Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

SplitDroid: Isolated Execution of Sensitive Components for Mobile Applications

  • Conference paper
Security and Privacy in Communication Networks (SecureComm 2015)

Abstract

Although many approaches have been proposed to protect mobile privacy through techniques such as isolated execution, existing mechanisms typically work at the app-level. As many apps themselves might contain vulnerability, it is desirable to split the execution of an app into normal components and sensitive components, such that the execution of sensitive components of an app can be isolated and their private data are protected from accesses by the normal components.

This paper proposes SplitDroid, an OS-level virtualization technique to support the split-execution of an app in order to isolate the execution of sensitive components and protect its private data. SplitDroid is enabled by porting the Linux Container to the Android environment and the ability to split Android apps through programming and runtime support. We also introduce a secure network channel to allow communication between the isolated component and normal Android apps, such that non-privacy-related information can be interchanged to ensure its correct execution. Finally, we demonstrate the feasibility and effectiveness of SplitDroid through a case study.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. AnTuTu benchmark. http://www.antutu.com/

  2. Google Play has more apps than apple now, but it’s still behind in one key area. http://www.businessinsider.com/google-play-vs-apple-app-store-2015-2

  3. Linux Container. http://lxc.sourceforge.net/

  4. Andrus, J., Dall, C., Hof, A.V., Laadan, O., Nieh, J.: Cells: a virtual mobile smartphone architecture. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pp. 173–187. ACM (2011)

    Google Scholar 

  5. Barr, K., Bungale, P., Deasy, S., Gyuris, V., Hung, P., Newell, C., Tuch, H., Zoppis, B.: The VMware mobile virtualization platform: is that a hypervisor in your pocket? ACM SIGOPS Operating Systems Review44(4), 124–135 (2010)

    Article  Google Scholar 

  6. Bugiel, S., Davi, L., Dmitrienko, A., Heuser, S., Sadeghi, A.R., Shastry, B.: Practical and lightweight domain isolation on Android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 51–62. ACM (2011)

    Google Scholar 

  7. Chun, B.G., Ihm, S., Maniatis, P., Naik, M., Patti, A.: CloneCloud: elastic execution between mobile device and cloud. In: Proceedings of the Sixth Conference on Computer Systems, EuroSys 2011, pp. 301–314 (2011)

    Google Scholar 

  8. Dam, M., Le Guernic, G., Lundblad, A.: TreeDroid: a tree automaton based approach to enforcing data processing policies. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 894–905. ACM (2012)

    Google Scholar 

  9. Diesburg, S.M., Wang, A.I.A.: A survey of confidential data storage and deletion methods. ACM Computing Surveys (CSUR)43(1), 2 (2010)

    Article  Google Scholar 

  10. Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS)32(2), 5 (2014)

    Article  Google Scholar 

  11. Gordon, M.S., Jamshidi, D.A., Mahlke, S.A., Mao, Z.M., Chen, X.: COMET: code offload by migrating execution transparently. In: OSDI, pp. 93–106 (2012)

    Google Scholar 

  12. Heiser, G., Leslie, B.: The OKL4 microvisor: convergence point of microkernels and hypervisors. In: Proceedings of the First ACM Asia-Pacific Workshop on Workshop on Systems, pp. 19–24. ACM (2010)

    Google Scholar 

  13. Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting Android to protect data from imperious applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 639–652. ACM (2011)

    Google Scholar 

  14. Hwang, J.Y., Suh, S.B., Heo, S.K., Park, C.J., Ryu, J.M., Park, S.Y., Kim, C.R.: Xen on ARM: system virtualization using Xen hypervisor for ARM-based secure mobile phones. In: 5th IEEE Consumer Communications and Networking Conference, CCNC 2008, pp. 257–261. IEEE (2008)

    Google Scholar 

  15. Kantola, D., Chin, E., He, W., Wagner, D.: Reducing attack surfaces for intra-application communication in Android. In: Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 69–80. ACM (2012)

    Google Scholar 

  16. Lange, M., Liebergeld, S., Lackorzynski, A., Warg, A., Peter, M.: L4Android: a generic operating system framework for secure smartphones. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 39–50. ACM (2011)

    Google Scholar 

  17. Li, X., Hu, H., Bai, G., Jia, Y., Liang, Z., Saxena, P.: DroidVault: a trusted data vault for Android devices. In: 2014 19th International Conference on Engineering of Complex Computer Systems (ICECCS), pp. 29–38. IEEE (2014)

    Google Scholar 

  18. Nauman, M., Khan, S., Zhang, X.: Apex: extending Android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 328–332. ACM (2010)

    Google Scholar 

  19. Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in Android. Security and Communication Networks5(6), 658–673 (2012)

    Article  Google Scholar 

  20. Pearce, P., Felt, A.P., Nunez, G., Wagner, D.: AdDroid: privilege separation for applications and advertisers in Android. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2012, Seoul, Korea (2012)

    Google Scholar 

  21. Roesner, F., Kohno, T.: Securing embedded user interfaces: Android and beyond. In: Presented as Part of the 22nd USENIX Security Symposium (USENIX Security 2013), Washington, D.C., pp. 97–112 (2013)

    Google Scholar 

  22. Russello, G., Conti, M., Crispo, B., Fernandes, E.: MOSES: supporting operation modes on smartphones. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, pp. 3–12. ACM (2012)

    Google Scholar 

  23. Santos, N., Raj, H., Saroiu, S., Wolman, A.: Trusted language runtime (TLR): enabling trusted applications on smartphones. In: Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, pp. 21–26. ACM (2011)

    Google Scholar 

  24. Shekhar, S., Dietz, M., Wallach, D.S.: AdSplit: separating smartphone advertising from applications. In: Presented as Part of the 21st USENIX Security Symposium (USENIX Security 2012), Bellevue, WA, pp. 553–567 (2012)

    Google Scholar 

  25. Wu, C., Zhou, Y., Patel, K., Liang, Z., Jiang, X.: Airbag: boosting smartphone resistance to malware infection. In: Proceedings of the Network and Distributed System Security Symposium (2014)

    Google Scholar 

  26. Xia, Y., Liu, Y., Tan, C., Ma, M., Guan, H., Zang, B., Chen, H.: TinMan: eliminating confidential mobile data exposure with security oriented offloading. In: Proceedings of the Tenth European Conference on Computer Systems, pp. 27. ACM (2015)

    Google Scholar 

  27. Xu, R., Saïdi, H., Anderson, R.: Aurasium: practical policy enforcement for Android applications. In: USENIX Security Symposium, pp. 539–552 (2012)

    Google Scholar 

  28. Yuan, P., Guo, Y., Chen, X.: Uniport: a uniform programming support framework for mobile cloud computing. In: The 3rd IEEE International Conference on Mobile Cloud Computing, Services and Engineering, MobileCloud 2015 (2015)

    Google Scholar 

  29. Zhang, Y., Huang, G., Liu, X., Zhang, W., Mei, H., Yang, S.: Refactoring Android java code for on-demand computation offloading. In: OOPSLA 2012, pp. 233–248. ACM (2012)

    Google Scholar 

  30. Zhou, Y., Jiang, X.: Dissecting Android malware: characterization and evolution. In: IEEE S&P, pp. 95–109. IEEE (2012)

    Google Scholar 

  31. Zhou, Y., Patel, K., Wu, L., Wang, Z., Jiang, X.: Hybrid user-level sandboxing of third-party Android apps. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2015, Singapore, Republic of Singapore, pp. 19–30 (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Key Laboratory of High Confidence Software Technologies (Ministry of Education), Institute of Software, School of EECS, Peking University, Beijing, China

    Lin Yan, Yao Guo & Xiangqun Chen

Authors
  1. Lin Yan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yao Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiangqun Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yao Guo .

Editor information

Editors and Affiliations

  1. The University of Texas at Dallas, Richardson, Texas, USA

    Bhavani Thuraisingham

  2. Indiana University at Bloomington, Bloomington, Indiana, USA

    XiaoFeng Wang

  3. SRI International, Menlo Park, California, USA

    Vinod Yegneswaran

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Yan, L., Guo, Y., Chen, X. (2015). SplitDroid: Isolated Execution of Sensitive Components for Mobile Applications. In: Thuraisingham, B., Wang, X., Yegneswaran, V. (eds) Security and Privacy in Communication Networks. SecureComm 2015. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 164. Springer, Cham. https://doi.org/10.1007/978-3-319-28865-9_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-28865-9_5

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-28864-2

  • Online ISBN: 978-3-319-28865-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation