AppShell: Making data protection practical for lost or stolen Android devices
作者: Xuxian Jiang , Kapil Singh , Yajin Zhou
DOI: 10.1109/NOMS.2016.7502850
关键词:
摘要: Mobile apps continue to consume increasing amounts of sensitive data, such as banking credentials and classified documents. At the same time, number smartphone thefts is at a rapid speed. As result, there an imperative need protect data on lost or stolen mobile devices. In this work, we develop practical solution Our enables adaptive protection by pro-actively stepping up down security based perceived contextual risk device. We realize our for Android platform in form system called AppShell. AppShell does not require root privilege, nor any modification underlying framework, hence ready-to-deploy solution. It supports both in-memory on-disk transparently encrypting discarding encryption key, when required, enhanced protection. implement working prototype evaluate it against several popular apps. results show that can successfully devices with reasonable performance overhead.
sci-hub.se 参考文章(12)
Tilo Müller, Michael Spreitzenbarth, FROST: forensic recovery of scrambled telephones applied cryptography and network security. pp. 373- 388 ,(2013) , 10.1007/978-3-642-38980-1_23
Sravan Bhamidipati, Nikhil Sarda, Ashish Bijlani, Yang Tang, Roxana Geambasu, Phillip Ames, CleanOS: limiting mobile data exposure with idle eviction operating systems design and implementation. pp. 77- 91 ,(2012) , 10.5555/2387880.2387888
Helger Lipmaa, Phillip Rogaway, David Wagner, Comments to NIST concerning AES Modes of Operations: CTR-Mode Encryption ,(2000)
Ross Anderson, Hassen Saïdi, Rubin Xu, Aurasium: practical policy enforcement for Android applications usenix security symposium. pp. 27- 27 ,(2012)
Niels Provos, Encrypting virtual memory usenix security symposium. pp. 3- 3 ,(2000)
Adam J Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, Jonathan M Smith, None, Smudge attacks on smartphone touch screens WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies. pp. 1- 7 ,(2010)
Dimitrios Lymberopoulos, Karin Strauss, Chuan Qin, Oriana Riva, Progressive authentication: deciding when to authenticate on mobile phones usenix security symposium. pp. 15- 15 ,(2012)
K. Onarlioglu, C. Mulliner, W. Robertson, E. Kirda, PrivExec: Private Execution as an Operating System Service ieee symposium on security and privacy. pp. 206- 220 ,(2013) , 10.1109/SP.2013.24
Monirul Sharif, Andrea Lanzi, Jonathon Giffin, Wenke Lee, Automatic Reverse Engineering of Malware Emulators ieee symposium on security and privacy. pp. 94- 109 ,(2009) , 10.1109/SP.2009.27
Adam Skillen, David Barrera, Paul C. van Oorschot, Deadbolt: locking down android disk encryption security and privacy in smartphones and mobile devices. pp. 3- 14 ,(2013) , 10.1145/2516760.2516771