Skip to main content
SpringerLink
Log in

AppShield: Enabling Multi-entity Access Control Cross Platforms for Mobile App Management

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2016)

Abstract

Bring-your-own-device (BYOD) is getting popular. Diverse personal devices are used to access enterprise resources, and deployment of the solutions with customized operating system (OS) dependency will thus be restricted. Moreover, device utilization for both business and personal purposes creates new threats involving leakage of sensitive data. As for functionalities, a BYOD solution should isolate an arbitrary number of entities, such as those relating to business and personal uses and provide fine-grained access control on multi-entity management. Existing BYOD solutions lack in these aspects; we propose a system, called AppShield, which supports multi-entity management and role-based access control with file-level granularity, apart from local data sharing/isolation. AppShield includes (1) application rewriting framework for Android apps, which builds Mobile Application Management (MAM) features into app automatically with complete mediation, (2) cross-platform proxy-based data access mechanism, which can enforce arbitrary access control policies. The fully functional controller with data proxy is implemented for both Android and iOS. AppShield allows for enterprise policy management without modifying device OS. The evaluation shows that AppShield is successful at policy enforcement and is reliable. It induces little impact on application’s performance and size, for example, our app rewriting introduces less than 5% code size increment in over 95% apps in our evaluation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://play.google.com/store/apps/details?id=com.webshield.appshield&hl=en.

References

  1. Predictions: The year of BYOD management (2016). http://www.rcrwireless.com/20160129/opinion/2016-predictions-the-year-of-byod-management-tag10

  2. AirWatch: Enterprise Mobility Management. http://www.air-watch.com/

  3. Android-apktool: A tool for reengineering Android apk files. http://code.google.com/p/android-apktool/

  4. Android application class. http://developer.android.com/reference/android/app/Application.html

  5. Android binary XML file parser. https://github.com/xgouchet/AXML

  6. Android bionic. https://android.googlesource.com/platform/bionic/

  7. Android content provider. http://developer.android.com/guide/topics/providers/content-providers.html

  8. Android fragmentation report august 2014 - opensignal. http://opensignal.com/reports/2014/android-fragmentation/

  9. Android manifest permission. http://developer.android.com/reference/android/Manifest.permission.html

  10. Android Uri. http://developer.android.com/reference/android/net/Uri.html

  11. Bring Android to Work. http://www.android.com/it/preview/

  12. Citrix. https://www.citrix.com/

  13. Good Technology. https://www1.good.com/

  14. iOS Open-in management. http://searchmobilecomputing.techtarget.com/tip/Open-in-management-helps-secure-iOS-data

  15. Mocana - Strong and Usable Security. https://www.mocana.com/

  16. Significant iPhone and iPad malware threats will emerge (2015). http://www.ibtimes.co.uk/significant-iphone-ipad-malware-threats-will-emerge-2015-1490577

  17. Smali: An assembler/disassembler for Android’s dex format. http://code.google.com/p/smali/

  18. UI/Application exerciser Monkey. http://developer.android.com/tools/help/monkey.html

  19. What You Need to Know About iOS Malware XcodeGhost. http://www.macrumors.com/2015/09/20/xcodeghost-chinese-malware-faq/

  20. Arp, D., Spreitzenbarth, M., HĂĽbner, M., Gascon, H., Rieck, K., Siemens, C.: Drebin: effective and explainable detection of android malware in your pocket. In: Proceedings of NDSS (2014)

    Google Scholar 

  21. Backes, M., Bugiel, S., Hammer, C., Schranz, O., Von Styp-Rekowsky, P.: Boxify: Full-fledged app sandboxing for stock android. In: Proceedings USENIX Security (2015)

    Google Scholar 

  22. Barr, K., Bungale, P., Deasy, S., Gyuris, V., Hung, P., Newell, C., Tuch, H., Zoppis, B.: The VMware mobile virtualization platform: is that a hypervisor in your pocket? ACM SIGOPS Operating Syst. Rev. 44(4), 124–135 (2010)

    Article  Google Scholar 

  23. Davis, B., Chen, H.: Retroskeleton: Retrofitting android apps. In: ACM MobiSys (2013)

    Google Scholar 

  24. Davis, B., Sanders, B., Khodaverdian, A., Chen, H.: I-ARM-Droid: a rewriting framework for in-app reference monitors for android applications. In: IEEE MoST (2012)

    Google Scholar 

  25. Enck, W., Gilbert, P., Chun, B., Cox, L., Jung, J., McDaniel, P., Sheth, A.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: USENIX OSDI (2010)

    Google Scholar 

  26. Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day android malware detection. In: ACM MobiSys (2012)

    Google Scholar 

  27. Heuser, S., Nadkarni, A., Enck, W., Sadeghi, A.-R.: ASM: a programmable interface for extending android security. In: Proceedings USENIX Security (2014)

    Google Scholar 

  28. Kodeswaran, P., Nandakumar, V., Kapoor, S., Kamaraju, P., Joshi, A., Mukherjea, S.: Securing enterprise data on smartphones using run time information flow control. In: IEEE MDM (2012)

    Google Scholar 

  29. Lange, M., Liebergeld, S., Lackorzynski, A., Warg, A., Peter, M.: L4Android: a generic operating system framework for secure smartphones. In: ACM SPSM (2011)

    Google Scholar 

  30. Lever, C., Antonakakis, M., Reaves, B., Traynor, P., Lee, W.: The core of the matter: Analyzing malicious traffic in cellular carriers. In: NDSS (2013)

    Google Scholar 

  31. Nadkarni, A., Enck, W.: Preventing accidental data disclosure in modern operating systems. In: ACM CCS (2013)

    Google Scholar 

  32. Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission model and enforcement with user-defined runtime constraints. In: ACM ASIACCS (2010)

    Google Scholar 

  33. Ongtang, M., Butler, K., McDaniel, P.: Porscha: policy oriented secure content handling in android. In: ACM ACSAC (2010)

    Google Scholar 

  34. Poeplau, S., Fratantonio, Y., Bianchi, A., Kruegel, C., Vigna, G.: Execute this! analyzing unsafe and malicious dynamic code loading in android applications. In: NDSS (2014)

    Google Scholar 

  35. Rastogi, V., Chen, Y., Jiang, X.: Droidchameleon: evaluating android anti-malware against transformation attacks. In: ACM ASIACCS (2013)

    Google Scholar 

  36. Rohrer, F., Feleke, N., Zhang, Y., Nimley, K., Chitkushev, L., Zlateva, T.: Android security analysis and protection in finance and healthcare. Comput. Sci. Educ. Comput. Sci. 8(1), 80–89 (2012). Boston University MET

    Google Scholar 

  37. Rohrer, F., Zhang, Y., Chitkushev, L., Zlateva, T.: DR BACA: dynamic role based access control for android. In: ACM ACSAC (2013)

    Google Scholar 

  38. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Comput. 29(2), 38–47 (1996)

    Article  Google Scholar 

  39. Smalley, S., Craig, R.: Security enhanced (SE) android: Bringing flexible MAC to android. In: NDSS (2013)

    Google Scholar 

  40. Vaidya, J., Atluri, V., Warner, J.: RoleMiner: mining roles using subset enumeration. In: ACM CCS (2006)

    Google Scholar 

  41. Xu, R., Saïdi, H., Anderson, R.: Aurasium: practical policy enforcement for android applications. In: USENIX Security Symposium, pp. 539–552 (2012)

    Google Scholar 

  42. Xu, Y., Witchel, E.: Maxoid: transparently confining mobile applications with custom views of state. In: ACM EuroSys (2015)

    Google Scholar 

  43. Zhao, Z., Osono, F.C.C.: Trustdroid: preventing the use of smartphones for information leaking in corporate networks through the used of static analysis taint tracking. In: IEEE MALWARE (2012)

    Google Scholar 

Download references

Acknowledgments

We thank our reviewers for their valuable comments. This paper was made possible by the National Natural Science Foundation of China under Grant No. 61472209, by the U.S. National Science Foundation under Grant CNS-1408790. The statements made herein are solely the responsibility of the authors.

Author information

Authors and Affiliations

  1. Northwestern University, Evanston, IL, 60208, USA

    Zhengyang Qu, Yan Chen & Wangjun Hong

  2. Zhejiang University, Hangzhou, China

    Guanyu Guo & Zhengyue Shao

  3. University of Wisconsin, Madison, WI, 53706, USA

    Vaibhav Rastogi

  4. University of California, Davis, CA, 95616, USA

    Hao Chen

Authors
  1. Zhengyang Qu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Guanyu Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhengyue Shao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vaibhav Rastogi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yan Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Hao Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Wangjun Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhengyang Qu .

Editor information

Editors and Affiliations

  1. Singapore Management University, Singapore, Singapore

    Robert Deng

  2. Jinan University, Guangzhou, Guangdong, China

    Jian Weng

  3. University at Buffalo, Buffalo, New York, USA

    Kui Ren

  4. SRI International, Menlo Park, California, USA

    Vinod Yegneswaran

Rights and permissions

Reprints and permissions

Copyright information

© 2017 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Qu, Z. et al. (2017). AppShield: Enabling Multi-entity Access Control Cross Platforms for Mobile App Management. In: Deng, R., Weng, J., Ren, K., Yegneswaran, V. (eds) Security and Privacy in Communication Networks. SecureComm 2016. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 198. Springer, Cham. https://doi.org/10.1007/978-3-319-59608-2_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-59608-2_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-59607-5

  • Online ISBN: 978-3-319-59608-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation