Abstract
We propose a new attestation approach for the Android platform that integrates Trusted Computing concepts and Android’s permission-based access control features. Recent research in the field of mobile security has shown that malware is a real threat. Trusted Computing in general and especially the concept of remote attestation can be leveraged to counter both the dissemination and the potential impact of such malware. However, current attestation approaches are not well suited for mobile platforms and crucial Trusted Computing components are still missing for them. Our approach introduces the necessary Trusted Computing building blocks for the Android platform. Furthermore, we detail how the permissions that are used by an Android phone’s installed apps can be attested to a remote party at runtime. Additionally, we highlight areas that are subject of future work.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Cai, L., Machiraju, S., Chen, H.: Defending against sensor-sniffing attacks on mobile phones. In: Proceedings of the 1st ACM Workshop on Networking, systems, and Applications for Mobile Handhelds - MobiHeld 2009, p. 31 (2009), http://portal.acm.org/citation.cfm?doid=1592606.1592614
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 235–245. ACM, New York (2009)
Sadeghi, A.-R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: Proceedings of the 2004 Workshop on New Security Paradigms, NSPW 2004, pp. 67–77. ACM, New York (2004)
Schlegel, R., Zhang, K., Zhou, X., Intwala, M., Kapadia, A., Wang, X.: Soundminer: A Stealthy and Context-Aware Sound Trojan for Smartphones. In: Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS), pp. 17–33 (Febraury 2011)
Strasser, M., Stamer, H.: A software-based trusted platform module emulator. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 33–47. Springer, Heidelberg (2008)
TCG Mobile Phone Work Group: Mobile Trusted Module Specification, Version 1.0 Revision 7.02 (April 2010), http://www.trustedcomputinggroup.org/resources/mobile_phone_work_group_mobile_trusted_module_specification
The H Security: Android app steals bank login details (January 2010), http://www.h-online.com/security/news/item/Android-app-steals-bank-login-details-901895.html (accessed on February 27, 2011)
The H Security: First SMS trojan for Android detected (August 2010), http://www.h-online.com/security/news/item/First-SMS-trojan-for-Android-detected-1053466.html (accessed on February 27, 2011)
Thumher, B.: The impact of mobile technology on business processes results from 5 case studies. In: 2nd IEEE/IFIP International Workshop on Business-Driven IT Management, BDIM 2007, (21-21 2007), pp. 108–109 (2007)
Xu, N., Zhang, F., Luo, Y., Jia, W., Xuan, D., Teng, J.: Stealthy video capturer: a new video-based spyware in 3g smartphones. In: Proceedings of the Second ACM Conference on Wireless Network Security, WiSec 2009, pp. 69–78. ACM, New York (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bente, I. et al. (2011). Towards Permission-Based Attestation for the Android Platform. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, AR., Sasse, A., Beres, Y. (eds) Trust and Trustworthy Computing. Trust 2011. Lecture Notes in Computer Science, vol 6740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21599-5_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-21599-5_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21598-8
Online ISBN: 978-3-642-21599-5
eBook Packages: Computer ScienceComputer Science (R0)