Date: September 10, 2012 from 10:00 AM to 11:00 AM
Location: ITU, 3A18Summary
Modern smartphones allow a variety of third-party applications to run on them, creating a delicate dance between usability and trust. Without burdening the user with security dialogs, apps must have enough privilege to get their job done, yet with suitable isolation from other possibly hostile apps. Android provides a variety of security features that were engineered to make this possible, but a number of deficiencies have cropped up over the years. This talk considers several problems. Android applications tend to have the ability to make arbitrary Internet connections, making it difficult for remote servers to trust which app might be making the connection. Android applications can similarly make a variety of internal IPCs, leading to "confused deputy" attacks where one app might be tricked into exercising a dangerous privilege on behalf of an untrusted caller. We address these issues with IPC and RPC extensions that can efficiently track the call chain and use this when making security decisions. We will also discuss solutions to the "permission bloat" problem that results from apps, which may not need many permissions themselves, including advertising libraries which require GPS location, Internet access, and more. Our IPC architecture allows us to separate advertisements from their hosting applications, reducing permission bloat and increasing resistance to synthetic click attacks.Biography
Dan Wallach is a professor in the Department of Computer Science at Rice University in Houston, Texas. His research considers a variety of different computer security topics, ranging from web browsers and servers through electronic voting technologies and smartphones.