Bugiel, Sven ; Davi, Lucas ; Dmitrienko, Alexandra ; Heuser, Stephan ; Sadeghi, Ahmad-Reza ; Shastry, Bhargava (2011)
Practical and Lightweight Domain Isolation on Android.
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
In this paper, we introduce a security framework for practical and lightweight domain isolation on Android to mitigate unauthorized data access and communication among applications of different trust levels (e.g., private and corporate). We present the design and implementation of our framework, TrustDroid, which in contrast to existing solutions enables isolation at different layers of the Android software stack: (1) at the middleware layer to prevent inter-domain application communication and data access, (2) at the kernel layer to enforce mandatory access control on the file system and on Inter-Process Communication (IPC) channels, and (3) at the network layer to mediate network traffic. For instance, (3) allows network data to be only read by a particular domain, or enables basic context-based policies such as preventing Internet access by untrusted applications while an employee is connected to the company's network.
Our approach accurately addresses the demands of the business world, namely to isolate data and applications of different trust levels in a practical and lightweight way. Moreover, our solution is the first leveraging mandatory access control with TOMOYO Linux on a real Android device (Nexus One). Our evaluation demonstrates that TrustDroid only adds a negligible overhead, and in contrast to contemporary full virtualization, only minimally affects the battery's life-time.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2011 |
| Autor(en): | Bugiel, Sven ; Davi, Lucas ; Dmitrienko, Alexandra ; Heuser, Stephan ; Sadeghi, Ahmad-Reza ; Shastry, Bhargava |
| Art des Eintrags: | Bibliographie |
| Titel: | Practical and Lightweight Domain Isolation on Android |
| Sprache: | Deutsch |
| Publikationsjahr: | Oktober 2011 |
| Verlag: | ACM Press |
| Buchtitel: | Proceedings of the 1st ACM CCS Workshop on Security and Privacy in Mobile Devices (SPSM) |
| Zugehörige Links: | |
| Kurzbeschreibung (Abstract): | In this paper, we introduce a security framework for practical and lightweight domain isolation on Android to mitigate unauthorized data access and communication among applications of different trust levels (e.g., private and corporate). We present the design and implementation of our framework, TrustDroid, which in contrast to existing solutions enables isolation at different layers of the Android software stack: (1) at the middleware layer to prevent inter-domain application communication and data access, (2) at the kernel layer to enforce mandatory access control on the file system and on Inter-Process Communication (IPC) channels, and (3) at the network layer to mediate network traffic. For instance, (3) allows network data to be only read by a particular domain, or enables basic context-based policies such as preventing Internet access by untrusted applications while an employee is connected to the company's network. Our approach accurately addresses the demands of the business world, namely to isolate data and applications of different trust levels in a practical and lightweight way. Moreover, our solution is the first leveraging mandatory access control with TOMOYO Linux on a real Android device (Nexus One). Our evaluation demonstrates that TrustDroid only adds a negligible overhead, and in contrast to contemporary full virtualization, only minimally affects the battery's life-time. |
| Freie Schlagworte: | Security |
| ID-Nummer: | TUD-CS-2011-0218 |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Systemsicherheit LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt |
| Hinterlegungsdatum: | 04 Aug 2016 10:13 |
| Letzte Änderung: | 03 Jun 2018 21:31 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum