TY - GEN
T1 - Checking intent-based communication in android with intent space analysis
AU - Jing, Yiming
AU - Ahn, Gail-Joon
AU - Doupe, Adam
AU - Yi, Jeong Hyun
N1 - Funding Information:
This work was partially supported by the grants from Global Research Laboratory Project through National Research Foundation (NRF-2014K1A1A2043029) and the Center for Cybersecurity and Digital Forensics at Arizona State University. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not reflect the views of the funding agencies.
PY - 2016/5/30
Y1 - 2016/5/30
N2 - Intent-based communication is an inter-application communication mechanism in Android. While its importance has been proven by plenty of security extensions that protect it with policy-driven mandatory access control, an overlooked problem is the verification of the security policies. Checking one security extension's policy is indeed complex. Furthermore, intent-based communication introduces even more complexities because it is mediated by multiple security extensions that respectively enforce their own incompatible, distributed, and dynamic policies. This paper seeks a systematic approach to address the complexities involved in checking intent-based communication. To this end, we propose intent space analysis. Intent space analysis formulates the intent forwarding functionalities of security extensions as transformations on a geometric intent space. We further introduce a policy checking framework called IntentScope that proactively and automatically aggregates distributed policies into a holistic and verifiable view. We evaluate our approach against customized Android OSs and commodity Android devices. In addition, we further conduct experiments with four security extensions to demonstrate how our approach helps identify potential vulnerabilities in each extension.
AB - Intent-based communication is an inter-application communication mechanism in Android. While its importance has been proven by plenty of security extensions that protect it with policy-driven mandatory access control, an overlooked problem is the verification of the security policies. Checking one security extension's policy is indeed complex. Furthermore, intent-based communication introduces even more complexities because it is mediated by multiple security extensions that respectively enforce their own incompatible, distributed, and dynamic policies. This paper seeks a systematic approach to address the complexities involved in checking intent-based communication. To this end, we propose intent space analysis. Intent space analysis formulates the intent forwarding functionalities of security extensions as transformations on a geometric intent space. We further introduce a policy checking framework called IntentScope that proactively and automatically aggregates distributed policies into a holistic and verifiable view. We evaluate our approach against customized Android OSs and commodity Android devices. In addition, we further conduct experiments with four security extensions to demonstrate how our approach helps identify potential vulnerabilities in each extension.
UR - http://www.scopus.com/inward/record.url?scp=84979680901&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84979680901&partnerID=8YFLogxK
U2 - 10.1145/2897845.2897904
DO - 10.1145/2897845.2897904
M3 - Conference contribution
AN - SCOPUS:84979680901
T3 - ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security
SP - 735
EP - 746
BT - ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security
PB - Association for Computing Machinery, Inc
T2 - 11th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2016
Y2 - 30 May 2016 through 3 June 2016
ER -