Abstract
We introduce Kynoid, a real-time monitoring and enforcement framework for Android. Kynoid is based on user-defined security policies which are defined for data-items. This allows users to define temporal, spatial, and destination constraints which have to hold for single items. We introduce an innovative approach to allow for the real-time tracking and enforcement of such policies. In this way, Kynoid is the first extension of Android which enables the sharing of resources while respecting individual security policies for the data-items stored in these resources. We outline Kynoid’s architecture, present its operation and discuss it in terms of applicability, performance, and usability. By providing a proof-of-concept implementation we further show the feasibility of our framework.
Chapter PDF
Similar content being viewed by others
References
Apple Inc.: Security Overview. Tech. rep., Cupertino, CA, USA (2010)
Castrucci, A., Martinelli, F., Mori, P., Roperti, F.: Enhancing Java ME Security Support with Resource Usage Monitoring. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 256–266. Springer, Heidelberg (2008)
Costa, G., Lazouski, A., Dragoni, N., Saadi, R., Ingegneria, D.: Security-by-Contract-with-Trust for Mobile Devices. Journal of Wireless Mobile Networks, Ubiquitous Computing and Dependable Applications (JoWUA) 1, 75–91 (2010)
Desmet, L., Joosen, W., Massacci, F., Philippaerts, P., Piessens, F., Siahaan, I., Vanoverberghe, D.: Security-by-contract on the.NET platform. Information Security Technical Report 13(1), 25–32 (2008)
Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In: Proceedings of OSDI 2010, pp. 1–6. USENIX Association, Vancouver (2010), http://appanalysis.org/tdroid10.pdf
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 235–245. ACM Press, New York (2009)
Enck, W., Ongtang, M., McDaniel, P.: Understanding Android Security. IEEE Security & Privacy Magazine 7(1), 50–57 (2009)
Heath, C.: Symbian OS Platform Security, Software Development Using the Symbian OS Security Architecture. John Wiley & Sons Ltd. (2006)
Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 639–652. ACM, New York (2011)
Krohn, M., Yip, A., Brodsky, M., Cliffer, N., Kaashoek, M.F., Kohler, E., Morris, R.: Information Flow Control for Standard OS Abstractions. In: Proceedings of ACM Symposium on Operating Systems Principles (2007)
Microsoft Corporation: Windows Phone 7 Security Model. Tech. rep. (December 2010)
Nair, S., Simpson, P., Crispo, B., Tanenbaum, A.: Trishul: A Policy Enforcement Architecture for Java Virtual Machines. Tech. rep., Vrije Universiteit, Amsterdam, Netherlands (2008)
Nair, S., Tanenbaum, A., Gheorghe, G., Crispo, B.: Enforcing DRM policies across applications. In: Proceedings of the 8th ACM Workshop on Digital Rights Management - DRM 2008, p. 87. ACM Press, New York (2008)
Nauman, M., Khan, S., Zhang, X.: Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 328–332. ACM Press, Beijing (2010)
Ongtang, M., Butler, K., McDaniel, P.: Porscha: Policy Oriented Secure Content Handling in Android. In: Proceedings of the 26th Annual Computer Security Applications Conference. ACM Press, New York (2010)
Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically Rich Application-Centric Security in Android. In: 2009 Annual Computer Security Applications Conference, pp. 340–349. IEEE Computer Society (2009)
Philippaerts, P.: Security of Software on Mobile Devices. PhD thesis, Department of Computer Science, Faculty of Engineering, Leuven, Belgium (2010)
Research in Motion Ltd.: BlackBerry Enterprise Solution, Security Technical Overview for BlackBerry Enterprise Server Version 4.1 Service Pack 6 and BlackBerry Device Software Version 4.6. Technical report, Canada (2009)
Schreckling, D., Posegga, J., Hausknecht, D.: Constroid: Data-Centric Access Control for Android. In: Proceedings of the 27th Symposium on Applied Computing (SAC): Computer Security Track (2012)
Vandebogart, S., Efstathopoulos, P., Kohler, E., Krohn, M., Frey, C., Ziegler, D., Kaashoek, F., Morris, R., Mazières, D.: Labels and Event Processes in the Asbestos Operating System. ACM Transactions on Computer Systems (TOCS) 25 (2007)
Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: Capturing System-Wide Information Flow for Malware Detection and Analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 116–127. ACM Press, New York (2007)
Zeldovich, N., Boyd-Wickizer, S., Kohler, E., Mazières, D.: Making Information Flow Explicit in HiStar. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, OSDI (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Schreckling, D., Posegga, J., Köstler, J., Schaff, M. (2012). Kynoid: Real-Time Enforcement of Fine-Grained, User-Defined, and Data-Centric Security Policies for Android. In: Askoxylakis, I., Pöhls, H.C., Posegga, J. (eds) Information Security Theory and Practice. Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems. WISTP 2012. Lecture Notes in Computer Science, vol 7322. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30955-7_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-30955-7_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30954-0
Online ISBN: 978-3-642-30955-7
eBook Packages: Computer ScienceComputer Science (R0)