POSTER: The ART of App Compartmentalization
Pages 1811 - 1813
Abstract
On Android, advertising libraries are commonly integrated with their host apps. Since the host and advertising components share the application's sandbox, advertisement code inherits all permissions and can access host resources with no further approval needed. Motivated by the privacy risks of advertisement libraries as already shown in the literature, this poster introduces an Android Runtime (ART) based app compartmentalization mechanism to achieve separation between trusted app code and untrusted library code without system modification and application rewriting. With our approach, advertising libraries will be isolated from the host app and the original app will be partitioned into two sub-apps that run independently, with the host app's resources and permissions being protected by Android's app sandboxing mechanism. ARTist [1], a compiler-based Android app instrumentation framework, is utilized here to recreate the communication channels between host and advertisement library. The result is a robust toolchain on device which provides a clean separation of developer-written app code and third-party advertisement code, allowing for finer-grained access control policies and information flow control without OS customization and application rebuilding.
References
[1]
Michael Backes, Sven Bugiel, Oliver Schranz, Philipp von Styp-Rekowsky, and Sebastian Weisgerber. Artist: The android runtime instrumentation and security toolkit. arXiv preprint arXiv:1607.06619, 2016.
[2]
Soteris Demetriou, Whitney Merrill, Wei Yang, Aston Zhang, and Carl A Gunter. Free for all! assessing user data exposure to advertising libraries on android. NDSS '16, 2016.
[3]
Yajin Zhou, Kunal Patel, Lei Wu, Zhi Wang, and Xuxian Jiang. Hybrid user-level sandboxing of third-party android apps. In ASIACCS '15, pages 19--30. ACM, 2015.
[4]
Jaebaek Seo, Daehyeok Kim, Donghyun Cho, Taesoo Kim, and Insik Shin. Flexdroid: Enforcing in-app privilege separation in android. NDSS '16, 2016.
[5]
Mengtao Sun and Gang Tan. Nativeguard: Protecting android applications from third-party native libraries. In WiSec '14, pages 165--176. ACM, 2014.
[6]
Shashi Shekhar, Michael Dietz, and Dan S Wallach. Adsplit: Separating smartphone advertising from applications. In USENIX Security '12, pages 553--567, 2012.
[7]
Paul Pearce, Adrienne Porter Felt, Gabriel Nunez, and David Wagner. Addroid: Privilege separation for applications and advertisers in android. In ASIACCS '12, pages 71--72. ACM, 2012.
Index Terms
- POSTER: The ART of App Compartmentalization
Recommendations
The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications SecurityThird-party libraries are commonly used by app developers for alleviating the development efforts and for monetizing their apps. On Android, the host app and its third-party libraries reside in the same sandbox and share all privileges awarded to the ...
NativeGuard: protecting android applications from third-party native libraries
WiSec '14: Proceedings of the 2014 ACM conference on Security and privacy in wireless & mobile networksAndroid applications often include third-party libraries written in native code. However, current native components are not well managed by Android's security architecture. We present NativeGuard, a security framework that isolates native libraries from ...
Poster: Android Whole-System Control Flow Analysis for Accurate Application Behavior Modeling
MobiSys '16 Companion: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services CompanionAndroid, the modern operating system for smartphones, together with its millions of apps, has become an important part of human life. There are many challenges to analyzing them. It is important to model the mobile systems in order to analyze the ...
Comments
Information & Contributors
Information
Published In
October 2016
1924 pages
ISBN:9781450341394
DOI:10.1145/2976749
- General Chairs:
- Edgar Weippl,
- Stefan Katzenbeisser,
- Program Chairs:
- Christopher Kruegel,
- Andrew Myers,
- Shai Halevi
Copyright © 2016 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 24 October 2016
Check for updates
Author Tags
Qualifiers
- Poster
Funding Sources
- German Federal Ministry of Education and Research (BMBF)
Conference
CCS'16
Sponsor:
CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security
October 24 - 28, 2016
Vienna, Austria
Acceptance Rates
CCS '16 Paper Acceptance Rate 137 of 831 submissions, 16%;
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 280Total Downloads
- Downloads (Last 12 months)10
- Downloads (Last 6 weeks)2
Reflects downloads up to 14 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in