Publication Type
Conference Proceeding Article
Version
acceptedVersion
Publication Date
7-2019
Abstract
Android applications have been attractive targets to attackers due to the large number of users and the sensitive information they possess. After the success of the first step of an attack exploiting a software vulnerability, the consequential damage is primarily determined by the criticality and the amount of Android permissions that a victim application has. As a countermeasure, process separation techniques that isolate potentially vulnerable components — usually native libraries — from the critical data and permissions, have been proposed. However, existing techniques offer little flexibility in the separation, e.g., with all native code being placed into one process without considering its dependency with other (Java) components and the non-empty set of permissions needed. In this paper, we propose a flexible privilege separation system, named SplitSecond, that enables selective permission separation at the granularity of Java components and native methods. SplitSecond provides safety against the attacks by restricting permissions on a user selectable isolation unit. According to our case study and experimental evaluation on a real handset with SplitSecond adopted Android OS and 100 top-ranked Android applications, 59.59% of activities, 66.8% of native methods, and 47.49% of permissions on average are flexibly splittable by SplitSecond with moderate overhead.
Keywords
Android security, privilege separation, process isolation
Discipline
Information Security
Research Areas
Cybersecurity
Publication
2019 17th International Conference on Privacy, Security and Trust (PST): August 26-28, Fredericton, Canada, Proceedings
First Page
1
Last Page
10
ISBN
9781728132655
Identifier
10.1109/PST47121.2019.8949067
Publisher
IEEE
City or Country
Piscataway, NJ
Citation
LEE, Jehyun; VENKATESWARA RAJA, Akshaya Venkateswara; and GAO, Debin.
SplitSecond: Flexible privilege separation of Android apps. (2019). 2019 17th International Conference on Privacy, Security and Trust (PST): August 26-28, Fredericton, Canada, Proceedings. 1-10.
Available at: https://ink.library.smu.edu.sg/sis_research/4686
Copyright Owner and License
Authors
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1109/PST47121.2019.8949067