Paper Info
Title
CASE: Comprehensive Application Security Enforcement on COTS Mobile Devices.
Abstract
Without violating existing app security enforcement, malicious modules inside apps, such as a library or an external class, can steal private data and abuse sensitive capabilities meant for other modules inside the same apps. These so-called \"module-level attacks\" are quickly emerging, fueled by the pervasive use of third-party code in apps and the lack of module-level security enforcement on mobile platforms. To systematically thwart the threats, we build CASE, an automatic app patching tool used by app developers to enable module-level security in their apps built for COTS Android devices. During runtime, patched apps enforce developer-supplied security policies that regulate interactions among modules at the granularity of a Java class. Requiring no changes or special support from the Android OS, the enforcement is complete in covering inter-module crossings in apps and is robust against malicious Java and native app modules. We evaluate CASE with 420 popular apps and a set of Android's unit tests. The results show that CASE is fully compatible with the tested apps and incurs an average performance overhead of 4.9%.
Year
DOI
Venue
2016
10.1145/2906388.2906413
MobiSys
Field
DocType
Citations 
Android (operating system),Application security,Computer security,Computer science,Unit testing,Mobile device,Enforcement,Security policy,Java,Operating system,Embedded system
Conference
5
PageRank 
References 
Authors
0.43
15
3
Name
Order
Citations
PageRank
Suwen Zhu1243.76
Long Lu269933.95
Kapil Singh382.15