Daniel Andrade, T. Kristoffersen, I. Rummelhoff, Alex Gerdov, J. Silva
{"title":"Thwarting Data Exfiltration by Repackaged Applications","authors":"Daniel Andrade, T. Kristoffersen, I. Rummelhoff, Alex Gerdov, J. Silva","doi":"10.1109/SRDSW.2016.18","DOIUrl":null,"url":null,"abstract":"Android applications are subject to repackaging attacks, where popular applications are modified, often by inserting malicious logic, re-signed, and then uploaded to an online store to be later on downloaded and installed by unsuspicious users. This paper presents a set of protocols for increasing trust in special-purpose Android applications, termed secured trusted applications, during communication with a trustworthy external hardware device for storing sensitive end user data, termed secured personal device. The proposed approach requires neither operating system modification nor root privileges. The evaluation of our solution shows that the authenticity and integrity of applications, and the confidentiality and integrity of communication, is ensured as long as Android operates correctly.","PeriodicalId":401182,"journal":{"name":"2016 IEEE 35th Symposium on Reliable Distributed Systems Workshops (SRDSW)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 35th Symposium on Reliable Distributed Systems Workshops (SRDSW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SRDSW.2016.18","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Android applications are subject to repackaging attacks, where popular applications are modified, often by inserting malicious logic, re-signed, and then uploaded to an online store to be later on downloaded and installed by unsuspicious users. This paper presents a set of protocols for increasing trust in special-purpose Android applications, termed secured trusted applications, during communication with a trustworthy external hardware device for storing sensitive end user data, termed secured personal device. The proposed approach requires neither operating system modification nor root privileges. The evaluation of our solution shows that the authenticity and integrity of applications, and the confidentiality and integrity of communication, is ensured as long as Android operates correctly.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
