Quire: lightweight provenance for smart phone operating systems
作者: Shashi Shekhar , Michael Dietz , Anhei Shu , Dan S. Wallach , Yuliy Pisetsky
DOI:
关键词:
摘要: Smartphone apps are often granted to privilege run with access the network and sensitive local resources. This makes it difficult for remote endpoints place any trust in provenance of connections originating from a user's device. Even on phone, different distinct sets can communicate one another. allow app trick another into improperly exercising its privileges (resulting confused deputy attack). In Quire, we engineered two new security mechanisms Android address these issues. First, Quire tracks call chain on-device IPCs, allowing an choice operating reduced callers or full set by acting explicitly own behalf. Second, lightweight signature scheme allows create signed statement that be verified same phone. Both reflected RPCs. systems visibility state phone when RPC was made. We demonstrate usefulness example applications: advertising service runs advertisements separately their hosting applications, payment system. show Quire's performance overhead is minimal.
harvard.edu
arxiv.org
rice.edu
columbia.edu 
acm.org 参考文章(37)
Silas Boyd-Wickizer, David Mazières, Nickolai Zeldovich, Securing distributed systems with information flow control networked systems design and implementation. pp. 293- 308 ,(2008)
Mauro Conti, Vu Thien Nga Nguyen, Bruno Crispo, CRePE: context-related policy enforcement for android international conference on information security. ,vol. 6531, pp. 331- 345 ,(2010) , 10.1007/978-3-642-18178-8_29
C. Neuman, J. Kohl, The Kerberos Network Authentication Service (V5) RFC. ,vol. 1510, pp. 1- 112 ,(1993)
Alexander Moshchuk, Chris Grier, Helen J. Wang, Herman Venter, Piali Choudhury, Samuel T. King, The multi-principal OS construction of the gazelle web browser usenix security symposium. pp. 417- 432 ,(2009)
David M. Eyers, Peter Pietzuch, Ioannis Papagiannis, Matteo Migliavacca, Brian Shand, Jean Bacon, DEFCON: high-performance event processing with information security usenix annual technical conference. pp. 1- 1 ,(2010)
Ronald Perez, Reiner Sailer, Leendert van Doorn, None, vTPM: virtualizing the trusted platform module usenix security symposium. pp. 21- ,(2006)
Helen J. Wang, Jon Howell, Xiaofeng Fan, Collin Jackson, MashupOS: operating system abstractions for client mashups HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems. pp. 16- ,(2007)
Alexander Moshchuk, Adrienne Porter Felt, Helen J. Wang, Erika Chin, Steven Hanna, Permission re-delegation: attacks and defenses usenix security symposium. pp. 22- 22 ,(2011)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Lieven Desmet, Wouter Joosen, Fabio Massacci, Pieter Philippaerts, Frank Piessens, Ida Siahaan, Dries Vanoverberghe, Security-by-contract on the .NET platform Information Security Technical Report. ,vol. 13, pp. 25- 32 ,(2008) , 10.1016/J.ISTR.2008.02.001