MuTent: Dynamic Android Intent Protection with Ownership-Based Key Distribution and Security Contracts

dc.contributor.author Duraisamy Soundrapandian, Pradeep Kumar
dc.contributor.author Bao, Tiffany
dc.contributor.author Baek, Jaejong
dc.contributor.author Shoshitaishvili, Yan
dc.contributor.author Doupé, Adam
dc.contributor.author Wang, Ruoyu
dc.contributor.author Ahn, Gail-Joon
dc.date.accessioned 2020-12-24T20:30:27Z
dc.date.available 2020-12-24T20:30:27Z
dc.date.issued 2021-01-05
dc.description.abstract Intents are the plain-text based message object used for ICC by the Android framework. Hence the framework essentially lacks an inbuilt security mechanism to protect the visibility, accessibility, and integrity of Intent's data that facilitates adversaries to intercept or manipulate the data. In this work, we investigate the Intent protection mechanism and propose a security-enhanced Intent library MuTent that allows Android apps to securely exchange sensitive data during ICC. Differently from the existing mechanism, MuTent provides accessibility and visibility of Intent data by validating the receiver's capability and provides integrity by using encryption and the Arc security contract code. Especially, ICC is initiated by exchanging MuTent and follows a novel ownership-based key distribution model, that restricts the malware apps without permission from deciphering data. Through the evaluation, we show that MuTent can improve the security for popular Android apps with minimal performance overheads, demonstrated using F-Droid apps.
dc.format.extent 10 pages
dc.identifier.doi 10.24251/HICSS.2021.869
dc.identifier.isbn 978-0-9981331-4-0
dc.identifier.uri http://hdl.handle.net/10125/71490
dc.language.iso English
dc.relation.ispartof Proceedings of the 54th Hawaii International Conference on System Sciences
dc.rights Attribution-NonCommercial-NoDerivatives 4.0 International
dc.rights.uri https://creativecommons.org/licenses/by-nc-nd/4.0/
dc.subject Software Development for Mobile Devices, the Internet-of-Things, and Cyber-Physical Systems
dc.subject encryption
dc.subject intent leak
dc.subject mutation attack
dc.subject ownership-based key generation and distribution
dc.subject ownership types
dc.subject security contracts
dc.title MuTent: Dynamic Android Intent Protection with Ownership-Based Key Distribution and Security Contracts
prism.startingpage 7217
Files
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
0705.pdf
Size:
1.24 MB
Format:
Adobe Portable Document Format
Description: