MuTent: Dynamic Android Intent Protection with Ownership-Based Key Distribution and Security Contracts

Date
2021-01-05
Authors
Duraisamy Soundrapandian, Pradeep Kumar
Bao, Tiffany
Baek, Jaejong
Shoshitaishvili, Yan
Doupé, Adam
Wang, Ruoyu
Ahn, Gail-Joon
Contributor
Advisor
Department
Instructor
Depositor
Speaker
Researcher
Consultant
Interviewer
Journal Title
Journal ISSN
Volume Title
Publisher
Volume
Number/Issue
Starting Page
7217
Ending Page
Alternative Title
Abstract
Intents are the plain-text based message object used for ICC by the Android framework. Hence the framework essentially lacks an inbuilt security mechanism to protect the visibility, accessibility, and integrity of Intent's data that facilitates adversaries to intercept or manipulate the data. In this work, we investigate the Intent protection mechanism and propose a security-enhanced Intent library MuTent that allows Android apps to securely exchange sensitive data during ICC. Differently from the existing mechanism, MuTent provides accessibility and visibility of Intent data by validating the receiver's capability and provides integrity by using encryption and the Arc security contract code. Especially, ICC is initiated by exchanging MuTent and follows a novel ownership-based key distribution model, that restricts the malware apps without permission from deciphering data. Through the evaluation, we show that MuTent can improve the security for popular Android apps with minimal performance overheads, demonstrated using F-Droid apps.
Description
Keywords
Software Development for Mobile Devices, the Internet-of-Things, and Cyber-Physical Systems, encryption, intent leak, mutation attack, ownership-based key generation and distribution, ownership types, security contracts
Citation
Extent
10 pages
Format
Geographic Location
Time Period
Related To
Proceedings of the 54th Hawaii International Conference on System Sciences
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International
Rights Holder
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.