Please use this identifier to cite or link to this item:
http://hdl.handle.net/10125/71490
MuTent: Dynamic Android Intent Protection with Ownership-Based Key Distribution and Security Contracts
Item Summary
Title: | MuTent: Dynamic Android Intent Protection with Ownership-Based Key Distribution and Security Contracts |
Authors: | Duraisamy Soundrapandian, Pradeep Kumar Bao, Tiffany Baek, Jaejong Shoshitaishvili, Yan Doupé, Adam show 2 moreWang, Ruoyu Ahn, Gail-Joon show less |
Keywords: | Software Development for Mobile Devices, the Internet-of-Things, and Cyber-Physical Systems encryption intent leak mutation attack ownership-based key generation and distribution show 2 moreownership types security contracts show less |
Date Issued: | 05 Jan 2021 |
Abstract: | Intents are the plain-text based message object used for ICC by the Android framework. Hence the framework essentially lacks an inbuilt security mechanism to protect the visibility, accessibility, and integrity of Intent's data that facilitates adversaries to intercept or manipulate the data. In this work, we investigate the Intent protection mechanism and propose a security-enhanced Intent library MuTent that allows Android apps to securely exchange sensitive data during ICC. Differently from the existing mechanism, MuTent provides accessibility and visibility of Intent data by validating the receiver's capability and provides integrity by using encryption and the Arc security contract code. Especially, ICC is initiated by exchanging MuTent and follows a novel ownership-based key distribution model, that restricts the malware apps without permission from deciphering data. Through the evaluation, we show that MuTent can improve the security for popular Android apps with minimal performance overheads, demonstrated using F-Droid apps. |
Pages/Duration: | 10 pages |
URI: | http://hdl.handle.net/10125/71490 |
ISBN: | 978-0-9981331-4-0 |
DOI: | 10.24251/HICSS.2021.869 |
Rights: | Attribution-NonCommercial-NoDerivatives 4.0 International https://creativecommons.org/licenses/by-nc-nd/4.0/ |
Appears in Collections: |
Software Development for Mobile Devices, the Internet-of-Things, and Cyber-Physical Systems |
Please email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.
This item is licensed under a Creative Commons License