Skip to main content

Seminar:  Run-Time Enforcement of Information-Flow Properties on Android

Date:December 3, 2012 
Talk Title:Run-Time Enforcement of Information-Flow Properties on Android
Speaker:Limin Jia
Time & Location:12:00pm - 1:00pm
CIC Building, Pittsburgh

Abstract

Recent years have seen a dramatic increase in the number and importance in daily life of mobile devices. The security properties that these devices provide to their applications, however, are inadequate to protect against many undesired behaviors.  A broad class of such behaviors is violations of simple information-flow properties. 

In this talk, I will present our work on improving Android's permission system to prevent confused-deputy attacks and information leakage.  Our system permits Android applications to be concisely annotated with information-flow policies by either the programmers or security analysts. We develop a detailed model of our enforcement system using a process calculus, and use the model to prove noninterference.  Our system and model have a number of useful or novel features, including support for Android's single- and multiple-instance components, floating labels, declassification and endorsement capabilities, and support for legacy applications.  Our system design fits the Android programming model and runtime cleanly enough that we have developed a fully functional prototype on Android 4.0.4.  We have tested our prototype on a Nexus S phone, verifying that it can enforce practically useful policies that can be implemented with minimal modification to off-the-shelf applications.

Speaker Bio

Limin JiaLimin Jia is a Research Systems Scientist at CyLab at Carnegie Mellon University. Her research interests include programming languages, language-based security, type systems, logic, and program verification.