CISPA
Browse
cispa_all_3495.pdf (1.95 MB)

OS Support For Capabilities In Android

Download (1.95 MB)
thesis
posted on 2023-11-29, 18:05 authored by Abdallah Dawoud
Android’s security model utilizes a combination of low-level and high-level security mechanisms, such as the user-based protection model, SELinux, and permission system, to control access to system resources. However, this model has two limitations: First, it does not apply the principle of least privilege (PoLP) among app’s components and, second, it falls short in tracking transitive invocations. The first limitation introduces the problem of malicious 3rd -party libraries, whereas the second limitation enables the confused deputy attacks. To address the problems caused by both limitations, we extended Android’s security model with new security features borrowed from capability-based security model. Specifically, we introduced capabilities into Android’s middleware with kernel support. The goal is to come up with a functional prototype that enables different components of the same app to run with different access rights on the high-level system services, respecting the PoLP. Additionally, the prototype must provide a clear path to mitigate confused deputy attacks targeting system services through channels that have been deliberately exposed by the deputies. Along the line, we use the Binder framework, which is used for IPC in Android, as the building block for creating and communicating the capabilities of system services. We also rely on the kernel’s security guarantees to prevent forging capabilities. Additionally, we employ Android’s permission model to reflect the dynamic high-level security decisions made by end-users in order to encode the correct access rights into issued capabilities. As a result, we fulfill our goal without significantly increasing the attack surface or causing a performance degrade. In fact, our design shows a performance gain in specific places.

History

Preferred Citation

Abdallah Dawoud. OS Support For Capabilities In Android. Master's Thesis, Saarland University. 2018.

Supervisor

Bugiel, Sven

Primary Research Area

  • Secure Connected and Mobile Systems

CISPA Affiliation

  • No

Legacy Posted Date

2021-10-07

Institution

Saarland University

Open Access Type

  • Green

Thesis Type

  • Master's Thesis

BibTeX

@mastersthesis{cispa_all_3495, title = "OS Support For Capabilities In Android", author = "Dawoud, Abdallah", school = "Saarland University", year="2018", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC