SplitSecond: Flexible privilege separation of Android apps

Android applications have been attractive targets to attackers due to the large number of users and the sensitive information they possess. After the success of the first step of an attack exploiting a software vulnerability, the consequential damage is primarily determined by the criticality and th...

Full description

Saved in:
Bibliographic Details
Main Authors: LEE, Jehyun, VENKATESWARA RAJA, Akshaya Venkateswara, GAO, Debin
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2019
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/4686
https://ink.library.smu.edu.sg/context/sis_research/article/5689/viewcontent/SplitSecond_pst19_av.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-5689
record_format dspace
spelling sg-smu-ink.sis_research-56892023-08-03T06:18:16Z SplitSecond: Flexible privilege separation of Android apps LEE, Jehyun VENKATESWARA RAJA, Akshaya Venkateswara GAO, Debin Android applications have been attractive targets to attackers due to the large number of users and the sensitive information they possess. After the success of the first step of an attack exploiting a software vulnerability, the consequential damage is primarily determined by the criticality and the amount of Android permissions that a victim application has. As a countermeasure, process separation techniques that isolate potentially vulnerable components — usually native libraries — from the critical data and permissions, have been proposed. However, existing techniques offer little flexibility in the separation, e.g., with all native code being placed into one process without considering its dependency with other (Java) components and the non-empty set of permissions needed. In this paper, we propose a flexible privilege separation system, named SplitSecond, that enables selective permission separation at the granularity of Java components and native methods. SplitSecond provides safety against the attacks by restricting permissions on a user selectable isolation unit. According to our case study and experimental evaluation on a real handset with SplitSecond adopted Android OS and 100 top-ranked Android applications, 59.59% of activities, 66.8% of native methods, and 47.49% of permissions on average are flexibly splittable by SplitSecond with moderate overhead. 2019-07-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4686 info:doi/10.1109/PST47121.2019.8949067 https://ink.library.smu.edu.sg/context/sis_research/article/5689/viewcontent/SplitSecond_pst19_av.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Android security privilege separation process isolation Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Android security
privilege separation
process isolation
Information Security
spellingShingle Android security
privilege separation
process isolation
Information Security
LEE, Jehyun
VENKATESWARA RAJA, Akshaya Venkateswara
GAO, Debin
SplitSecond: Flexible privilege separation of Android apps
description Android applications have been attractive targets to attackers due to the large number of users and the sensitive information they possess. After the success of the first step of an attack exploiting a software vulnerability, the consequential damage is primarily determined by the criticality and the amount of Android permissions that a victim application has. As a countermeasure, process separation techniques that isolate potentially vulnerable components — usually native libraries — from the critical data and permissions, have been proposed. However, existing techniques offer little flexibility in the separation, e.g., with all native code being placed into one process without considering its dependency with other (Java) components and the non-empty set of permissions needed. In this paper, we propose a flexible privilege separation system, named SplitSecond, that enables selective permission separation at the granularity of Java components and native methods. SplitSecond provides safety against the attacks by restricting permissions on a user selectable isolation unit. According to our case study and experimental evaluation on a real handset with SplitSecond adopted Android OS and 100 top-ranked Android applications, 59.59% of activities, 66.8% of native methods, and 47.49% of permissions on average are flexibly splittable by SplitSecond with moderate overhead.
format text
author LEE, Jehyun
VENKATESWARA RAJA, Akshaya Venkateswara
GAO, Debin
author_facet LEE, Jehyun
VENKATESWARA RAJA, Akshaya Venkateswara
GAO, Debin
author_sort LEE, Jehyun
title SplitSecond: Flexible privilege separation of Android apps
title_short SplitSecond: Flexible privilege separation of Android apps
title_full SplitSecond: Flexible privilege separation of Android apps
title_fullStr SplitSecond: Flexible privilege separation of Android apps
title_full_unstemmed SplitSecond: Flexible privilege separation of Android apps
title_sort splitsecond: flexible privilege separation of android apps
publisher Institutional Knowledge at Singapore Management University
publishDate 2019
url https://ink.library.smu.edu.sg/sis_research/4686
https://ink.library.smu.edu.sg/context/sis_research/article/5689/viewcontent/SplitSecond_pst19_av.pdf
_version_ 1773551428438065152