research-article

Practical and lightweight domain isolation on Android

Authors:

Alexandra Dmitrienko,

Stephan Heuser,

Ahmad-Reza Sadeghi,

Bhargava ShastryAuthors Info & Claims

SPSM '11: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices

Pages 51 - 62

https://doi.org/10.1145/2046614.2046624

Published: 17 October 2011 Publication History

Abstract

In this paper, we introduce a security framework for practical and lightweight domain isolation on Android to mitigate unauthorized data access and communication among applications of different trust levels (e.g., private and corporate). We present the design and implementation of our framework, TrustDroid, which in contrast to existing solutions enables isolation at different layers of the Android software stack: (1) at the middleware layer to prevent inter-domain application communication and data access, (2) at the kernel layer to enforce mandatory access control on the file system and on Inter-Process Communication (IPC) channels, and (3) at the network layer to mediate network traffic. For instance, (3) allows network data to be only read by a particular domain, or enables basic context-based policies such as preventing Internet access by untrusted applications while an employee is connected to the company's network.

Our approach accurately addresses the demands of the business world, namely to isolate data and applications of different trust levels in a practical and lightweight way. Moreover, our solution is the first leveraging mandatory access control with TOMOYO Linux on a real Android device (Nexus One). Our evaluation demonstrates that TrustDroid only adds a negligible overhead, and in contrast to contemporary full virtualization, only minimally affects the battery's life-time.

References

[1]

enterproid. http://www.enterproid.com/.

[2]

ARM. TrustZone technology overview. http://www.arm.com/products/security/trustzone/index.html.

[3]

K. Barr, P. Bungale, S. Deasy, V. Gyuris, P. Hung, C. Newell, H. Tuch, and B. Zoppis. The VMware mobile virtualization platform: is that a hypervisor in your pocket? SIGOPS Operating Systems Review, 2010.

Digital Library

[4]

T. Bradley. DroidDream becomes Android market nightmare. http://www.pcworld.com/businesscenter/article/221247/droiddream_becomes_android_market_nightmare.html, 2011.

[5]

S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A.-R. Sadeghi. XManDroid: A new Android evolution to mitigate privilege escalation attacks. Technical Report TR-2011-04, Technische Universitat Darmstadt, 2011.

[6]

P. Carton. New burst of momentum for Google Android OS. http://www.investorplace.com/18151/google-android-os-major-corporate-smart-phone-winner/, 2010.

[7]

M. Conti, V. T. N. Nguyen, and B. Crispo. CRePE: Context-related policy enforcement for Android. In 13th Information Security Conference (ISC), 2010.

Digital Library

[8]

N. Daisuke and G. L. Tona. Tomoyo-android: TOMOYO Linux on Android. http://code.google.com/p/tomoyo-android/.

[9]

L. Davi, A. Dmitrienko, C. Kowalski, and M. Winandy. Trusted virtual domains on OKL4: Secure information sharing on smartphones. In 6th ACM Workshop on Scalable Trusted Computing (STC), 2011.

Digital Library

[10]

L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy. Privilege escalation attacks on Android. In 13th Information Security Conference (ISC), 2010.

Digital Library

[11]

A. Distefano, A. Grillo, A. Lentini, and G. F. Italiano. SecureMyDroid: enforcing security in the mobile devices lifecycle. In ACM CSIIRW, 2010.

Digital Library

[12]

A. Dmitrienko, K. Eriksson, D. Kuhlmann, G. Ramunno, A.-R. Sadeghi, S. Schulz, M. Schunter, M. Winandy, L. Catuogno, and J. Zhan. Trusted Virtual Domains -- design, implementation and lessons learned. In INTRUST, 2009.

[13]

J.-E. Ekberg and S. Bugiel. Trust in a small package: Minimized MRTM software implementation for mobile secure environments. In 4th ACM Workshop on Scalable Trusted Computing (STC), 2009.

Digital Library

[14]

W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2010.

Digital Library

[15]

W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification. In 16th ACM Conference on Computer and Communications Security (CCS), 2009.

Digital Library

[16]

W. Enck, M. Ongtang, and P. McDaniel. Understanding Android security. IEEE Security and Privacy Magazine, 2009.

Digital Library

[17]

A. P. Felt, H. Wang, A. Moshchuk, S. Hanna, and E. Chin. Permission re-delegation: Attacks and defenses. In USENIX Security Symposium, 2011.

Digital Library

[18]

Gartner Inc. http://www.gartner.com/it/page.jsp?id=1689814, 2011.

[19]

D. Goodin. Android bugs let attackers install malware without warning. http://www.theregister.co.uk/2010/11/10/android_malware_attacks/, 2010.

[20]

Google. The Android developer's guide - Android Manifest permissions. http://developer.android.com/reference/android/Manifest.permission.html, 2010.

[21]

Google Inc. Google Android. http://www.android.com/.

[22]

T. Harada, T. Horie, and K. Tanaka. Task Oriented Management Obviates Your Onus on Linux. In Linux Conference, 2004.

[23]

J.-Y. Hwang, S.-B. Suh, S.-K. Heo, C.-J. Park, J.-M. Ryu, S.-Y. Park, and C.-R. Kim. Xen on ARM: System virtualization using Xen hypervisor for ARM-based secure mobile phones. In IEEE CCNC, Jan. 2008.

[24]

A. Lineberry, D. L. Richardson, and T. Wyatt. These aren't the permissions you're looking for. BlackHat USA 2010. http://dtors.files.wordpress.com/2010/08/blackhat-2010-slides.pdf, 2010.

[25]

Lookout Mobile Security. Security alert: Geinimi, sophisticated new Android Trojan found in wild. http://blog.mylookout.com/2010/12/geinimi_trojan/, 2010.

[26]

National Security Agency. Security-Enhanced Linux. http://www.nsa.gov/research/selinux.

[27]

M. Nauman, S. Khan, and X. Zhang. Apex: Extending Android permission model and enforcement with user-defined runtime constraints. In ACM ASIACCS, 2010.

Digital Library

[28]

M. Nauman, S. Khan, X. Zhang, and J.-P. Seifert. Beyond kernel-level integrity measurement: Enabling remote attestation for the Android platform. In TRUST, 2010.

Digital Library

[29]

Nils. Building Android sandcastles in Android's sandbox. BlackHat Abu Dhabi 2010. https://media.blackhat.com/bh-ad-10/Nils/Black-Hat-AD-2010-android-sandcastle-wp.pdf, 2010.

[30]

J. Oberheide. Android Hax. SummerCon 2010. http://jon.oberheide.org/files/summercon10-androidhax-jonoberheide.pdf, 2010.

[31]

M. Ongtang, K. Butler, and P. McDaniel. Porscha: Policy oriented secure content handling in Android. In ACSAC, 2010.

Digital Library

[32]

M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel. Semantically rich application-centric security in Android. In ACSAC, 2009.

Digital Library

[33]

Open Kernel Labs. Ok:android. http://www.ok-labs.com/products/ok-android.

[34]

Palm Source, Inc. Open Binder. Version 1. http://www.angryredplanet.com/ hackbod/openbinder/docs/html/index.html, 2005.

[35]

V. Rao and T. Jaeger. Dynamic mandatory access control for multiple stakeholders. In ACM Symposium on Access Control Models and Technologies (SACMAT), 2009.

Digital Library

[36]

J. M. Rushby. Design and verification of secure systems. In 8th ACM Symposium on Operating System Principles (SOSP), 1981.

Digital Library

[37]

R. Schlegel, K. Zhang, X. Zhou, M. Intwala, A. Kapadia, and X. Wang. Soundcomber: A stealthy and context-aware sound trojan for smartphones. In 18th Annual Network and Distributed System Security Conference (NDSS), 2011.

[38]

D. Sehr, R. Muth, C. Biffle, V. Khimenko, E. Pasko, K. Schimpf, B. Yee, and B. Chen. Adapting software fault isolation to contemporary CPU architectures. In USENIX Security Symposium, 2010.

Digital Library

[39]

M. Selhorst, C. Stüble, F. Feldmann, and U. Gnaida. Towards a trusted mobile desktop. In TRUST, 2010.

Digital Library

[40]

A. Shabtai, Y. Fledel, and Y. Elovici. Securing Android-powered mobile devices using SELinux. IEEE Security and Privacy Magazine, 2010.

Digital Library

[41]

J. Srage and J. Azema. M-Shield mobile security technology, 2005. TI White paper. http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.pdf.

[42]

Trusted Computing Group. Mobile Trusted Module Specification. Version 1.0 Revision 6, 26 June 2008.

[43]

Trusted Computing Group (TCG). TNC Architecture for Interoperability, Version 1.4, Revision 4, 2009.

[44]

J. Winter. Trusted computing building blocks for embedded linux-based ARM trustzone platforms. In 3rd ACM Workshop on Scalable Trusted Computing (STC), 2008.

Digital Library

[45]

X. Zhang, O. Acıiçmez, and J.-P. Seifert. A trusted mobile phone reference architecture via secure kernel. In 2nd ACM Workshop on Scalable Trusted Computing (STC), 2007.

Digital Library

[46]

X. Zhang, J.-P. Seifert, and O. Acıiçmez. SEIP: simple and efficient integrity protection for open mobile platforms. In 12th International Conference on Information and Communications Security (ICICS), 2010.

Digital Library

Cited By

Beauchaine AShue C(2023)Toward a (Secure) Path of Least Resistance: An Examination of Usability Challenges in Secure Sandbox Systems2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)10.1109/TPS-ISA58951.2023.00038(240-246)Online publication date: 1-Nov-2023
https://doi.org/10.1109/TPS-ISA58951.2023.00038
Ahmad MBergadano FCostamagna VCrispo BRussello G(2023)AppBox: A Black-Box Application Sandboxing Technique for Mobile App Management Solutions2023 IEEE Symposium on Computers and Communications (ISCC)10.1109/ISCC58397.2023.10217861(1-7)Online publication date: 9-Jul-2023
https://doi.org/10.1109/ISCC58397.2023.10217861
Pattani KGautam S(2023)Defense and Evaluation Against Covert Channel-Based Attacks in Android SmartphonesData Management, Analytics and Innovation10.1007/978-981-99-1414-2_49(685-696)Online publication date: 29-May-2023
https://doi.org/10.1007/978-981-99-1414-2_49
Show More Cited By

Index Terms

Practical and lightweight domain isolation on Android
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Android permissions demystified
CCS '11: Proceedings of the 18th ACM conference on Computer and communications security

Android provides third-party applications with an extensive API that includes access to phone hardware, settings, and user data. Access to privacy- and security-relevant parts of the API is controlled with an install-time application permission system. ...
A Lightweight Virtualization Solution for Android Devices
Mobile virtualization has emerged fairly recently and is considered a valuable way to mitigate security risks on Android devices. However, major challenges in mobile virtualization include runtime, hardware, resource overhead, and compatibility. In this ...
TSAC: Enforcing Isolation ofVirtual Machines in Clouds
Virtualization plays a vital role in building the infrastructure of clouds, and isolation is considered as one of its important features. However, we demonstrate with practical measurements that there exist two kinds of isolation problems in current ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SPSM '11: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices

October 2011

96 pages

ISBN:9781450310000

DOI:10.1145/2046614

General Chair:
Xuxian Jiang
North Carolina State University
,
Program Chairs:
Amiya Bhattacharya
Arizona State University
,
Partha Dasgupta
Arizona State University
,
William Enck
North Carolina State University

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 October 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'11

Sponsor:

SIGSAC

CCS'11: the ACM Conference on Computer and Communications Security

October 17, 2011

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 46 of 139 submissions, 33%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

113
Total Citations
View Citations
2,077
Total Downloads

Downloads (Last 12 months)22
Downloads (Last 6 weeks)1

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Beauchaine AShue C(2023)Toward a (Secure) Path of Least Resistance: An Examination of Usability Challenges in Secure Sandbox Systems2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)10.1109/TPS-ISA58951.2023.00038(240-246)Online publication date: 1-Nov-2023
https://doi.org/10.1109/TPS-ISA58951.2023.00038
Ahmad MBergadano FCostamagna VCrispo BRussello G(2023)AppBox: A Black-Box Application Sandboxing Technique for Mobile App Management Solutions2023 IEEE Symposium on Computers and Communications (ISCC)10.1109/ISCC58397.2023.10217861(1-7)Online publication date: 9-Jul-2023
https://doi.org/10.1109/ISCC58397.2023.10217861
Pattani KGautam S(2023)Defense and Evaluation Against Covert Channel-Based Attacks in Android SmartphonesData Management, Analytics and Innovation10.1007/978-981-99-1414-2_49(685-696)Online publication date: 29-May-2023
https://doi.org/10.1007/978-981-99-1414-2_49
Xie YBuchman A(2022)A survey for Communication security of the embedded systemCarpathian Journal of Electronic and Computer Engineering10.2478/cjece-2021-000914:2(15-19)Online publication date: 21-Jan-2022
https://doi.org/10.2478/cjece-2021-0009
Salles-Loustau GSadhu VGarcia LJoshi KPompili DZonouz S(2022)Don't Just BYOD, Bring-Your-Own-App Too! Protection via Virtual Micro Security PerimetersIEEE Transactions on Mobile Computing10.1109/TMC.2020.300085221:1(76-92)Online publication date: 1-Jan-2022
https://doi.org/10.1109/TMC.2020.3000852
Hu JIosifescu ALiKamWa RBanerjee SMottola LZhou X(2021)LensCapProceedings of the 19th Annual International Conference on Mobile Systems, Applications, and Services10.1145/3458864.3467676(14-27)Online publication date: 24-Jun-2021
https://dl.acm.org/doi/10.1145/3458864.3467676
Mayrhofer RStoep JBrubaker CKralevich N(2021)The Android Platform Security ModelACM Transactions on Privacy and Security10.1145/344860924:3(1-35)Online publication date: 28-Apr-2021
https://dl.acm.org/doi/10.1145/3448609
Veras RCollins CThorpe J(2021)A Large-Scale Analysis of the Semantic Password Model and Linguistic Patterns in PasswordsACM Transactions on Privacy and Security10.1145/344860824:3(1-21)Online publication date: 20-Apr-2021
https://dl.acm.org/doi/10.1145/3448608
Jarecki SJubur MKrawczyk HSaxena NShirvanian M(2021)Two-factor Password-authenticated Key Exchange with End-to-end SecurityACM Transactions on Privacy and Security10.1145/344680724:3(1-37)Online publication date: 28-Apr-2021
https://dl.acm.org/doi/10.1145/3446807
Balliu MMerro MPasqua MShcherbakov M(2021)Friendly FireACM Transactions on Privacy and Security10.1145/344496324:3(1-40)Online publication date: 1-Apr-2021
https://dl.acm.org/doi/10.1145/3444963
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten