(2017) The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android.
|
Text
appcompart.pdf Download (1MB) | Preview |
|
Other (Plain Text Bibliography)
bibliography.txt - Bibliography Download (5kB) |
Abstract
Third-party libraries are commonly used by app developers for alleviating the development efforts and for monetizing their apps. On Android, the host app and its third-party libraries reside in the same sandbox and share all privileges awarded to the host app by the user, putting the users' privacy at risk of intrusions by third-party libraries. In this paper, we introduce a new privilege separation approach for third-party libraries on stock Android. Our solution partitions Android applications at compile-time into isolated, privilege-separated compartments for the host app and the included third-party libraries. A particular benefit of our approach is that it leverages compiler-based instrumentation available on stock Android versions and thus abstains from modification of the SDK, the app bytecode, or the device firmware. A particular challenge for separating libraries from their host apps is the reconstruction of the communication channels and the preservation of visual fidelity between the now separated app and its libraries. We solve this challenge through new IPC-based protocols to synchronize layout and lifecycle management between different sandboxes. Finally, we demonstrate the efficiency and effectiveness of our solution by applying it to real world apps from the Google Play Store that contain advertisements.
Item Type: | Conference or Workshop Item (A Paper) (Paper) |
---|---|
Uncontrolled Keywords: | cispa, cispa:group:infsec |
Divisions: | Michael Backes (InfSec) |
Conference: | CCS ACM Conference on Computer and Communications Security |
Depositing User: | Sebastian Weisgerber |
Date Deposited: | 24 Oct 2017 13:32 |
Last Modified: | 18 Jul 2019 12:11 |
Primary Research Area: | NRA4: Secure Mobile and Autonomous Systems |
URI: | https://publications.cispa.saarland/id/eprint/1152 |
Actions
Actions (login required)
View Item |