skip to main content
10.1145/2295136.2295140acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
research-article

MOSES: supporting operation modes on smartphones

Published:20 June 2012Publication History

ABSTRACT

Smartphones are very effective tools for increasing the productivity of business users. With their increasing computational power and storage capacity, smartphones allow end users to perform several tasks and be always updated while on the move. As a consequence, end users require that their personal smartphones are connected to their work IT infrastructure. Companies are willing to support employee-owned smartphones because of the increase in productivity of their employees. However, smartphone security mechanisms have been discovered to offer very limited protection against malicious applications that can leak data stored on them. This poses a serious threat to sensitive corporate data. In this paper we present MOSES, a policy-based framework for enforcing software isolation of applications and data on the Android platform. In MOSES, it is possible to define distinct security profiles within a single smartphone. Each security profile is associated with a set of policies that control the access to applications and data. One of the main characteristics of MOSES is the dynamic switching from one security profile to another.

References

  1. Android malware steals info from one million phone owners. http://nakedsecurity.sophos.com/2010/07/29/android_malware_steals_info_million_phone_owners/.Google ScholarGoogle Scholar
  2. Android Project. http://www.android.com.Google ScholarGoogle Scholar
  3. Gartner says android to command nearly half of worldwide smartphone operating system market by year-end 2012. http://www.gartner.com/it/page.jsp?id=1622614.Google ScholarGoogle Scholar
  4. Mobile app malware menace grows. http://www.theregister.co.uk/2011/08/04/mobile_malware_trends/.Google ScholarGoogle Scholar
  5. These 26 Android Apps Will Steal Your Phone's Information. http://www.businessinsider.com/up_to_120000_android_phones_have_been_infected_with_malware_2011_5.Google ScholarGoogle Scholar
  6. Unisys establishes a bring your own device (byod) policy. http://www.insecureaboutsecurity.com/2011/03/14/unisys_establishes_a_bring_your_own_device_byod_policy/.Google ScholarGoogle Scholar
  7. Worldwide smartphone market expected to grow 55% in 2011 and approach shipments of one billion in 2015. http://www.idc.com/getdoc.jsp?containerId=prUS22871611.Google ScholarGoogle Scholar
  8. Guangdong Bai, Liang Gu, Tao Feng, Yao Guo, and Xiangqun Chen. Context-aware usage control for android. In Proc. SecureComm 2010, pages 326--343, 2010.Google ScholarGoogle ScholarCross RefCross Ref
  9. Alastair R Beresford, Andrew Rice, and Nicholas Skehin. MockDroid: trading privacy for application functionality on smartphones. In Proc. HotMobile '11, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Jeffrey Bickford, Ryan O'Hare, Arati Baliga, Vinod Ganapathy, and Liviu Iftode. Rootkits on smart phones: Attacks, implications and opportunities. In Proceedings of HotMobile 2010, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, and Ahmad-Reza Sadeghi. Xmandroid: A new android evolution to mitigate privilege escalation attacks. Technical report, Technische Universität Darmstadt, D-64293 Darmstadt, Germany, June 2011. Available at: http://www.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_TRUST/PubsPDF/xmandroid.pdf.Google ScholarGoogle Scholar
  12. Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Ahmad-Reza Sadeghi, and Bhargava Shastry. Practical and lightweight domain isolation on android. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, SPSM '11, pages 51--62, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Mauro Conti, Vu Thien Nga Nguyen, and Bruno Crispo. Crepe: context-related policy enforcement for android. In Proceedings of the 13th international conference on Information security, ISC'10, pages 331--345, Berlin, Heidelberg, 2011. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, and Marcel Winandy. Privilege escalation attacks on android. In Proceedings of the 13th international conference on Information security, ISC'10, pages 346--360, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Michael Dietz, Shashi Shekhar, Yuliy Pisetsky, Anhei Shu, and Dan S. Wallach. Quire: Lightweight provenance for smart phone operating systems. In 20th USENIX Security Symposium, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Technische Universitat Dresden and University of Technology Berlin. L4android.Google ScholarGoogle Scholar
  17. William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of OSDI 2010, October 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. William Enck, Machigar Ongtang, and Patrick McDaniel. Understanding android security. IEEE Security and Privacy, 7(1):50--57, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Nancy Gohring. VMWare Shows off Mobile Virtualization on Android. Internet Article, February 2011.Google ScholarGoogle Scholar
  20. Peter Hornyack, Seungyeop Han, Jaeyeon Jung, Stuart Schechter, and David Wetherall. "These aren't the droids you're looking for": Retroffiting android to protect data from imperious applications. In 18th ACM Conference on Computer and Communications Security (CCS'11), CCS 2011, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Matthias Lange, Steffen Liebergeld, Adam Lackorzynski, Alexander Warg, and Michael Peter. L4android: a generic operating system framework for secure smartphones. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, SPSM '11, pages 39--50, New York, NY, USA, 2011. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Anthony Lineberry, David Luke Richardson, and Tim Wyatt. These aren't the permissions you're looking, 2010. Available at: http://dtors.files.wordpress.com/2010/08/blackhat-2010-slides.pdf.Google ScholarGoogle Scholar
  23. Mohammad Nauman, Sohail Khan, and Xinwen Zhang. Apex: extending android permission model and enforcement with user-defined runtime constraints. In Proc. ASIACCS '10, pages 328--332, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Machigar Ongtang, Stephen McLaughlin, William Enck, and Patrick McDaniel. Semantically rich application-centric security in android. In Proc. ACSAC '09, pages 73--82, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. SYBASE White Paper. Are Your Sales Reps Missing Important Sales Opportunities? http://m.sybase.com/files/White_Papers/Solutions_SAP_Reps.pdf.Google ScholarGoogle Scholar
  26. Georgios Portokalidis, Philip Homburg, Kostas Anagnostakis, and Herbert Bos. Paranoid android: versatile protection for smartphones. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC '10, pages 347--356, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Giovanni Russello, Bruno Crispo, Earlence Fernandes, and Yuri Zhauniarovich. Yaase: Yet another android security extension. In SocialCom/PASSAT, pages 1033--1040. IEEE, 2011.Google ScholarGoogle ScholarCross RefCross Ref
  28. Roman Schlegel, Kehuan Zhang, Xiaoyong Zhou, Mehool Intwala, Apu Kapadia, and XiaoFeng Wang. Soundcomber: A stealthy and context-aware sound trojan for smartphones. In Proceedings of the 18th Annual Network & Distributed System Security Symposium, NDSS '11, pages 17--33, 2011.Google ScholarGoogle Scholar
  29. Asaf Shabtai, Yuval Fledel, Uri Kanonov, Yuval Elovici, Shlomi Dolev, and Chanan Glezer. Google android: A comprehensive security assessment. IEEE Security and Privacy, 8:35--44, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Yang Xu, Felix Bruns, Elizabeth Gonzalez, Shadi Traboulsi, Klaus Mott, and Attila Bilgic. Performance evaluation of para-virtualization on modern mobile phone platform. In Proceedings of the International Conference on Computer, Electrical, and Systems Science, and Engineering, 2010.Google ScholarGoogle Scholar
  31. Yajin Zhou, Xinwen Zhang, Xuxian Jiang, and V.W. Freeh. Taming Information-Stealing Smartphone Applications (on Android). In Proc. TRUST 2011, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library

Recommendations

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Sign in
  • Published in

    cover image ACM Conferences
    SACMAT '12: Proceedings of the 17th ACM symposium on Access Control Models and Technologies
    June 2012
    242 pages
    ISBN:9781450312950
    DOI:10.1145/2295136

    Copyright © 2012 ACM

    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    • Published: 20 June 2012

    Permissions

    Request permissions about this article.

    Request Permissions

    Check for updates

    Qualifiers

    • research-article

    Acceptance Rates

    SACMAT '12 Paper Acceptance Rate19of73submissions,26%Overall Acceptance Rate177of597submissions,30%

    Upcoming Conference

    SACMAT 2024

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader