Mandatory Access Control for the Android Dalvik Virtual Machine

Abstract : With the growing use of smartphones and other mobile devices, it becomes essential to be able to assure the user that his system and applications are doing exactly what they are supposed to do. Over the years and despite its configuration complexity, Mandatory Access Control has proven its efficiency in protecting systems. This paper proposes a solution providing a generic protection that doesn't need to modify the applications. Moreover, in order to face the complexity of defining an efficient MAC policy, a tool automatizes the generation of the policies required for the various applications. However, to efficiently guarantee the security of a system, each layer that composes it must be secured. Therefore, MAC implementations should not be limited to the operating system, but should also protect the inside of the applications. This paper presents Security Enhanced Dalvik (SEDalvik), a MAC approach for the Dalvik Virtual Machine in order to control the flows inside the Java applications running in Android. SEDalvik proposes a new mandatory protection to block the attacks that exploit the weakness of the Dalvik VM. By controlling the information flows between the Java objects, SEDalvik could prevent the new vectors of attack coming from the threat of the Java virtual machine as explained by Kaspersky Labs1. In contrast with other approaches, our solution corresponds to a self-organizing system since it transparently protects existing Java applications without any modifications. An experiment on an Android phone shows the efficiency of the protection.
Type de document :
Communication dans un congrès
2013 - USENIX Federated Conferences, ESOS: Workshop on Embedded Self-Organizing Systems, Jun 2013, San Jose, United States. 2013
Liste complète des métadonnées

https://hal.inria.fr/hal-00840732
Contributeur : Jérémy Briffaut <>
Soumis le : mardi 2 juillet 2013 - 23:20:15
Dernière modification le : mardi 28 octobre 2014 - 18:21:19

Identifiants

  • HAL Id : hal-00840732, version 1

Collections

Citation

Aline Bousquet, Jérémy Briffaut, Laurent Clévy, Christian Toinard, Benjamin Venelle. Mandatory Access Control for the Android Dalvik Virtual Machine. 2013 - USENIX Federated Conferences, ESOS: Workshop on Embedded Self-Organizing Systems, Jun 2013, San Jose, United States. 2013. 〈hal-00840732〉

Partager

Métriques

Consultations de la notice

305