Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust and Trustworthy Computing

Trust 2011: Trust and Trustworthy Computing pp 108–115Cite as

Towards Permission-Based Attestation for the Android Platform

(Short Paper)

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6740))

Abstract

We propose a new attestation approach for the Android platform that integrates Trusted Computing concepts and Android’s permission-based access control features. Recent research in the field of mobile security has shown that malware is a real threat. Trusted Computing in general and especially the concept of remote attestation can be leveraged to counter both the dissemination and the potential impact of such malware. However, current attestation approaches are not well suited for mobile platforms and crucial Trusted Computing components are still missing for them. Our approach introduces the necessary Trusted Computing building blocks for the Android platform. Furthermore, we detail how the permissions that are used by an Android phone’s installed apps can be attested to a remote party at runtime. Additionally, we highlight areas that are subject of future work.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Cai, L., Machiraju, S., Chen, H.: Defending against sensor-sniffing attacks on mobile phones. In: Proceedings of the 1st ACM Workshop on Networking, systems, and Applications for Mobile Handhelds - MobiHeld 2009, p. 31 (2009), http://portal.acm.org/citation.cfm?doid=1592606.1592614

  2. Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 235–245. ACM, New York (2009)

    Google Scholar 

  3. Sadeghi, A.-R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: Proceedings of the 2004 Workshop on New Security Paradigms, NSPW 2004, pp. 67–77. ACM, New York (2004)

    Google Scholar 

  4. Schlegel, R., Zhang, K., Zhou, X., Intwala, M., Kapadia, A., Wang, X.: Soundminer: A Stealthy and Context-Aware Sound Trojan for Smartphones. In: Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS), pp. 17–33 (Febraury 2011)

    Google Scholar 

  5. Strasser, M., Stamer, H.: A software-based trusted platform module emulator. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 33–47. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  6. TCG Mobile Phone Work Group: Mobile Trusted Module Specification, Version 1.0 Revision 7.02 (April 2010), http://www.trustedcomputinggroup.org/resources/mobile_phone_work_group_mobile_trusted_module_specification

  7. The H Security: Android app steals bank login details (January 2010), http://www.h-online.com/security/news/item/Android-app-steals-bank-login-details-901895.html (accessed on February 27, 2011)

  8. The H Security: First SMS trojan for Android detected (August 2010), http://www.h-online.com/security/news/item/First-SMS-trojan-for-Android-detected-1053466.html (accessed on February 27, 2011)

  9. Thumher, B.: The impact of mobile technology on business processes results from 5 case studies. In: 2nd IEEE/IFIP International Workshop on Business-Driven IT Management, BDIM 2007, (21-21 2007), pp. 108–109 (2007)

    Google Scholar 

  10. Xu, N., Zhang, F., Luo, Y., Jia, W., Xuan, D., Teng, J.: Stealthy video capturer: a new video-based spyware in 3g smartphones. In: Proceedings of the Second ACM Conference on Wireless Network Security, WiSec 2009, pp. 69–78. ACM, New York (2009)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Trust@FHH Research Group, Fachhochschule Hannover, University of Applied Sciences and Arts, Hannover, Germany

    Ingo Bente, Bastian Hellmann, Joerg Vieweg, Josef von Helden & Johannes Westhuis

  2. Fraunhofer SIT, Darmstadt, Germany

    Stephan Heuser

  3. Universitaet der Bundeswehr Muenchen, Germany

    Gabi Dreo

Authors
  1. Ingo Bente
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gabi Dreo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bastian Hellmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Stephan Heuser
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Joerg Vieweg
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Josef von Helden
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Johannes Westhuis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Carnegie Mellon University, 5000 Forbes Ave, 15213, Pittsburgh, PA, USA

    Jonathan M. McCune  & Adrian Perrig  & 

  2. Hewlett-Packard Labs, Long Down Ave, BS34 8QZ, Stoke Gifford, Bristol, UK

    Boris Balacheff

  3. TU Darmstadt / Fraunhofer SIT, Mornewegstr.32, 64293, Darmstadt, Germany

    Ahmad-Reza Sadeghi

  4. University College London, Gower Street, WC1E 6BT, London, UK

    Angela Sasse

  5. Hewlett Packard Labs, Long Down Ave, BS34 8QZ, Stoke Gifford, Bristol, UK

    Yolanta Beres

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bente, I. et al. (2011). Towards Permission-Based Attestation for the Android Platform. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, AR., Sasse, A., Beres, Y. (eds) Trust and Trustworthy Computing. Trust 2011. Lecture Notes in Computer Science, vol 6740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21599-5_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21599-5_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21598-8

  • Online ISBN: 978-3-642-21599-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation