Hybrid User-level Sandboxing of Third-party Android Apps
作者: Yajin Zhou , Kunal Patel , Lei Wu , Zhi Wang , Xuxian Jiang
关键词:
摘要: Users of Android phones increasingly entrust personal information to third-party apps. However, recent studies reveal that many apps, even benign ones, could leak sensitive without user awareness or consent. Previous solutions either require modify the framework thus significantly impairing their practical deployment, be easily defeated by malicious apps using a native library.In this paper, we propose AppCage, system thoroughly confines run-time behavior requiring modifications root privilege. AppCage leverages two complimentary user-level sandboxes interpose and regulate an app's access APIs. Specifically, dex sandbox hooks into Dalvik virtual machine instance redirects each API proxy which strictly enforces user-defined policies, software fault isolation prevent libraries from directly accessing protected APIs subverting sandbox. We have implemented prototype AppCage. Our evaluation shows can successfully detect block attempts private performance overhead caused is negligible for minor with them.
acm.org
yajin.org 参考文章(42)
David Sehr, Cliff Biffle, Karl Schimpf, Brad Chen, Robert Muth, Egor Pasko, Bennet Yee, Victor Khimenko, Adapting software fault isolation to contemporary CPU architectures usenix security symposium. pp. 1- 1 ,(2010)
Yajin Zhou, Xinwen Zhang, Xuxian Jiang, Vincent W. Freeh, Taming information-stealing smartphone applications (on Android) trust and trustworthy computing. pp. 93- 107 ,(2011) , 10.1007/978-3-642-21599-5_7
Michael Backes, Sebastian Gerling, Christian Hammer, Matteo Maffei, Philipp von Styp-Rekowsky, AppGuard: enforcing user requirements on android apps tools and algorithms for construction and analysis of systems. pp. 543- 548 ,(2013) , 10.1007/978-3-642-36742-7_39
Mengtao Sun, Gang Tan, JVM-Portable Sandboxing of Java’s Native Libraries Computer Security – ESORICS 2012. pp. 842- 858 ,(2012) , 10.1007/978-3-642-33167-1_48
Sven Bugiel, Ahmad-Reza Sadeghi, Stephan Heuser, Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies usenix security symposium. pp. 131- 146 ,(2013)
Frank Yellin, Tim Lindholm, The Java Virtual Machine Specification ,(1996)
Ross Anderson, Hassen Saïdi, Rubin Xu, Aurasium: practical policy enforcement for Android applications usenix security symposium. pp. 27- 27 ,(2012)
Greg Morrisett, Stephen McCamant, Evaluating SFI for a CISC architecture usenix security symposium. pp. 15- ,(2006)
Mingwei Zhang, R. Sekar, Control flow integrity for COTS binaries usenix security symposium. pp. 337- 352 ,(2013)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971