Digital Repository at the University of Maryland (DRUM)  >
College of Computer, Mathematical & Natural Sciences  >
Computer Science  >
Technical Reports of the Computer Science Department 

Please use this identifier to cite or link to this item: http://hdl.handle.net/1903/12852

Title: Dr. Android and Mr. Hide: Fine-grained security policies on unmodified Android
Authors: Jeon, Jinseong
Micinski, Kristopher K.
Vaughan, Jeffrey A.
Reddy, Nikhilesh
Zhu, Yixin
Foster, Jeffrey S.
Millstein, Todd
Type: Technical Report
Issue Date: 9-Dec-2011
Series/Report no.: UM Computer Science Department;CS-TR-5006
Abstract: Google’s Android platform includes a permission model that protects access to sensitive capabilities, such as Internet access, GPS use, and telephony. We have found that Android’s current permissions are often overly broad, providing apps with more access than they truly require. This deviation from least privilege increases the threat from vulnerabilities and malware. To address this issue, we present a novel system that can replace existing platform permissions with finer-grained ones. A key property of our approach is that it runs today, on stock Android devices, requiring no platform modifications. Our solution is composed of two parts: Mr. Hide, which runs in a separate process on a device and provides access to sensitive data as a service; and Dr. Android (Dalvik Rewriter for Android), a tool that transforms existing Android apps to access sensitive resources via Mr. Hide rather than directly through the system. Together, Dr. Android and Mr. Hide can completely remove several of an app’s existing permissions and replace them with finer-grained ones, leveraging the platform to provide complete mediation for protected resources. We evaluated our ideas on several popular, free Android apps. We found that we can replace many commonly used "dangerous" permissions with finer-grained permissions. Moreover, apps transformed to use these finer-grained permissions run largely as expected, with reasonable performance overhead.
URI: http://hdl.handle.net/1903/12852
Appears in Collections:Technical Reports of the Computer Science Department

Files in This Item:

File Description SizeFormatNo. of Downloads
CS-TR-5006.pdf419.25 kBAdobe PDF527View/Open

All items in DRUM are protected by copyright, with all rights reserved.

 

DRUM is brought to you by the University of Maryland Libraries
University of Maryland, College Park, MD 20742-7011 (301)314-1328.
Please send us your comments