1,500 research outputs found
Retrofitting privacy controls to stock Android
Android ist nicht nur das beliebteste Betriebssystem fĂŒr mobile EndgerĂ€te, sondern auch ein ein attraktives Ziel fĂŒr Angreifer. Um diesen zu begegnen, nutzt Androids Sicherheitskonzept App-Isolation und Zugangskontrolle zu kritischen Systemressourcen. Nutzer haben dabei aber nur wenige Optionen, App-Berechtigungen gemÀà ihrer BedĂŒrfnisse einzuschrĂ€nken, sondern die Entwickler entscheiden ĂŒber zu gewĂ€hrende Berechtigungen. Androids Sicherheitsmodell kann zudem nicht durch Dritte angepasst werden, so dass Nutzer zum Schutz ihrer PrivatsphĂ€re auf die GerĂ€tehersteller angewiesen sind. Diese Dissertation prĂ€sentiert einen Ansatz, Android mit umfassenden PrivatsphĂ€reeinstellungen nachzurĂŒsten. Dabei geht es konkret um Techniken, die ohne Modifikationen des Betriebssystems oder Zugriff auf Root-Rechte auf regulĂ€ren Android-GerĂ€ten eingesetzt werden können. Der erste Teil dieser Arbeit etabliert Techniken zur Durchsetzung von Sicherheitsrichtlinien fĂŒr Apps mithilfe von inlined reference monitors. Dieser Ansatz wird durch eine neue Technik fĂŒr dynamic method hook injection in Androids Java VM erweitert. SchlieĂlich wird ein System eingefĂŒhrt, das prozessbasierte privilege separation nutzt, um eine virtualisierte App-Umgebung zu schaffen, um auch komplexe Sicherheitsrichtlinien durchzusetzen. Eine systematische Evaluation unseres Ansatzes konnte seine praktische Anwendbarkeit nachweisen und mehr als eine Million Downloads unserer Lösung zeigen den Bedarf an praxisgerechten Werkzeugen zum Schutz der PrivatsphĂ€re.Android is the most popular operating system for mobile devices, making it a prime target for attackers. To counter these, Androidâs security concept uses app isolation and access control to critical system resources. However, Android gives users only limited options to restrict app permissions according to their privacy preferences but instead lets developers dictate the permissions users must grant. Moreover, Androidâs security model is not designed to be customizable by third-party developers, forcing users to rely on device manufacturers to address their privacy concerns. This thesis presents a line of work that retrofits comprehensive privacy controls to the Android OS to put the user back in charge of their device. It focuses on developing techniques that can be deployed to stock Android devices without firmware modifications or root privileges. The first part of this dissertation establishes fundamental policy enforcement on thirdparty apps using inlined reference monitors to enhance Androidâs permission system. This approach is then refined by introducing a novel technique for dynamic method hook injection on Androidâs Java VM. Finally, we present a system that leverages process-based privilege separation to provide a virtualized application environment that supports the enforcement of complex security policies. A systematic evaluation of our approach demonstrates its practical applicability, and over one million downloads of our solution confirm user demand for privacy-enhancing tools
An Android Security Policy Enforcement Tool
The Android operating system (OS) has become the dominant smart phone OS in recent years due to its accessibility, usability and its open-source philosophy. Consequently, this has also made it a popular target for attackers who aim to install malware on Android devices and take advantage of Androidâs coarse-grained, non-revoking permission system. This project designs, implements and evaluates a security tool named COMBdroid, which addresses these security concerns in Android by enforcing fine-grained, user-defined policies. COMBdroid modifies an application before installation, allowing it to override points of security vulnerabilities at run-time. As a proof of concept we have implemented three policies in COMBdroid. This paper documents the development process of COMBdroid, deriving design decisions from the literature review, detailing the design and implementation, and proving the programâs effectiveness through evaluation.
FINE-GRAINED ACCESS CONTROL ON ANDROID COMPONENT
The pervasiveness of Android devices in todayâs interconnected world emphasizes the importance of mobile security in protecting user privacy and digital assets. Androidâs current security model primarily enforces application-level mechanisms, which fail to address component-level (e.g., Activity, Service, and Content Provider) security concerns. Consequently, third-party code may exploit an applicationâs permissions, and security features like MDM or BYOD face limitations in their implementation. To address these concerns, we propose a novel Android component context-aware access control mechanism that enforces layered security at multiple Exception Levels (ELs), including EL0, EL1, and EL3. This approach effectively restricts component privileges and controls resource access as needed. Our solution comprises Flasa at EL0, extending SELinux policies for inter-component interactions and SQLite content control; Compac, spanning EL0 and EL1, which enforces component-level permission controls through Android runtime and kernel modifications; and TzNfc, leveraging TrustZone technologies to secure third-party services and limit system privileges via Trusted Execution Environment (TEE). Our evaluations demonstrate the effectiveness of our proposed solution in containing component privileges, controlling inter-component interactions and protecting component level resource access. This enhanced solution, complementing Androidâs existing security architecture, provides a more comprehensive approach to Android security, benefiting users, developers, and the broader mobile ecosystem
AppGuard â fine-grained policy enforcement for untrusted android applications
Androidâs success makes it a prominent target for malicious software. However, the user has very limited control over security-relevant operations. This work presents AppGuard, a powerful and flexible security system that overcomes these deficiencies. It enforces user-defined security policies on untrusted Android applications without requiring any changes to a smartphoneâs firmware, root access, or the like. Finegrained and stateful security policies are expressed in a formal specification language, which also supports secrecy requirements. Our system offers complete mediation of security-relevant methods based on calleesite inline reference monitoring and supports widespread deployment. In the experimental analysis we demonstrate the removal of permissions for overly curious apps as well as how to defend against several recent real-world attacks on Android phones. Our technique exhibits very little space and runtime overhead. The utility of AppGuard has already been demonstrated by more than 1,000,000 downloads
Kernel-Level Interception and Applications on Mobile Devices
The techniques of kernel-level system call interception are well known today for many different operating systems. This work starts with transferring these technique to the Windows CE type of operating systems. Afterwards, two current problems are solved. The first solution uses the technique for dynamic malware analysis with a sandbox approach, extending previous solutions in terms of effectiveness. The second solution enhances the expressiveness of security policies by implementing the concept of a reference monitor on the operating system level. Windows CE based devices are now enabled to enforce sophisticated security policies without the need to change the underlying operating system
- âŠ