Show simple item record

Dr. Android and Mr. Hide: Fine-grained security policies on unmodified Android

dc.contributor.authorJeon, Jinseong
dc.contributor.authorMicinski, Kristopher K.
dc.contributor.authorVaughan, Jeffrey A.
dc.contributor.authorReddy, Nikhilesh
dc.contributor.authorZhu, Yixin
dc.contributor.authorFoster, Jeffrey S.
dc.contributor.authorMillstein, Todd
dc.date.accessioned2012-07-11T19:44:57Z
dc.date.available2012-07-11T19:44:57Z
dc.date.issued2011-12-09
dc.identifier.urihttp://hdl.handle.net/1903/12852
dc.description.abstractGoogle’s Android platform includes a permission model that protects access to sensitive capabilities, such as Internet access, GPS use, and telephony. We have found that Android’s current permissions are often overly broad, providing apps with more access than they truly require. This deviation from least privilege increases the threat from vulnerabilities and malware. To address this issue, we present a novel system that can replace existing platform permissions with finer-grained ones. A key property of our approach is that it runs today, on stock Android devices, requiring no platform modifications. Our solution is composed of two parts: Mr. Hide, which runs in a separate process on a device and provides access to sensitive data as a service; and Dr. Android (Dalvik Rewriter for Android), a tool that transforms existing Android apps to access sensitive resources via Mr. Hide rather than directly through the system. Together, Dr. Android and Mr. Hide can completely remove several of an app’s existing permissions and replace them with finer-grained ones, leveraging the platform to provide complete mediation for protected resources. We evaluated our ideas on several popular, free Android apps. We found that we can replace many commonly used "dangerous" permissions with finer-grained permissions. Moreover, apps transformed to use these finer-grained permissions run largely as expected, with reasonable performance overhead.en_US
dc.language.isoen_USen_US
dc.relation.ispartofseriesUM Computer Science Department;CS-TR-5006
dc.titleDr. Android and Mr. Hide: Fine-grained security policies on unmodified Androiden_US
dc.typeTechnical Reporten_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record