Eingang zum Volltext in SciDok


Report (Bericht) zugänglich unter
URN: urn:nbn:de:bsz:291-scidok-49028

AppGuard - real-time policy enforcement for third-party applications

Backes, Michael ; Gerling, Sebastian ; Hammer, Christian ; Maffei, Matteo ; von Styp-Rekowsky, Philipp

Dokument 1.pdf (1.251 KB)

Bookmark bei Connotea Bookmark bei
SWD-Schlagwörter: Echtzeitsystem
Freie Schlagwörter (Englisch): operating system
Institut 1: Fachrichtung 6.2 - Informatik
Institut 2: Max-Planck-Institut für Softwaresysteme
DDC-Sachgruppe: Informatik
Dokumentart: Report (Bericht)
Schriftenreihe: Technischer Bericht / A / Fachbereich Informatik, Universität des Saarlandes
Bandnummer: 2012/02
Sprache: Englisch
Erstellungsjahr: 2012
Publikationsdatum: 16.07.2012
Kurzfassung auf Englisch: Android has become the most popular operating system for mobile devices, which makes it a prominent target for malicious software. The security concept of Android is based on app isolation and access control for critical system resources. However, users can only review and accept permission requests at install time, or else they cannot install an app at all. Android neither supports permission revocation after the installation of an app, nor dynamic permission assignment. Additionally, the current permission system is too coarse for many tasks and cannot easily be refined. We present an inline reference monitor system that overcomes these deficiencies. It extends Android’s permission system to impede overly curious behaviors; it supports complex policies, and mitigates vulnerabilities of third-party apps and the OS. It is the first solution that provides a practical extension of the current Android permission system as it can be deployed to all Android devices without modification of the firmware or root access to the smartphone. Our experimental analysis shows that we can remove permissions for overly curious apps as well as defend against several recent real-world attacks on Android phones with very little space and runtime overhead. AppGuard is available from the Google Play market.
Lizenz: Standard-Veröffentlichungsvertrag

Home | Impressum | Über SciDok | Policy | Kontakt | Datenschutzerklärung | English