Practical DIFC Enforcement on Android
| Title | Practical DIFC Enforcement on Android |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Adwait Nadkarni, Benjamin Andow, William Enck, Somesh Jha |
| Conference Name | USENIX Security Symposium |
| Date Published | 08/2016 |
| Conference Location | Austin, TX |
| Keywords | NCSU, Oct'16, Resilient Architectures, Smart Isolation in Large-Scale Production Computing Infrastructures |
| Abstract | Smartphone users often use private and enterprise data with untrusted third party applications. The fundamental lack of secrecy guarantees in smartphone OSes, such as Android, exposes this data to the risk of unauthorized exfiltration. A natural solution is the integration of secrecy guarantees into the OS. In this paper, we describe the challenges for decentralized information flow control (DIFC) enforcement on Android. We propose context-sensitive DIFC enforcement via lazy polyinstantiation and practical and secure network export through domain declassification. Our DIFC system, Weir, is backwards compatible by design, and incurs less than 4 ms overhead for component startup. With Weir, we demonstrate practical and secure DIFC enforcement on Android. |
| URL | https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_nadkarni.pdf |
| Citation Key | naej16 |
| Refereed Designation | Refereed |