TY - GEN
T1 - Mutent
T2 - 54th Annual Hawaii International Conference on System Sciences, HICSS 2021
AU - Pradeep Kumar, D. S.
AU - Baek, Jaejong
AU - Bao, Tiffany
AU - Shoshitaishvili, Yan
AU - Doupe, Adam L.
AU - Wang, Ruoyu
AU - Ahn, Gail Joon
N1 - Publisher Copyright:
© 2021 IEEE Computer Society. All rights reserved.
PY - 2021
Y1 - 2021
N2 - Intents are the plain-text based message object used for ICC by the Android framework. Hence the framework essentially lacks an inbuilt security mechanism to protect the visibility, accessibility, and integrity of Intent's data that facilitates adversaries to intercept or manipulate the data. In this work, we investigate the Intent protection mechanism and propose a security-enhanced Intent library µTent that allows Android apps to securely exchange sensitive data during ICC. Differently from the existing mechanism, µTent provides accessibility and visibility of Intent data by validating the receiver's capability and provides integrity by using encryption and the Arc security contract code. Especially, ICC is initiated by exchanging µTent and follows a novel ownership-based key distribution model, that restricts the malware apps without permission from deciphering data. Through the evaluation, we show that µTent can improve the security for popular Android apps with minimal performance overheads, demonstrated using F-Droid apps.
AB - Intents are the plain-text based message object used for ICC by the Android framework. Hence the framework essentially lacks an inbuilt security mechanism to protect the visibility, accessibility, and integrity of Intent's data that facilitates adversaries to intercept or manipulate the data. In this work, we investigate the Intent protection mechanism and propose a security-enhanced Intent library µTent that allows Android apps to securely exchange sensitive data during ICC. Differently from the existing mechanism, µTent provides accessibility and visibility of Intent data by validating the receiver's capability and provides integrity by using encryption and the Arc security contract code. Especially, ICC is initiated by exchanging µTent and follows a novel ownership-based key distribution model, that restricts the malware apps without permission from deciphering data. Through the evaluation, we show that µTent can improve the security for popular Android apps with minimal performance overheads, demonstrated using F-Droid apps.
UR - http://www.scopus.com/inward/record.url?scp=85108311367&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85108311367&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85108311367
T3 - Proceedings of the Annual Hawaii International Conference on System Sciences
SP - 7217
EP - 7226
BT - Proceedings of the 54th Annual Hawaii International Conference on System Sciences, HICSS 2021
A2 - Bui, Tung X.
PB - IEEE Computer Society
Y2 - 4 January 2021 through 8 January 2021
ER -