DroidDisintegrator: Intra-application information flow control in android apps

Eran Tromer, Roei Schuster

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

13 Scopus citations

Abstract

In mobile platforms and their app markets, controlling app permissions and preventing abuse of private information are crucial challenges. Information Flow Control (IFC) is a powerful approach for formalizing and answering user concerns such as: "Does this app send my geolocation to the Internet?" Yet despite intensive research efforts, IFC has not been widely adopted in mainstream programming practice. We observe that the typical structure of Android apps offers an opportunity for a novel and effective application of IFC. In Android, an app consists of a collection of a few dozen "components", each in charge of some high-level functionality. Most components do not require access to most resources. These components are a natural and effective granularity at which to apply IFC (as opposed to the typical process-level or language-level granularity). By assigning different permission labels to each component, and limiting information ow between components, it is possible to express and enforce IFC constraints. Yet nuances of the Android platform, such as its multitude of discretionary (and somewhat arcane) communication channels, raise challenges in defining and enforcing component boundaries. We build a system, DroidDisintegrator, which demonstrates the viability of component-level IFC for expressing and controlling app behavior. DroidDisintegrator uses dynamic analysis to generate IFC policies for Android apps, repackages apps to embed these policies, and enforces the policies at runtime. We evaluate DroidDisintegrator on dozens of apps.

Original languageEnglish
Title of host publicationASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery, Inc
Pages401-412
Number of pages12
ISBN (Electronic)9781450342339
DOIs
StatePublished - 30 May 2016
Event11th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2016 - Xi'an, China
Duration: 30 May 20163 Jun 2016

Publication series

NameASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security

Conference

Conference11th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2016
Country/TerritoryChina
CityXi'an
Period30/05/163/06/16

Fingerprint

Dive into the research topics of 'DroidDisintegrator: Intra-application information flow control in android apps'. Together they form a unique fingerprint.

Cite this