Abdallah Dawoud (CISPA Helmholtz Center i.G.), Sven Bugiel (CISPA Helmholtz Center i.G.)

We present DroidCap, a retrofitting of Android’s central Binder IPC mechanism to change the way how permissions are being represented and managed in the system. In DroidCap, permissions are per-process Binder object capabilities. DroidCap's design removes Android’s UID-based ambient authority and allows the delegation of capabilities between processes to create least-privileged protection domains efficiently. With DroidCap, we show that object capabilities as underlying access control model integrates naturally and backward-compatible into Android’s stock permission model and application management. Thus, our Binder capabilities provide app developers with a new path to gradually adopting app compartmentalization, which we showcase at two favorite examples from the literature, privilege separated advertisement libraries and least privileged app components.

View More Papers

DIAT: Data Integrity Attestation for Resilient Collaboration of Autonomous...

Tigist Abera (Technische Universität Darmstadt), Raad Bahmani (Technische Universität Darmstadt), Ferdinand Brasser (Technische Universität Darmstadt), Ahmad Ibrahim (Technische Universität Darmstadt), Ahmad-Reza Sadeghi (Technische Universität Darmstadt), Matthias Schunter (Intel Labs)

Read More

Automating Patching of Vulnerable Open-Source Software Versions in Application...

Ruian Duan (Georgia Institute of Technology), Ashish Bijlani (Georgia Institute of Technology), Yang Ji (Georgia Institute of Technology), Omar Alrawi (Georgia Institute of Technology), Yiyuan Xiong (Peking University), Moses Ike (Georgia Institute of Technology), Brendan Saltaformaggio (Georgia Institute of Technology), Wenke Lee (Georgia Institute of Technology)

Read More

Analyzing Semantic Correctness with Symbolic Execution: A Case Study...

Sze Yiu Chau (Purdue University), Moosa Yahyazadeh (The University of Iowa), Omar Chowdhury (The University of Iowa), Aniket Kate (Purdue University), Ninghui Li (Purdue University)

Read More

Graph-based Security and Privacy Analytics via Collective Classification with...

Binghui Wang (Iowa State University), Jinyuan Jia (Iowa State University), Neil Zhenqiang Gong (Iowa State University)

Read More