Dr. Android and Mr. Hide: Fine-grained security policies on unmodified Android
Dr. Android and Mr. Hide: Fine-grained security policies on unmodified Android
Files
Publication or External Link
Date
2011-12-09
Authors
Jeon, Jinseong
Micinski, Kristopher K.
Vaughan, Jeffrey A.
Reddy, Nikhilesh
Zhu, Yixin
Foster, Jeffrey S.
Millstein, Todd
Advisor
Citation
DRUM DOI
Abstract
Google’s Android platform includes a permission model that protects
access to sensitive capabilities, such as Internet access, GPS use, and
telephony. We have found that Android’s current permissions are often
overly broad, providing apps with more access than they truly require.
This deviation from least privilege increases the threat from
vulnerabilities and malware. To address this issue, we present a novel
system that can replace existing platform permissions with finer-grained
ones. A key property of our approach is that it runs today, on stock
Android devices, requiring no platform modifications. Our solution is
composed of two parts: Mr. Hide, which runs in a separate process on a
device and provides access to sensitive data as a service; and Dr.
Android (Dalvik Rewriter for Android), a tool that transforms existing
Android apps to access sensitive resources via Mr. Hide rather than
directly through the system. Together, Dr. Android and Mr. Hide can
completely remove several of an app’s existing permissions and replace
them with finer-grained ones, leveraging the platform to provide
complete mediation for protected resources. We evaluated our ideas on
several popular, free Android apps. We found that we can replace many
commonly used "dangerous" permissions with finer-grained permissions.
Moreover, apps transformed to use these finer-grained permissions run
largely as expected, with reasonable performance overhead.