Abstract

Intent-based communication is an inter-application communication mechanism in Android. While its importance has been proven by plenty of security extensions that protect it with policy-driven mandatory access control, an overlooked problem is the verification of the security policies. Checking one security extension's policy is indeed complex. Furthermore, intent-based communication introduces even more complexities because it is mediated by multiple security extensions that respectively enforce their own incompatible, distributed, and dynamic policies. This paper seeks a systematic approach to address the complexities involved in checking intent-based communication. To this end, we propose intent space analysis. Intent space analysis formulates the intent forwarding functionalities of security extensions as transformations on a geometric intent space. We further introduce a policy checking framework called IntentScope that proactively and automatically aggregates distributed policies into a holistic and verifiable view. We evaluate our approach against customized Android OSs and commodity Android devices. In addition, we further conduct experiments with four security extensions to demonstrate how our approach helps identify potential vulnerabilities in each extension.

Original languageEnglish (US)
Title of host publicationASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery, Inc
Pages735-746
Number of pages12
ISBN (Electronic)9781450342339
DOIs
StatePublished - May 30 2016
Event11th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2016 - Xi'an, China
Duration: May 30 2016Jun 3 2016

Other

Other11th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2016
CountryChina
CityXi'an
Period5/30/166/3/16

Fingerprint

Communication
Access control
Experiments

ASJC Scopus subject areas

  • Computer Science Applications
  • Software
  • Computer Networks and Communications

Cite this

Jing, Y., Ahn, G-J., Doupe, A., & Yi, J. H. (2016). Checking intent-based communication in android with intent space analysis. In ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security (pp. 735-746). Association for Computing Machinery, Inc. https://doi.org/10.1145/2897845.2897904

Checking intent-based communication in android with intent space analysis. / Jing, Yiming; Ahn, Gail-Joon; Doupe, Adam; Yi, Jeong Hyun.

ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2016. p. 735-746.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Jing, Y, Ahn, G-J, Doupe, A & Yi, JH 2016, Checking intent-based communication in android with intent space analysis. in ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, pp. 735-746, 11th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2016, Xi'an, China, 5/30/16. https://doi.org/10.1145/2897845.2897904
Jing Y, Ahn G-J, Doupe A, Yi JH. Checking intent-based communication in android with intent space analysis. In ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc. 2016. p. 735-746 https://doi.org/10.1145/2897845.2897904
Jing, Yiming ; Ahn, Gail-Joon ; Doupe, Adam ; Yi, Jeong Hyun. / Checking intent-based communication in android with intent space analysis. ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2016. pp. 735-746
@inproceedings{1b457e299cc344158c793001978b8ca7,
title = "Checking intent-based communication in android with intent space analysis",
abstract = "Intent-based communication is an inter-application communication mechanism in Android. While its importance has been proven by plenty of security extensions that protect it with policy-driven mandatory access control, an overlooked problem is the verification of the security policies. Checking one security extension's policy is indeed complex. Furthermore, intent-based communication introduces even more complexities because it is mediated by multiple security extensions that respectively enforce their own incompatible, distributed, and dynamic policies. This paper seeks a systematic approach to address the complexities involved in checking intent-based communication. To this end, we propose intent space analysis. Intent space analysis formulates the intent forwarding functionalities of security extensions as transformations on a geometric intent space. We further introduce a policy checking framework called IntentScope that proactively and automatically aggregates distributed policies into a holistic and verifiable view. We evaluate our approach against customized Android OSs and commodity Android devices. In addition, we further conduct experiments with four security extensions to demonstrate how our approach helps identify potential vulnerabilities in each extension.",
author = "Yiming Jing and Gail-Joon Ahn and Adam Doupe and Yi, {Jeong Hyun}",
year = "2016",
month = "5",
day = "30",
doi = "10.1145/2897845.2897904",
language = "English (US)",
pages = "735--746",
booktitle = "ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security",
publisher = "Association for Computing Machinery, Inc",

}

TY - GEN

T1 - Checking intent-based communication in android with intent space analysis

AU - Jing, Yiming

AU - Ahn, Gail-Joon

AU - Doupe, Adam

AU - Yi, Jeong Hyun

PY - 2016/5/30

Y1 - 2016/5/30

N2 - Intent-based communication is an inter-application communication mechanism in Android. While its importance has been proven by plenty of security extensions that protect it with policy-driven mandatory access control, an overlooked problem is the verification of the security policies. Checking one security extension's policy is indeed complex. Furthermore, intent-based communication introduces even more complexities because it is mediated by multiple security extensions that respectively enforce their own incompatible, distributed, and dynamic policies. This paper seeks a systematic approach to address the complexities involved in checking intent-based communication. To this end, we propose intent space analysis. Intent space analysis formulates the intent forwarding functionalities of security extensions as transformations on a geometric intent space. We further introduce a policy checking framework called IntentScope that proactively and automatically aggregates distributed policies into a holistic and verifiable view. We evaluate our approach against customized Android OSs and commodity Android devices. In addition, we further conduct experiments with four security extensions to demonstrate how our approach helps identify potential vulnerabilities in each extension.

AB - Intent-based communication is an inter-application communication mechanism in Android. While its importance has been proven by plenty of security extensions that protect it with policy-driven mandatory access control, an overlooked problem is the verification of the security policies. Checking one security extension's policy is indeed complex. Furthermore, intent-based communication introduces even more complexities because it is mediated by multiple security extensions that respectively enforce their own incompatible, distributed, and dynamic policies. This paper seeks a systematic approach to address the complexities involved in checking intent-based communication. To this end, we propose intent space analysis. Intent space analysis formulates the intent forwarding functionalities of security extensions as transformations on a geometric intent space. We further introduce a policy checking framework called IntentScope that proactively and automatically aggregates distributed policies into a holistic and verifiable view. We evaluate our approach against customized Android OSs and commodity Android devices. In addition, we further conduct experiments with four security extensions to demonstrate how our approach helps identify potential vulnerabilities in each extension.

UR - http://www.scopus.com/inward/record.url?scp=84979680901&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84979680901&partnerID=8YFLogxK

U2 - 10.1145/2897845.2897904

DO - 10.1145/2897845.2897904

M3 - Conference contribution

AN - SCOPUS:84979680901

SP - 735

EP - 746

BT - ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security

PB - Association for Computing Machinery, Inc

ER -