Journal of KIISE (정보과학회 논문지)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지
DOI QR코드

DOI QR Code

An Effective Technique for Protecting Application Data using Security Enhanced (SE) Android in Rooted Android Phones

루팅된 안드로이드 폰에서 SEAndroid를 이용한 효과적인 앱 데이터 보호 기법

  • Received : 2016.09.05
  • Accepted : 2017.01.08
  • Published : 2017.04.15
⟨ Previous Next ⟩

Abstract

This paper analyzes security threats in Security Enhanced (SE) Android and proposes a new technique to efficiently protect application data including private information on rooted Android phones. On an unrooted device, application data can be accessed by the application itself according to the access control models. However, on a rooted device, a root-privileged shell can disable part or all of the access control model enforcement procedures. Therefore, a root-privileged shell can directly access sensitive data of other applications, and a malicious application can leak the data of other applications outside the device. To address this problem, the proposed technique allows only some specific processes to access to the data of other applications including private information by modifying the existing SEAndroid Linux Security Module (LSM) Hook function. Also, a new domain type of process is added to the target system to enforce stronger security rules. In addition, the proposed technique separates the directory type of a newly installed application and the directory type of previously installed applications. Experimental results show that the proposed technique can effectively protect the data of each application and incur performance overhead up to or less than 2 seconds.

본 논문에서는 루팅된 단말 환경에서 SEAndroid의 보안 위협을 체계적으로 분석하고, 효과적으로 앱 데이터를 보호하는 기법을 제안한다. 루팅되지 않은 안드로이드 단말의 경우, 접근제어 모델에 의해 한 앱의 데이터는 해당 앱만이 접근할 수 있다. 하지만, 루팅된 단말의 경우 접근제어 모델이 무력화되어, 루트 권한 쉘이 임의로 다른 앱의 민감한 데이터에 접근하거나 악성 앱이 다른 앱의 데이터를 외부로 유출할 수도 있다. 이를 방어하기 위해, 본 논문에서는 기존 SEAndroid의 LSM(Linux Security Module) Hook 함수를 수정하여 제한된 프로세스만이 특정 앱 데이터를 접근할 수 있도록 하였다. 또한 새로운 도메인 타입의 관리 프로세스를 추가하였고, 해당 프로세스로 하여금 새로 설치되는 앱의 디렉토리 타입을 분리하여 관리하게 하였다. 실험을 통해, 제안 기법이 앱 데이터를 효과적으로 보호함과 성능 오버헤드가 2초 이내임을 보인다.

Keywords

Acknowledgement

Supported by : 한국연구재단

References

  1. Egham. (2016, May 19). Gartner Says Worldwide Smartphone Sales Grew 3.9 Percent in First Quarter of 2016 [Online]. Available: http://www.gartner.com/ newsroom/id/3323017
  2. Y. Choi, S. Kim, D. H. Lee, "Study to detect and block leakage of personal information : Android- platform environment," Journal of the Korea Institute of Information Security and Cryptology, Vol. 23, No. 4, pp. 757-766, Aug. 2013. (in Korean) https://doi.org/10.13089/JKIISC.2013.23.4.757
  3. S. Smalley, R. Craig, "Security Enhanced (SE) Android: Bringing Flexible MAC to Android," NDSS, Vol. 310, pp. 20-38, Feb. 2013.
  4. Geohot. (2014, June). Towelroot [Online]. Available: https://towelroot.com/ (downloaded 2016, July 2)
  5. X. Li, H. Hu, G. Bai, Y. Jia, Z. Liang, P. Saxena, "DroidVault: A Trusted Data Vault for Android Devices," Proc. of the 19th International Conference on Engineering of Complex Computer Systems (ICECCS), pp. 29-38, 2014.
  6. F. Boukayoua, J. Lapon, B. D. Decker, V. Naessens, "Improving secure storage of data in Android," KU Leuven, Internal Report, 2014.
  7. S. Bugiel, S. Heuser, A.-R. Sadeghi, "Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies," Proc. of the 22nd USENIX Conference on Security (USENIX Security), pp. 131-146, 2013.
  8. E. Bacis, S. Mutti, S. Paraboschi, "AppPolicyModules: mandatory access control for third-party Apps," Proc. of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 309-320, 2015.
  9. Z. Zhao, F. C. C. Osono, "TrustDroid TM : Preventing the use of SmartPhones for information leaking in corporate networks through the used of static analysis taint tracking," Proc. of the 7th International Conference on Malicious and Unwanted Software (MALWARE), pp. 135-143, 2012.
  10. S. Verma, S. K. Pal, S. K. Muttoo, "A new tool for lightweight encryption on android," IEEE International Advance Computing Conference (IACC), pp. 306-311, 2014.
  11. S. S. Kim, C. S. Hong, "A Framework for Data Encryption of Android Application Using RMI Scheme," Proc. of the KIISE Korea Computer Congress 2014, pp. 768-770, 2014. (in Korean)
  12. R. Spencer, S. Smalley, P. Loscocco, M. Hibler, D. Andersen, J. Lapreau, "The flask security architecture: System support for diverse security policies," Proc. of the 8th USENIX Security Symposium, pp. 123-139, 1999.
  13. Y. S. Jeong, S. J. Cho,"SEAndroid Security Limitations: Risk of Personal Data Leakage," Proc. of the KIISE Korea Computer Congress 2016, pp. 129-131, 2016. (in Korean)
  14. Softweg.(2009, December). Benchmark Application [Online]. Available: https://play.google.com/store/apps/ details?id=softweg.hw.performance