To prevent data leakage, modern mobile platforms (e.g., Android and iOS) customize their communication models to control how apps access message data. When a malicious app accesses sensitive data, data leakage occurs. Our evaluation shows that PoliCC supports secure message-based communication within and across devices by trading off performance costs, programming effort overheads, and security 1.Īn essential part of modern mobile platforms is inter-app communication, 2 which is typically message-based: apps send and receive various kinds of messages, some of which may contain sensitive data.
#The var guy bitcasa android#
PoliCC mitigates three classic Android data leakage attacks, while allowing untrusted apps to perform useful operations on delivered messages. We concretely realize HTPD as PoliCC, a plug-in replacement of Android Inter-Component Communication (ICC) middleware. To allow an untrusted destination to operate on encrypted data deliveries, HTPD integrates homomorphic and convergent encryption. Their delivery is polymorphic: as determined by the destination’s trustworthiness, it can be delivered no data, raw data, or encrypted data. Sensitive messages are transmitted hidden in an encrypted envelope. Our model, HTPD, introduces two novel mechanisms: hidden transmission and polymorphic d elivery.
To better secure message-based communication, we present a model that strengthens security, while also allowing untrusted-but-not-malicious apps to execute their business logic.
Existing defenses are overly restrictive, as they block all suspicious message exchanges, thus preventing any app from receiving messages. In modern mobile platforms, message-based communication is afflicted by data leakage attacks, through which untrustworthy apps access the transferred message data.
0 kommentar(er)
