicated MAC policy, contained in a dedicated appPolicyModule, in order to protect app resources even from malware with root privileges. A crucial difference with respect to the support for policy modules already available in some SELinux implementations is the need to constrain the policies in order to guarantee that an app policy is not able to manipulate the system policy. We present the security requirements that have to be satisfied by the support for modules and show that our solution satisfies these requirements. The support for appPolicyModules can also be the basis for the automatic generation of policies, with a stricter enforcement of Android permissions. A prototype has been implemented and experimental results show a minimal performance overhead for app installation and runtime.

[1]  Ahmad-Reza Sadeghi,et al.  Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies , 2013, USENIX Security Symposium.

[2]  David Caplan,et al.  SELinux by Example: Using Security Enhanced Linux (Prentice Hall Open Source Software Development Series) , 2006 .

[3]  Mike Hibler,et al.  The Flask Security Architecture: System Support for Diverse Security Policies , 1999, USENIX Security Symposium.

[4]  Xiapu Luo,et al.  RootGuard: Protecting Rooted Android Phones , 2014, Computer.

[5]  William K. Robertson,et al.  VirtualSwindle: an automated attack against in-app billing on android , 2014, AsiaCCS.

[6]  Ahmad-Reza Sadeghi,et al.  Towards Taming Privilege-Escalation Attacks on Android , 2012, NDSS.

[7]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[8]  Ahmad-Reza Sadeghi,et al.  Practical and lightweight domain isolation on Android , 2011, SPSM '11.

[9]  M. Guarnieri,et al.  Conflict detection in security policies using Semantic Web technology , 2012, 2012 IEEE First AESS European Conference on Satellite Telecommunications (ESTEL).

[10]  Julius Dizon,et al.  DroidDreamLight lurks behind legitimate Android apps , 2011, 2011 6th International Conference on Malicious and Unwanted Software.

[11]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[12]  Chao Yang,et al.  Detecting money-stealing apps in alternative Android markets , 2012, CCS '12.

[13]  Stephen Smalley,et al.  Security Enhanced (SE) Android: Bringing Flexible MAC to Android , 2013, NDSS.