cispa_all_3495.pdf (1.95 MB)

OS Support For Capabilities In Android

Download (1.95 MB)
posted on 2023-11-29, 18:05 authored by Abdallah Dawoud
Android’s security model utilizes a combination of low-level and high-level security mechanisms, such as the user-based protection model, SELinux, and permission system, to control access to system resources. However, this model has two limitations: First, it does not apply the principle of least privilege (PoLP) among app’s components and, second, it falls short in tracking transitive invocations. The first limitation introduces the problem of malicious 3rd -party libraries, whereas the second limitation enables the confused deputy attacks. To address the problems caused by both limitations, we extended Android’s security model with new security features borrowed from capability-based security model. Specifically, we introduced capabilities into Android’s middleware with kernel support. The goal is to come up with a functional prototype that enables different components of the same app to run with different access rights on the high-level system services, respecting the PoLP. Additionally, the prototype must provide a clear path to mitigate confused deputy attacks targeting system services through channels that have been deliberately exposed by the deputies. Along the line, we use the Binder framework, which is used for IPC in Android, as the building block for creating and communicating the capabilities of system services. We also rely on the kernel’s security guarantees to prevent forging capabilities. Additionally, we employ Android’s permission model to reflect the dynamic high-level security decisions made by end-users in order to encode the correct access rights into issued capabilities. As a result, we fulfill our goal without significantly increasing the attack surface or causing a performance degrade. In fact, our design shows a performance gain in specific places.


Preferred Citation

Abdallah Dawoud. OS Support For Capabilities In Android. Master's Thesis, Saarland University. 2018.


Bugiel, Sven

Primary Research Area

  • Secure Connected and Mobile Systems

CISPA Affiliation

  • No

Legacy Posted Date



Saarland University

Open Access Type

  • Green

Thesis Type

  • Master's Thesis


@mastersthesis{cispa_all_3495, title = "OS Support For Capabilities In Android", author = "Dawoud, Abdallah", school = "Saarland University", year="2018", }

Usage metrics


    No categories selected


    Ref. manager