research-article

FireDroid: hardening security in almost-stock Android

Authors:

Giovanni Russello,

Arturo Blas Jimenez,

Wannes van der MarkAuthors Info & Claims

ACSAC '13: Proceedings of the 29th Annual Computer Security Applications Conference

Pages 319 - 328

https://doi.org/10.1145/2523649.2523678

Published: 09 December 2013 Publication History

Abstract

Malware poses a serious threat to Android smartphones. Current security mechanisms offer poor protection and are often too inflexible to quickly mitigate new exploits. In this paper we present FireDroid, a policy-based framework for enforcing security policies by interleaving process system calls. The main advantage of FireDroid is that it is completely transparent to the applications as well as to the Android OS. FireDroid enforces security policies without modifying either the Android OS or its applications. FireDroid is able to perform security checks on third-party and pre-installed applications, as well as malicious native code. We have implemented a novel mechanism that is able to attach, identify, monitor and enforce polices for any process spawned by the Android's mother process Zygote. We have tested the effectiveness of FireDroid against real malware. Moreover, we show how FireDroid can be used as a swift solution for blocking OS and application vulnerabilities before patches are available. Finally, we provide an experimental evaluation of our approach showing that it has only a limited overhead. Given these facts, FireDroid represents a practical solution for strengthening security on Android smartphones.

References

[1]

http://www.gartner.com/it/page.jsp?id= 2227215.

[2]

http://www.gartner.com/newsroom/id/2482816.

[3]

http://news.cnet.com/8301-1035_3-57545513-94/five-years-of-android-by-the-numbers/.

[4]

http://www.appbrain.com/stats/number-of-android-apps.

[5]

http://www.ibtimes.co.uk/articles/401395/20121105/android-malware-increae-ten-fold.htm.

[6]

http://www.computerworld.com/s/article/9231758/USSD_attack_hit_SIM_cards_and_Samsung_Android_devices.

[7]

http://theunderstatement.com/post/11982112928/android-orphans-visualizing-a-sad_history-of-support.

[8]

http://www.angryredplanet.com/~hackbod/openbinder/docs/html/BinderIPCMechanism.html.

[9]

http://www.citi.umich.edu/u/provos/systrace/index.html.

[10]

http://en.wikipedia.org/wiki/Magnuson%E2%80%93Moss_Warranty_Act.

[11]

http://eur-lex.europa.eu/Notice.do?val=330258:cs&lang=en&list=340508:cs,330258:cs,&pos=2&page=1&nbl=2&pgs=10&hwords=&checktexte=checkbox&visu=#texte.

[12]

http://www.malgenomeproject.org/.

[13]

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2094.

[14]

http://source.android.com/compatibility/overview.html.

[15]

http://static.googleusercontent.com/external_content/untrusted_dlcp/source.android.com/en//compatibility/4.2/android-4.2-cdd.pdf.

[16]

http://tomoyo.sourceforge.jp/.

[17]

Android Project. http://www.android.com.

[18]

Andrus, J., Dall, C., and et al. Cells: a virtual mobile smartphone architecture. In Proc. of the 23th ACM Symposium on OS Principles (New York, NY, USA, 2011), ACM, pp. 173--187.

Digital Library

[19]

Backes, M., Gerling, S., and et al. Appguard - real-time policy enforcement for third-party applications. Tech. Rep. A/02/2012, Saarland Uni., Germany, 2012.

[20]

Beresford, A. R., Rice, A., and Skehin, N. Mock-Droid: trading privacy for application functionality on smartphones. In Proc. HotMobile '11 (2011).

Digital Library

[21]

Bugiel, S., Davi, L., and et al. Practical and lightweight domain isolation on android. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (2011), pp. 51--62.

Digital Library

[22]

Bugiel, S., Davi, L., and et al. Towards taming privilege-escalation attacks on Android. In Proc. of the 19th Annual Network & Distributed System Security Symposium (Feb. 2012).

[23]

Chin, E., Felt, A. P., and et al. Analyzing inter-application communication in android. In Proc. of the 9th international conf. on Mobile systems, applications, and services (New York, NY, USA, 2011), ACM, pp. 239--252.

Digital Library

[24]

Conti, M., Nguyen, V. T. N., and Crispo, B. Crepe: context-related policy enforcement for android. In Proc. of the 13th international conf. on Information security (Berlin, Heidelberg, 2011), Springer-Verlag, pp. 331--345.

Digital Library

[25]

Davi, L., Dmitrienko, A., and et al. Privilege escalation attacks on android. In Proc. of the 13th international conf. on Information security (2011), pp. 346--360.

Digital Library

[26]

Davis, B., Sanders, B., and et al. I-arm-droid: A rewriting framework for in-app reference monitors for android applications. IEEE Mobile Security Technologies, San Francisco, CA (2012).

[27]

Dietz, M., Shekhar, S., and et al. Quire: Lightweight provenance for smart phone operating systems. In 20th USENIX Security Symposium (2011).

Digital Library

[28]

Enck, W., Gilbert, P., and et al. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In Proc. of OSDI 2010 (Oct. 2010).

Digital Library

[29]

Enck, W., Octeau, D., and et al. A study of android application security. In Proc. of the 20th USENIX conf. on Security (San Francisco, CA, 2011), pp. 21--21.

Digital Library

[30]

Enck, W., Ongtang, M., and McDaniel, P. On lightweight mobile phone application certification. In Proc. CCS '09 (2009), pp. 235--245.

Digital Library

[31]

Enck, W., Ongtang, M., and McDaniel, P. Understanding android security. IEEE Security and Privacy 7, 1 (Jan. 2009), 50--57.

Digital Library

[32]

Felt, A. P., Chin, E., and et al. Android permissions demystified. In Proc. of the 18th ACM conf. on Computer and communications security (New York, NY, USA, 2011), ACM, pp. 627--638.

Digital Library

[33]

Felt, A. P., Finifter, M., and et al. A survey of mobile malware in the wild. In Proc. of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (New York, NY, USA, 2011), ACM, pp. 3--14.

Digital Library

[34]

Garfinkel, T. Traps and pitfalls: Practical problems in system call interposition based security tools. In In Proc. Network and Distributed Systems Security Symposium (2003), pp. 163--176.

[35]

Grace, M., Zhou, Y., and et al. Riskranker: scalable and accurate zero-day android malware detection. In Proc. of the 10th international conf. on Mobile systems, applications, and services (New York, NY, USA, 2012), ACM, pp. 281--294.

Digital Library

[36]

Grace, M., Zhou, Y., and et al. Systematic detection of capability leaks in stock Android smartphones. In Proceedings of the 19th Network and Distributed System Security Symposium (NDSS) (Feb. 2012).

[37]

Hornyack, P., Han, S., and et al. These aren't the droids you're looking for": Retroffiting android to protect data from imperious applications. In 18th ACM Conf. on Computer and Communications Security (CCS'11) (2011).

Digital Library

[38]

Jeon, J., Micinski, K. K., and et al. Dr. android and mr. hide: fine-grained permissions in android applications. In Proc. of the 2nd ACM workshop on Security and privacy in smartphones and mobile devices (New York, NY, USA, 2012), ACM, pp. 3--14.

Digital Library

[39]

Lange, M., Liebergeld, S., and et al. L4android: a generic operating system framework for secure smartphones. In Proc. of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (Chicago, USA, 2011), ACM, pp. 39--50.

Digital Library

[40]

Nauman, M., Khan, S., and Zhang, X. Apex: extending android permission model and enforcement with user-defined runtime constraints. In Proc. ASIACCS '10 (2010), pp. 328--332.

Digital Library

[41]

Peng, H., Gates, C. S., and et al. Using probabilistic generative models for ranking risks of android apps. In the ACM Conf. on Computer and Communications Security, CCS'12, Raleigh, NC, USA, Oct. 16-18, 2012 (2012), pp. 241--252.

Digital Library

[42]

Provos, N. Improving host security with system call policies. In Proc. of the 12th conf. on USENIX Security Symposium (Washington, DC, 2003), vol. 12, pp. 18--18.

Digital Library

[43]

Rastogi, V., Chen, Y., and Jiang, X. Droidchameleon: evaluating android anti-malware against transformation attacks. In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security (New York, NY, USA, 2013), ASIA CCS '13, ACM, pp. 329--334.

Digital Library

[44]

Reddy, N., Jeon, J., and et al. Application-centric security policies on unmodified Android. Tech. Rep. UCLA TR 110017, University of California, LA, Computer Science Department, July 2011.

[45]

Russello, G., Conti, M., and et al. Moses: supporting operation modes on smartphones. In SACMAT (2012), V. Atluri, J. Vaidya, and et al., Eds., ACM, pp. 3--12.

Digital Library

[46]

Shabtai, A., Fledel, Y., and et al. Google android: A comprehensive security assessment. IEEE Security and Privacy 8 (2010), 35--44.

Digital Library

[47]

Smalley, S., and Craig, R. Security enhanced (se) android: Bringing flexible mac to android. In Proc. of the 20th Network and Distributed System Security Symposium (NDSS 2013) (2013).

[48]

Wagner, D. A. Janus: an approach for confinement of untrusted applications. Tech. Rep. UCB/CSD-99-1056, EECS Department, University of California, 1999.

Digital Library

[49]

Xu, R., and Anderson, H. S. R. Aurasium: Practical policy enforcement for android applications. In Proceedings of the 21st conf. on USENIX Security Symposium (2012), vol. 21.

Digital Library

[50]

Zhou, W., Zhou, Y., and et al. Detecting repackaged smartphone applications in third-party android marketplaces. In Proc. of the 2nd ACM conf. on Data and Application Security and Privacy (New York, NY, USA, 2012), ACM, pp. 317--326.

Digital Library

[51]

Zhou, Y., and Jiang, X. Dissecting android malware: Characterization and evolution. In IEEE Symposium on Security and Privacy (2012), pp. 95--109.

Digital Library

[52]

Zhou, Y., Wang, Z., and et al. Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets. In Proc. of the 19th Annual Network & Distributed System Security Symposium (Feb. 2012).

[53]

Zhou, Y., Zhang, X., and et al. Taming Information-Stealing Smartphone Applications (on Android). In Proc. TRUST 2011 (2011).

Digital Library

Cited By

Geetha BBhuva DBhuva ATrivedi MSathe DSinghal R(2024)Fortifying IoT: A Cybersecurity Model for Secure Implementation2024 7th International Conference on Contemporary Computing and Informatics (IC3I)10.1109/IC3I61595.2024.10829198(415-420)Online publication date: 18-Sep-2024
https://doi.org/10.1109/IC3I61595.2024.10829198
Senanayake JKalutarage HAl-Kadri MPetrovski APiras L(2023)Android Source Code Vulnerability Detection: A Systematic Literature ReviewACM Computing Surveys10.1145/355697455:9(1-37)Online publication date: 16-Jan-2023
https://dl.acm.org/doi/10.1145/3556974
Ahmad MBergadano FCostamagna VCrispo BRussello G(2023)AppBox: A Black-Box Application Sandboxing Technique for Mobile App Management Solutions2023 IEEE Symposium on Computers and Communications (ISCC)10.1109/ISCC58397.2023.10217861(1-7)Online publication date: 9-Jul-2023
https://doi.org/10.1109/ISCC58397.2023.10217861
Show More Cited By

Index Terms

FireDroid: hardening security in almost-stock Android
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Information flow control
    2. Operating systems security

Recommendations

NJAS: Sandboxing Unmodified Applications in non-rooted Devices Running stock Android
SPSM '15: Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices

Malware poses a serious threat to the Android ecosystem. Moreover, even benign applications can sometimes constitute security and privacy risks to their users, as they might contain vulnerabilities, or they might perform unwanted actions. Previous ...
Switchblade: enforcing dynamic personalized system call models
Eurosys '08: Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008

System call interposition is a common approach to restrict the power of applications and to detect code injections. It enforces a model that describes what system calls and/or what sequences thereof are permitted. However, there exist various issues ...
Switchblade: enforcing dynamic personalized system call models
EuroSys '08

System call interposition is a common approach to restrict the power of applications and to detect code injections. It enforces a model that describes what system calls and/or what sequences thereof are permitted. However, there exist various issues ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSAC '13: Proceedings of the 29th Annual Computer Security Applications Conference

December 2013

374 pages

ISBN:9781450320153

DOI:10.1145/2523649

Conference Chair:
Charles N. Payne
Adventium Labs

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

ACSA: Applied Computing Security Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 December 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Auckland UniServices Limited

Conference

ACSAC '13

Sponsor:

ACSA

ACSAC '13: Annual Computer Security Applications Conference

December 9 - 13, 2013

Louisiana, New Orleans, USA

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

43
Total Citations
View Citations
1,188
Total Downloads

Downloads (Last 12 months)17
Downloads (Last 6 weeks)3

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Geetha BBhuva DBhuva ATrivedi MSathe DSinghal R(2024)Fortifying IoT: A Cybersecurity Model for Secure Implementation2024 7th International Conference on Contemporary Computing and Informatics (IC3I)10.1109/IC3I61595.2024.10829198(415-420)Online publication date: 18-Sep-2024
https://doi.org/10.1109/IC3I61595.2024.10829198
Senanayake JKalutarage HAl-Kadri MPetrovski APiras L(2023)Android Source Code Vulnerability Detection: A Systematic Literature ReviewACM Computing Surveys10.1145/355697455:9(1-37)Online publication date: 16-Jan-2023
https://dl.acm.org/doi/10.1145/3556974
Ahmad MBergadano FCostamagna VCrispo BRussello G(2023)AppBox: A Black-Box Application Sandboxing Technique for Mobile App Management Solutions2023 IEEE Symposium on Computers and Communications (ISCC)10.1109/ISCC58397.2023.10217861(1-7)Online publication date: 9-Jul-2023
https://doi.org/10.1109/ISCC58397.2023.10217861
V.T JAmala Bai V(2023)Analysis of Security and Privacy Challenges Associated with Byod in the Education Sector: State-of-the-Art Strategy2023 7th International Conference on Trends in Electronics and Informatics (ICOEI)10.1109/ICOEI56765.2023.10125767(665-675)Online publication date: 11-Apr-2023
https://doi.org/10.1109/ICOEI56765.2023.10125767
Tyagi VSingh RTripathi AAgarwal VPandey S(2022)An Android App Permission Analysis for User Privacy and SecurityFuturistic Trends for Sustainable Development and Sustainable Ecosystems10.4018/978-1-6684-4225-8.ch006(89-103)Online publication date: 24-Jun-2022
https://doi.org/10.4018/978-1-6684-4225-8.ch006
Hung HLiu YSani A(2022)SifterProceedings of the 28th Annual International Conference on Mobile Computing And Networking10.1145/3495243.3560548(623-635)Online publication date: 14-Oct-2022
https://dl.acm.org/doi/10.1145/3495243.3560548
Niu YLei LWang YChang JJia SKou C(2020)SASAK: Shrinking the Attack Surface for Android Kernel with Stricter “seccomp” Restrictions2020 16th International Conference on Mobility, Sensing and Networking (MSN)10.1109/MSN50589.2020.00070(387-394)Online publication date: Dec-2020
https://doi.org/10.1109/MSN50589.2020.00070
Zungur OSuarez-Tangil GStringhini GEgele M(2019)BorderPatrol: Securing BYOD using Fine-Grained Contextual Information2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN.2019.00054(460-472)Online publication date: Jun-2019
https://doi.org/10.1109/DSN.2019.00054
Muthumanickam KSenthil Mahesh P(2019)A collaborative policy-based security scheme to enforce resource access controlling mechanismWireless Networks10.1007/s11276-019-01984-xOnline publication date: 2-Apr-2019
https://doi.org/10.1007/s11276-019-01984-x
Botacin MGeus Pgrégio A(2018)Who Watches the WatchmenACM Computing Surveys10.1145/319967351:4(1-34)Online publication date: 13-Jul-2018
https://dl.acm.org/doi/10.1145/3199673
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten