Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Best of 2016 Recommended by Editor Recommended by Reviewer Recommended by Reader
Search
FireDroid: hardening security in almost-stock Android
Russello G., Jimenez A., Naderi H., van der Mark W.  ACSAC 2013 (Proceedings of the 29th Annual Computer Security Applications Conference, New Orleans, LA, Dec 9-13, 2013)319-328.2013.Type:Proceedings
Date Reviewed: May 22 2014

This paper proposes a policy-based framework to enforce security policies by intercepting system calls to the Linux kernel beneath the Android operating system (OS). By using this approach it is possible to detect security breaches by third-party apps, pre-installed apps by Google or the device vendors, but also malicious native code activity. The framework states several advantages, including the total transparency of the system to the application itself as well as to the Android OS.

FireDroid works on every process that is spawned by the Android main process Zygote. FireDroid basically performs the following four features: it attaches to, identifies, monitors, and most importantly executes policies on a target process. Due to the fact that defining policies for low-level vetting mechanisms is very error-prone, the paper proposes a novel policy language for specifying high-level policies that are then mapped to policies enforceable at the level of the intercepted system calls.

Furthermore, the paper carries out an extensive performance analysis, which can be summarized as follows: there is a total performance overhead of about 12 percent over the measured factors central processing unit (CPU), memory, input/output (I/O), 2D, and 3D. Regarding the executed application programming interface (API) operations under FireDroid, HttpGet produces an overhead of one percent, BroadcastIntent produces an overhead of five percent, QueryContact produces an overhead of four percent, and GetLastLocation produces an overhead of 30 percent, which seems reasonable.

Compared to related approaches, FireDroid is totally complementary, as in the case of ComDroid [1] and Woodpecker [2], which can be used by system administrators to detect vulnerabilities and then specify FireDroid policies to prevent successful exploitation. Finally, FireDroid works similar to other projects, like Aurasium [3], which also detects a system call (dlopen) but with improvements regarding robustness and extensiveness.

FireDroid gives a company complete control over device applications and therefore the company is not forced to trust the user.

Reviewer:  Edgar R. Weippl Review #: CR142312 (1408-0658)
1) Chin, E.; Porter Felt, A.; Greenwood, K.; Wagner, D. Analyzing inter-application communication in Android. In Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services ACM, 2011, 239–252.
2) Grace, M.; Zhou, Y.; Wang, Z.; Jiang, X. Systematic detection of capability leaks in stock Android smartphones. In Proceedings of the 19th Network and Distributed System Security Symposium Internet Society, 2012, 1–15.
3) Xu, R.; Saïdi, H.; Anderson, R. Aurasium: practical policy enforcement for Android applications. In Proceedings of the 21st USENIX Security Symposium USENIX, 2012, 1–14.
Bookmark and Share
  Editor Recommended
Featured Reviewer
 
 
Access Controls (D.4.6 ... )
 
 
Information Flow Controls (D.4.6 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Access Controls": Date
Access control lists in capability environments
Lopriore L. Technology and Science of Informatics 3(3): 163-174, 1984. Type: Article
Mar 1 1985
Some variants of the take-grant protection model
Biskup J. (ed) Information Processing Letters 19(3): 151-156, 1984. Type: Article
Jun 1 1985
On access checking in capability-based systems
Kain R., Landwehr C. (ed) IEEE Transactions on Software Engineering SE-13(2): 202-207, 1987. Type: Article
Dec 1 1987
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy