Abdallah Dawoud (CISPA Helmholtz Center i.G.), Sven Bugiel (CISPA Helmholtz Center i.G.)

We present DroidCap, a retrofitting of Android’s central Binder IPC mechanism to change the way how permissions are being represented and managed in the system. In DroidCap, permissions are per-process Binder object capabilities. DroidCap's design removes Android’s UID-based ambient authority and allows the delegation of capabilities between processes to create least-privileged protection domains efficiently. With DroidCap, we show that object capabilities as underlying access control model integrates naturally and backward-compatible into Android’s stock permission model and application management. Thus, our Binder capabilities provide app developers with a new path to gradually adopting app compartmentalization, which we showcase at two favorite examples from the literature, privilege separated advertisement libraries and least privileged app components.

View More Papers

ExSpectre: Hiding Malware in Speculative Execution

Jack Wampler (University of Colorado Boulder), Ian Martiny (University of Colorado Boulder), Eric Wustrow (University of Colorado Boulder)

Read More

Master of Web Puppets: Abusing Web Browsers for Persistent...

Panagiotis Papadopoulos (FORTH-ICS, Greece), Panagiotis Ilia (FORTH-ICS), Michalis Polychronakis (Stony Brook University, USA), Evangelos P. Markatos (FORTH-ICS, Greece), Sotiris Ioannidis (FORTH-ICS, Greece), Giorgos Vasiliadis (FORTH-ICS, Greece)

Read More

Giving State to the Stateless: Augmenting Trustworthy Computation with...

Gabriel Kaptchuk (Johns Hopkins University), Matthew Green (Johns Hopkins University), Ian Miers (Cornell Tech)

Read More

NIC: Detecting Adversarial Samples with Neural Network Invariant Checking

Shiqing Ma (Purdue University), Yingqi Liu (Purdue University), Guanhong Tao (Purdue University), Wen-Chuan Lee (Purdue University), Xiangyu Zhang (Purdue University)

Read More