Idea: Callee-Site Rewriting of Sealed System Libraries
Inline reference monitoring instruments programs in order to enforce a security policy at runtime. This technique has become an essential tool to mitigate inherent security shortcomings of mobile platforms like Android. Unfortunately, rewriting all calls to security-relevant methods requires significant space and time, in particular if this process is performed on the phone. This work proposes a novel approach to inline reference monitoring that abstains from caller-site instrumentation even in the case where the monitored method is part of a sealed library. To that end we divert the control flow towards the security monitor by modifying references to security-relevant methods in the Dalvik Virtual Machine’s internal bytecode representation. This method is similar in spirit to modifying function pointers and effectively allows callee-site rewriting. Our initial empirical evaluation demonstrates that this approach incurs minimal runtime overhead.