Talk by Limin Jia - Run-Time Enforcement of Information-Flow Properties on Android
SPEAKER: Limin Jia, Carnegie-Mellon University
HOST: Ronald Garcia
TITLE: Run-Time Enforcement of Information-Flow Properties on Android
ABSTRACT:
I will talk about improving Android's permission system to prevent
confused-deputy attacks and information leakage. Our system permits
Android applications to be concisely annotated with information-flow
policies by either the programmers or security analysts. We develop a
detailed model of our enforcement system using a process calculus, and
use the model to prove noninterference. Our system and model have a
number of useful or novel features, including support for Android's
single- and multiple-instance components, floating labels,
declassification and endorsement capabilities, and support for legacy
applications. We have developed a fully functional
prototype on Android 4.0.4. We have tested our prototype on a Nexus S
phone, verifying that it can enforce practically useful policies that
can be implemented with minimal modification to off-the-shelf
applications.
Limin Jia is an Assistant Research Professor in ECE and INI. She