Computing Reviews

FireDroid:hardening security in almost-stock Android
Russello G., Jimenez A., Naderi H., van der Mark W.  ACSAC 2013 (Proceedings of the 29th Annual Computer Security Applications Conference, New Orleans, LA, Dec 9-13, 2013)319-328,2013.Type:Proceedings
Date Reviewed: 05/22/14

This paper proposes a policy-based framework to enforce security policies by intercepting system calls to the Linux kernel beneath the Android operating system (OS). By using this approach it is possible to detect security breaches by third-party apps, pre-installed apps by Google or the device vendors, but also malicious native code activity. The framework states several advantages, including the total transparency of the system to the application itself as well as to the Android OS.

FireDroid works on every process that is spawned by the Android main process Zygote. FireDroid basically performs the following four features: it attaches to, identifies, monitors, and most importantly executes policies on a target process. Due to the fact that defining policies for low-level vetting mechanisms is very error-prone, the paper proposes a novel policy language for specifying high-level policies that are then mapped to policies enforceable at the level of the intercepted system calls.

Furthermore, the paper carries out an extensive performance analysis, which can be summarized as follows: there is a total performance overhead of about 12 percent over the measured factors central processing unit (CPU), memory, input/output (I/O), 2D, and 3D. Regarding the executed application programming interface (API) operations under FireDroid, HttpGet produces an overhead of one percent, BroadcastIntent produces an overhead of five percent, QueryContact produces an overhead of four percent, and GetLastLocation produces an overhead of 30 percent, which seems reasonable.

Compared to related approaches, FireDroid is totally complementary, as in the case of ComDroid [1] and Woodpecker [2], which can be used by system administrators to detect vulnerabilities and then specify FireDroid policies to prevent successful exploitation. Finally, FireDroid works similar to other projects, like Aurasium [3], which also detects a system call (dlopen) but with improvements regarding robustness and extensiveness.

FireDroid gives a company complete control over device applications and therefore the company is not forced to trust the user.

1)
Chin, E.; Porter Felt, A.; Greenwood, K.; Wagner, D. Analyzing inter-application communication in Android. In Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services ACM, 2011, 239–252.

2)
Grace, M.; Zhou, Y.; Wang, Z.; Jiang, X. Systematic detection of capability leaks in stock Android smartphones. In Proceedings of the 19th Network and Distributed System Security Symposium Internet Society, 2012, 1–15.

3)
Xu, R.; Saïdi, H.; Anderson, R. Aurasium: practical policy enforcement for Android applications. In Proceedings of the 21st USENIX Security Symposium USENIX, 2012, 1–14.
Reviewer:  Edgar R. Weippl Review #: CR142312 (1408-0658)
Reproduction in whole or in part without permission is prohibited.   Copyright 2024 ComputingReviews.com™
Terms of Use | Privacy Policy