Abstract | ||
---|---|---|
Without violating existing app security enforcement, malicious modules inside apps, such as a library or an external class, can steal private data and abuse sensitive capabilities meant for other modules inside the same apps. These so-called \"module-level attacks\" are quickly emerging, fueled by the pervasive use of third-party code in apps and the lack of module-level security enforcement on mobile platforms. To systematically thwart the threats, we build CASE, an automatic app patching tool used by app developers to enable module-level security in their apps built for COTS Android devices. During runtime, patched apps enforce developer-supplied security policies that regulate interactions among modules at the granularity of a Java class. Requiring no changes or special support from the Android OS, the enforcement is complete in covering inter-module crossings in apps and is robust against malicious Java and native app modules. We evaluate CASE with 420 popular apps and a set of Android's unit tests. The results show that CASE is fully compatible with the tested apps and incurs an average performance overhead of 4.9%. |
Year | DOI | Venue |
---|---|---|
2016 | 10.1145/2906388.2906413 | MobiSys |
Field | DocType | Citations |
Android (operating system),Application security,Computer security,Computer science,Unit testing,Mobile device,Enforcement,Security policy,Java,Operating system,Embedded system | Conference | 5 |
PageRank | References | Authors |
0.43 | 15 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Suwen Zhu | 1 | 24 | 3.76 |
Long Lu | 2 | 699 | 33.95 |
Kapil Singh | 3 | 8 | 2.15 |