Skip to main content
SpringerLink
Log in

Compartmentation Policies for Android Apps: A Combinatorial Optimization Approach

  • Conference paper
  • First Online:
Book cover Network and System Security (NSS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9408))

Included in the following conference series:

Abstract

Some smartphone platforms such as Android have a distinctive message passing system that allows for sophisticated interactions among app components, both within and across app boundaries. This gives rise to various security and privacy risks, including not only intentional collusion attacks via permission re-delegation but also inadvertent disclosure of information and service misuse through confused deputy attacks. In this paper, we revisit the perils of app coexistence in the same platform and propose a risk mitigation mechanism based on segregating apps into isolated groups following classical security compartmentation principles. Compartments can be implemented using lightweight approaches such as Inter-Component Communication (ICC) firewalling or through virtualization, effectively fencing off each group of apps. We then leverage recent works on quantified risk metrics for Android apps to couch compartmentation as a combinatorial optimization problem akin to the classical bin packing or knapsack problems. We study a number of simple yet effective numerical optimization heuristics, showing that very good compartmentation solutions can be obtained for the problem sizes expected in current’s mobile environments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Suarez-Tangil, G., Tapiador, J.E., Peris, P., Ribagorda, A.: Evolution, detection and analysis of malware for smart devices. IEEE Communications Surveys & Tutorials 16(2), 961–987 (2014)

    Article  Google Scholar 

  2. Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions. In: USENIX Web Application Development. WebApps 2011, p. 7 (2011)

    Google Scholar 

  3. Chin, E., Felt, A., Greenwood, K., Wagner, D.: Analyzing inter-application communication in android. In: Mobile Sys., Apps., and Services, pp. 239–252. ACM (2011)

    Google Scholar 

  4. Felt, A., Wang, H., Moshchuk, A., Hanna, S., Chin, E.: Permission re-delegation: attacks and defenses. In: USENIX Security Symposium, pp. 1–16 (2011)

    Google Scholar 

  5. Chandra, S., Lin, Z., Kundu, A., Khan, L.: Towards a systematic study of the covert channel attacks in smartphones. Univ. of Texas, Technical report (2014)

    Google Scholar 

  6. Fang, Z., Han, W., Li, Y.: Permission based android security: Issues and countermeasures. Computers & Security 43, 205–218 (2014)

    Article  Google Scholar 

  7. Bugiel, S., Davi, L., Dmitrienko, A., Heuser, S., Sadeghi, A.R., Shastry, B.: Practical and lightweight domain isolation on android. In: Security and Privacy in Smartphones and Mobile Devices. SPSM 2011, pp. 51–62. ACM, New York (2011)

    Google Scholar 

  8. Samsung: White paper: An overview of samsung knox (April 2013). http://www.samsung.com/es/business-images/resource/white-paper/2014/02/Samsung_KNOX_whitepaper-0.pdf

  9. Jaramillo, D., Furht, B., Agarwal, A.: Mobile virtualization technologies. In: Virtualization Techniques for Mobile Systems, pp. 5–20. Springer (2014)

    Google Scholar 

  10. Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., Wallach, D.S.: QUIRE: lightweight provenance for smart phone operating systems. In: USENIX Security, p. 16 (2011)

    Google Scholar 

  11. Enck, W., Gilbert, P., Chun, B., Cox, L., Jung, J., McDaniel, P., Sheth, A.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: USENIX OS Design and Implementation, pp. 1–6 (2010)

    Google Scholar 

  12. Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications. In: Computer and Communications Security, pp. 639–652. ACM (2011)

    Google Scholar 

  13. Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.: Xmandroid: A new android evolution to mitigate privilege escalation attacks. Technical report, Technische Universitat Darmstadt (2011)

    Google Scholar 

  14. Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. SPSM 2011, NY, USA, pp. 3–14 (2011)

    Google Scholar 

  15. Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, pp. 281–294. ACM (2012)

    Google Scholar 

  16. Peng, H., Gates, C., Sarma, B., Li, N., Qi, Y., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Using probabilistic generative models for ranking risks of android apps. In: Computer and Communications Security, pp. 241–252. ACM (2012)

    Google Scholar 

  17. Gates, C., Li, N., Peng, H., Sarma, B., Qi, Y., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Generating summary risk scores for mobile applications. IEEE Transactions on Dependable and Secure Computing 11(3), 238–251 (2014)

    Article  Google Scholar 

  18. Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., Zhang, X.: Exploring permission-induced risk in android applications for malicious application detection. IEEE Transactions on Information Forensics and Security 9(11), 1869–1882 (2014)

    Article  Google Scholar 

  19. Brewer, D.F.C., Nash, M.J.: The chinese wall security policy. In: IEEE Symposium on Security and Privacy, Oakland, CA, USA, 206–214 (1989)

    Google Scholar 

  20. Wang, Y., Zheng, J., Sun, C., Mukkamala, S.: Quantitative security risk assessment of android permissions and applications. In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 226–241. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  21. Chakradeo, S., Reaves, B., Traynor, P., Enck, W.: Mast: triage for market-scale mobile malware analysis. In: Security and Privacy in Wireless and Mobile Networks. WiSec 2013, pp. 13–24. ACM, NY (2013)

    Google Scholar 

  22. Nielsen: Smartphones: so many apps, so much time (July 2014). (last visited October 2014)

    Google Scholar 

  23. Martello, S., Toth, P.: Knapsack Problems: Algorithms and Computer Implementations. J. Wiley & Sons (1990)

    Google Scholar 

  24. Sindelar, M., Sitaraman, R.K., Shenoy, P.J.: Sharing-aware algorithms for virtual machine colocation. In: ACM Symposium on Parallelism in Algorithms and Architectures, pp. 367–378 (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Universidad Carlos III de Madrid, Leganes, Spain

    Guillermo Suarez-Tangil, Juan E. Tapiador & Pedro Peris-Lopez

Authors
  1. Guillermo Suarez-Tangil
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Juan E. Tapiador
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pedro Peris-Lopez
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Juan E. Tapiador .

Editor information

Editors and Affiliations

  1. Apt. 2A, NEW YORK, New York, USA

    Meikang Qiu

  2. University of Texas, San Antonio, Texas, USA

    Shouhuai Xu

  3. Dept. of Computer Science, Columbia University, New York, New York, USA

    Moti Yung

  4. University of Otago, Dunedin, New Zealand

    Haibo Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Suarez-Tangil, G., Tapiador, J.E., Peris-Lopez, P. (2015). Compartmentation Policies for Android Apps: A Combinatorial Optimization Approach. In: Qiu, M., Xu, S., Yung, M., Zhang, H. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science(), vol 9408. Springer, Cham. https://doi.org/10.1007/978-3-319-25645-0_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25645-0_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25644-3

  • Online ISBN: 978-3-319-25645-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation