AdSplit: Separating smartphone advertising from applications

A wide variety of smartphone applications today rely on third-party advertising services, which provide libraries that are linked into the hosting application. This situation is undesirable for both the application author and the advertiser. Advertising libraries require additional permissions, resulting in additional permission requests to users. Likewise, a malicious application could simulate the behavior of the advertising library, forging the user's interaction and effectively stealing money from the advertiser. This paper describes AdSplit, where we extended Android to allow an application and its advertising to run as separate processes, under separate user-ids, eliminating the need for applications to request permissions on behalf of their advertising libraries. We also leverage mechanisms from Quire to allow the remote server to validate the authenticity of client-side behavior. In this paper, we quantify the degree of permission bloat caused by advertising, with a study of thousands of downloaded apps. AdSplit automatically recompiles apps to extract their ad services, and we measure minimal runtime overhead. We also observe that most ad libraries just embed an HTML widget within and describe how AdSplit can be designed with this in mind to avoid any need for ads to have native code

Fine-Grained Access Control for HTML5-Based Mobile Applications in Android

HTML5-based mobile applications are becoming more and more popular because they can run on different platforms. Several newly introduced mobile OS natively support HTML5-based applications. For those that do not provide native sup-port, such as Android, iOS, and Windows Phone, developers can develop HTML5-based applications using middlewares, such as PhoneGap [17]. In these platforms, programs are loaded into a web component, called WebView, which can render HTML5 pages and execute JavaScript code. In order for the program to access the system resources, which are isolated from the content inside WebView due to its sand-box, bridges need to be built between JavaScript and the native code (e.g. Java code in Android). Unfortunately, such bridges break the existing protection that was origi-nally built into WebView. In this paper, we study the potential risks of HTML5-based applications, and investigate how the existing mobile systems ’ access control supports these applications. We fo-cus on Android and the PhoneGap middleware. However, our ideas can be applied to other platforms. Our studies indicate that Android does not provide an adequate access control for this kind of applications. We propose a fine-grained access control mechanism for the bridge in Android system. We have implemented our scheme in Android and have evaluated its effectiveness and performance. 1

ATTACKS AND COUNTERMEASURES FOR WEBVIEW ON MOBILE SYSTEMS

ABSTRACT All the mainstream mobile operating systems provide a web container, called ``WebView\u27\u27. This Web-based interface can be included as part of the mobile application to retrieve and display web contents from remote servers. WebView not only provides the same functionalities as web browser, more importantly, it enables rich interactions between mobile apps and webpages loaded inside WebView. Through its APIs, WebView enables the two-way interaction. However, the design of WebView changes the landscape of the Web, especially from the security perspective. This dissertation conducts a comprehensive and systematic study of WebView\u27s impact on web security, with a particular focus on identifying its fundamental causes. This dissertation discovers multiple attacks on WebView, and proposes new protection models to enhance the security of WebView. The design principles of these models are also described as well as the prototype implementation in Android platform. Evaluations are used to demonstrate the effectiveness and performance of these protection models

Rethinking Security of Web-Based System Applications

Many modern desktop and mobile platforms, including Ubuntu, Google Chrome, Windows, and Firefox OS, support so called Web-based system applications that run outside the Web browser and enjoy direct access to native objects such as files, camera, and ge-olocation. We show that the access-control models of these plat-forms are (a) incompatible and (b) prone to unintended delega-tion of native-access rights: when applications request native ac-cess for their own code, they unintentionally enable it for untrusted third-party code, too. This enables malicious ads and other third-party content to steal users ’ OAuth authentication credentials, ac-cess camera on their devices, etc. We then design, implement, and evaluate POWERGATE, a new access-control mechanism for Web-based system applications. It solves two key problems plaguing all existing platforms: security and consistency. First, unlike the existing platforms, POWERGATE correctly protects native objects from unauthorized access. Second, POWERGATE provides uniform access-control semantics across all platforms and is 100 % backward compatible. POWERGATE en-ables application developers to write well-defined native-object ac-cess policies with explicit principals such as “application’s own lo-cal code ” and “third-party Web code, ” is easy to configure, and incurs negligible performance overhead

Lico: A Lightweight Access Control Model for Inter-Networking Linkages

© 2013 IEEE. Processes in operating systems are assigned different privileges to access different resources. A process may invoke other processes whose privileges are different; thus, its privileges are expanded (or escalated) due to such improper 'inheritance.' Inter-networking can also occur between processes, either transitively or iteratively. This complicates the monitoring of inappropriate privilege assignment/escalation, which can result in information leakage. Such information leakage occurs due to privilege transitivity and inheritance and can be defined as a general access control problem for inter-networking linkages. This is also a topic that is generally less studied in existing access control models. Specifically, in this paper, we propose a lightweight directed graph-based model, LiCo, which is designed to facilitate the authorization of privileges among inter-networking processes. To the best of our knowledge, this is the first general access control model for inter-invoking processes and general inter-networking linkages

Eristämismekanismeja selainpohjaisille ohjelmistoarkkitehtuureille

Traditional backend-oriented web applications are increasingly being replaced by frontend applications, which execute directly in the user's browser. Web application performance has been shown to directly affect business performance, and frontend applications enable unique performance improvements. However, building complex applications within the browser is still a new and poorly understood field, and engineering efforts within the field are often plagued by quality issues. This thesis addresses the current research gap around frontend applications, by investigating the applicability of isolation mechanisms available in browsers to frontend application architecture. We review the important publications around the topic, forming an overview of current research, and current best practices in the field. We use this understanding, combined with relevant industry experience, to categorize the available isolation mechanisms to four classes: state and variable isolation, isolation from the DOM, isolation within the DOM, and execution isolation. For each class, we provide background and concrete examples on both the related quality issues, as well as tools for their mitigation. Finally, we use the ISO 25010 quality standard to evaluate the impact of these isolation mechanisms on frontend application quality. Our results suggest that the application of the previously introduced isolation mechanisms has the potential to significantly improve several key areas of frontend application quality, most importantly compatibility and maintainability, but also performance and security. Many of these mechanisms also imply tradeoffs between other quality attributes, most commonly performance. Future work could include developing frontend application architectures that leverage these isolation mechanisms to their full potential.Perinteisiä palvelinorientoituneita verkko-ohjelmistoja korvataan kiihtyvällä vauhdilla selainpohjaisilla ohjelmistoilla. Verkko-ohjelmistojen suorituskyvyn on osoitettu vaikuttavan suoraan yritysten tulokseen, ja selainpohjaiset ohjelmistot mahdollistavat huomattavia parannuksia suorituskykyyn. Monimutkaisten selainpohjaisten ohjelmistojen rakentaminen on kuitenkin uusi ja huonosti ymmärretty ala, ja sillä tapahtuva kehitystyö on ollut laatuongelmien piinaamaa. Tässä diplomityössä täydennetään puutteellista tutkimusta selainpohjaisista ohjelmistoista tutkimalla selaimista löytyvien eristysmekanismien soveltuvuutta näiden ohjelmistojen arkkitehtuurin parantamiseen. Käymme läpi tärkeimmät alan julkaisut muodostaen yleiskuvan tutkimuksen tilasta ja parhaiksi katsotuista käytännöistä alan harjoittajien keskuudessa. Yhdistämällä kirjallisuuskatsauksen tulokset omaan työkokemukseemme alalta, luokittelemme selainten käytettävissä olevat eristysmekanismit neljään kategoriaan: tilan ja muuttujien eristäminen, eristäminen DOM:ista, eristäminen DOM:in sisällä sekä suorituksen eristäminen. Käsittelemme tämän jälkeen löydetyt kategoriat sekä esitämme niihin liittyviä konkreettisia laatuongelmia sekä työkaluja näiden ongelmien ratkaisuun. Lopuksi arvioimme näiden eristysmekanismien vaikutusta selainpohjaisten ohjelmistojen laatuun ISO 25010 -laatustandardin avulla. Tuloksemme osoittavat että työssä esitettyjen eristysmekanismien käyttö saattaisi parantaa ohjelmistojen laatua usealla tärkeällä alueella. Näistä merkittävimpiä ovat yhteensopivuus ja ylläpidettävyys, mutta hyötyjä voitaisiin saada myös suorituskyvyn sekä tietoturvan parantumisella. Toisaalta monet esitellyistä mekanismeista myös vaativat kompromisseja muiden laatuvaatimusten osalta. Jatkotutkimusta tarvittaisiin selainpohjaisista arkkitehtuureista, jotka hyödyntäisivät paremmin työssä esitettyjä eristysmekanismeja