Intentio ex machina: Android intent access control via an extensible application hook

Carter Yagemann, Wenliang Du

Research output: Chapter in Book/Entry/PoemConference contribution

3 Scopus citations

Abstract

Android’s intent framework serves as the primary method for interprocess communication (IPC) among apps. The increased volume of intent IPC present in Android devices, coupled with intent’s ability to implicitly find valid receivers for IPC, bring about new security challenges. We propose Intentio Ex Machina (IEM), an access control solution for Android intent security. IEM separates the logic for performing access control from the point of interception by placing an interface in the Android framework. This allows the access control logic to be placed inside a normal application and reached via the interface. The app, called a “user firewall”, can then receive intents as they enter the system and inspect them. Not only can the user firewall allow or block intents, but it can even modify them to a controlled extent. Since it runs as a user application, developers are able to create user firewalls that manufacturers can then integrate into their devices. In this way, IEM allows for a new genre of security application for Android systems offering a creative and interactive approach to active IPC defense.

Original languageEnglish (US)
Title of host publicationComputer Security - 21st European Symposium on Research in Computer Security, ESORICS 2016, Proceedings
EditorsSokratis Katsikas, Catherine Meadows, Ioannis Askoxylakis, Sotiris Ioannidis
PublisherSpringer Verlag
Pages383-400
Number of pages18
ISBN (Print)9783319457437
DOIs
StatePublished - 2016
Event21st European Symposium on Research in Computer Security, ESORICS 2016 - Heraklion, Greece
Duration: Sep 26 2016Sep 30 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9878 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other21st European Symposium on Research in Computer Security, ESORICS 2016
Country/TerritoryGreece
CityHeraklion
Period9/26/169/30/16

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Intentio ex machina: Android intent access control via an extensible application hook'. Together they form a unique fingerprint.

Cite this