ABSTRACT
Cross-app collaboration via inter-component communication is a fundamental mechanism on Android. Although it brings the benefits such as functionality reuse and data sharing, a threat called component hijacking is also introduced. By hijacking a vulnerable component in victim apps, an attack app can escalate its privilege for operations originally prohibited. Many prior studies have been performed to understand and mitigate this issue, but no defense is being deployed in the wild, largely due to the deployment difficulties and performance concerns. In this paper we present SCLib, a secure component library that performs in-app mandatory access control on behalf of app components. It does not require firmware modification or app repackaging as in previous works. The library-based nature also makes SCLib more accessible to app developers, and enables them produce secure components in the first place over fragmented Android devices. As a proof of concept, we design six mandatory policies and overcome unique implementation challenges to mitigate attacks originated from both system weaknesses and common developer mistakes. Our evaluation using ten high-profile open source apps shows that SCLib can protect their 35 risky components with negligible code footprint (less than 0.3% stub code) and nearly no slowdown to normal intra-app communication. The worst-case performance overhead is only about 5%.
- Michael Backes, Sven Bugiel, and Sebastian Gerling. 2014. Scippa: System-Centric IPC Provenance on Android Proc. ACM ACSAC. Google ScholarDigital Library
- Michael Backes, Sven Bugiel, Christian Hammer, Oliver Schranz, and Philipp Von Styp-Rekowsky. 2015. Boxify: Full-fledged App Sandboxing for Stock Android Proc. USENIX Security Symposium. Google ScholarDigital Library
- Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad Sadeghi, and Bhargava Shastry. 2012. Towards Taming Privilege-Escalation Attacks on Android Proc. ISOC NDSS.Google Scholar
- Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Ahmad-Reza Sadeghi, and Bhargava Shastry. 2011. Practical and Lightweight Domain Isolation on Android Proc. ACM SPSM. Google ScholarDigital Library
- Erika Chin, Adrienne Felt, Kate Greenwood, and David Wagner. 2011. Analyzing Inter-Application Communication in Android Proc. ACM MobiSys. Google ScholarDigital Library
- Lucas Davi, Alexandra Dmitrienko, Ahmad Sadeghi, and Marcel Winandy. 2010. Privilege Escalation Attacks on Android. In Proc. Springer ISC. Google ScholarDigital Library
- Michael Dietz, Shashi Shekhar, Yuliy Pisetsky, Anhei Shu, and Dan Wallach. 2011. QUIRE: Lightweight Provenance for Smart Phone Operating Systems Proc. USENIX Security Symposium. Google ScholarDigital Library
- Adrienne Felt, Erika Chin, Steve Hanna, Dawn Song, and David Wagner. 2011 a. Android Permissions Demystified. In Proc. ACM CCS. Google ScholarDigital Library
- Adrienne Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner. 2012. Android Permissions: User Attention, Comprehension, and Behavior Proc. ACM SOUPS. Google ScholarDigital Library
- Adrienne Felt, Helen Wang, Alexander Moshchuk, Steven Hanna, and Erika Chin. 2011 b. Permission Re-Delegation: Attacks and Defenses. In Proc. USENIX Security. Google ScholarDigital Library
- Aleksandar Gargenta. 2013. Deep Dive into Android IPC/Binder Framework. http://tinyurl.com/diveIPC. (2013).Google Scholar
- Michael Grace, Yajin Zhou, Zhi Wang, and Xuxian Jiang. 2012. Systematic Detection of Capability Leaks in Stock Android Smartphones Proc. NDSS.Google Scholar
- Norm Hardy. 1988. The Confused Deputy: (or why capabilities might have been invented) ACM SIGPOS Operating Systems Review. Google ScholarDigital Library
- Ahn Joonseok. 2012. Binder: Communication Mechanism of Android Processes. http://tinyurl.com/bindercomm. (2012).Google Scholar
- David Kantola, Erika Chin, Warren He, and David Wagner. 2012. Reducing Attack Surfaces for Intra-Application Communication in Android Proc. SPSM. Google ScholarDigital Library
- Yu Liang, Xinjie Ma, Daoyuan Wu, Xiaoxiao Tang, Debin Gao, Guojun Peng, Chunfu Jia, and Huanguo Zhang. 2015. Stack Layout Randomization with Minimal Rewriting of Android Binaries Proc. Springer International Conference on Information Security and Cryptology (ICISC).Google Scholar
- Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee, and Guofei Jiang. 2012. CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities Proc. ACM CCS. Google ScholarDigital Library
- Claudio Marforio, Hubert Ritzdorf, Aurélien Francillon, and Srdjan Capkun. 2012. Analysis of the Communication between Colluding Applications on Modern Smartphones Proc. ACM ACSAC. Google ScholarDigital Library
- Patrick Mutchler, Yeganeh Safaei, Adam Doupe, and John Mitchell. 2016. Target Fragmentation in Android Apps. In Proc. IEEE MoST.Google ScholarCross Ref
- Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, and Yves Le Traon. 2013. Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis Proc. USENIX Security Symposium. Google ScholarDigital Library
- Machigar Ongtang, Stephen McLaughlin, William Enck, and Patrick McDaniel. 2009. Semantically Rich Application-Centric Security in Android Proc. ACSAC. Google ScholarDigital Library
- Thorsten Schreiber. 2012. Android Binder: Android Interprocess Communication. http://www.nds.rub.de/media/attachments/files/2012/03/binder.pdf. (2012).Google Scholar
- Stephen Smalley and Robert Craig. 2013. Security Enhanced (SE) Android: Bringing Flexible MAC to Android Proc. ISOC NDSS.Google Scholar
- Daoyuan Wu and Rocky K. C. Chang. 2014. Analyzing Android Browser Apps for file:// Vulnerabilities Proc. Springer Information Security Conference (ISC).Google Scholar
- Daoyuan Wu and Rocky K. C. Chang. 2015. Indirect File Leaks in Mobile Applications. In Proc. IEEE Mobile Security Technologies (MoST).Google Scholar
- Daoyuan Wu, Yao Cheng, Debin Gao, Yingjiu Li, and Robert H. Deng. 2018. SCLib: A Practical and Lightweight Defense against Component Hijacking in Android Applications. CoRR Vol. abs/1801.04372 (2018). https://arxiv.org/abs/1801.04372 tempurlGoogle Scholar
- Daoyuan Wu, Ximing Liu, Jiayun Xu, David Lo, and Debin Gao. 2017. Measuring the Declared SDK Versions and Their Consistency with API Calls in Android Apps. In Proc. Conference on Wireless Algorithms, Systems, and Applications.Google ScholarCross Ref
- Daoyuan Wu, Xiapu Luo, and Rocky K. C. Chang. 2014. A Sink-driven Approach to Detecting Exposed Component Vulnerabilities in Android Apps. CoRR Vol. abs/1405.6282 (2014). http://arxiv.org/abs/1405.6282 tempurlGoogle Scholar
- Rubin Xu, Hassen Saidi, and Ross Anderson. 2012. Aurasium: Practical Policy Enforcement for Android Applications Proc. USENIX Security. Google ScholarDigital Library
- Carter Yagemann. 2016. IntentFirewall Unofficial Document. http://www.cis.syr.edu/ wedu/android/IntentFirewall/. (2016).Google Scholar
- Carter Yagemann and Wenliang Du. 2016. Intentio Ex Machina: Android Intent Access Control via an Extensible Application Hook Proc. ESORICS.Google Scholar
- Mu Zhang and Heng Yin. 2014. AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking Attacks in Android Applications Proc. ISOC NDSS.Google Scholar
- Wu Zhou, Yajin Zhou, Xuxian Jiang, and Peng Ning. 2012. Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces ACM CODASPY. Google ScholarDigital Library
- Yajin Zhou and Xuxian Jiang. 2013. Detecting Passive Content Leaks and Pollution in Android Applications Proc. ISOC NDSS.Google Scholar
Index Terms
- SCLib: A Practical and Lightweight Defense against Component Hijacking in Android Applications
Recommendations
VenomAttack: automated and adaptive activity hijacking in Android
AbstractActivity hijacking is one of the most powerful attacks in Android. Though promising, all the prior activity hijacking attacks suffer from some limitations and have limited attack capabilities. They no longer pose security threats in recent Android ...
ClickShield: Are You Hiding Something? Towards Eradicating Clickjacking on Android
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecurityIn the context of mobile-based user-interface (UI) attacks, the common belief is that clickjacking is a solved problem. On the contrary, this paper shows that clickjacking is still an open problem for mobile devices. In fact, all known academic and ...
Breaking and fixing the Android Launching Flow
The security model of the Android OS is based on the effective combination of a number of well-known security mechanisms (e.g. statically defined permissions for applications, the isolation offered by the Dalvik Virtual Machine, and the well-known Linux ...
Comments