CISPA
Browse
cispa_all_2818.pdf (502.55 kB)

DroidCap: OS Support for Capability-based Permissions in Android

Download (502.55 kB)
conference contribution
posted on 2023-11-29, 18:10 authored by Abdallah Dawoud, Sven BugielSven Bugiel
We present DroidCap, a retrofitting of Android’s central Binder IPC mechanism to change the way how permissions are being represented and managed in the system. In DroidCap, permissions are per-process Binder object capabilities. DroidCap's design removes Android’s UID-based ambient authority and allows the delegation of capabilities between processes to create least-privileged protection domains efficiently. With DroidCap, we show that object capabilities as underlying access control model integrates naturally and backward-compatible into Android’s stock permission model and application management. Thus, our Binder capabilities provide app developers with a new path to gradually adopting app compartmentalization, which we showcase at two favorite examples from the literature, privilege separated advertisement libraries and least privileged app components.

History

Preferred Citation

Abdallah Dawoud and Sven Bugiel. DroidCap: OS Support for Capability-based Permissions in Android. In: Network and Distributed System Security Symposium (NDSS). 2019.

Primary Research Area

  • Secure Connected and Mobile Systems

Name of Conference

Network and Distributed System Security Symposium (NDSS)

Legacy Posted Date

2019-03-15

Open Access Type

  • Unknown

BibTeX

@inproceedings{cispa_all_2818, title = "DroidCap: OS Support for Capability-based Permissions in Android", author = "Dawoud, Abdallah and Bugiel, Sven", booktitle="{Network and Distributed System Security Symposium (NDSS)}", year="2019", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC