Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
8-2025
Abstract
We present Prism, an UI hardening technique for an Android app to safeguard its widgets against a corrupted kernel. Prism ensures secure interface rendering and allows for visual authentication, which developers could use to enable user intent confidentiality protection. Our design leverages the recent Android Virtualization Framework with minimal changes to the existing UI framework and graphics subsystem. It is much easier to deploy and use Prism on Android phones than TrustZone-based secure UI schemes, because the apps are not admitted to the Secure World and retain their full rights to manage and control their own interfaces. We have implemented the prototype of Prism and a test app on Google Pixel 7 and assessed its security, usability and performance with extensive experiments. The results successfully validate the strength of its security and show unnoticeable latency in most interface operations.
Keywords
UI security, ARM virtualization, Android Virtualization Framework
Discipline
Information Security
Areas of Excellence
Digital transformation
Publication
ASIA CCS '25: Proceedings of the 20th ACM Asia Conference on Computer and Communications Security, Hanoi, Vietnam, August 25-29
First Page
1567
Last Page
1581
Identifier
10.1145/3708821.3736205
Publisher
ACM
City or Country
New York
Citation
NG, YingTat; CHEN, Zhe; QIU, Haiqing; and DING, Xuhua.
PRISM: To fortify widget based user‑app data exchanges using Android virtualization framework. (2025). ASIA CCS '25: Proceedings of the 20th ACM Asia Conference on Computer and Communications Security, Hanoi, Vietnam, August 25-29. 1567-1581.
Available at: https://ink.library.smu.edu.sg/sis_research/10967
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1145/3708821.3736205