Explore a comprehensive presentation on app-level protection against runtime information gathering on Android devices. Delve into the innovative "App Guardian" technique that safeguards sensitive information without modifying the operating system or target apps. Learn about the pervasive threat of runtime-information-gathering (RIG) attacks and their impact on popular Android-based home security systems. Discover how App Guardian pauses suspicious background processes to thwart malicious monitoring attempts. Examine the unique features of Android that make this approach effective and the careful design considerations for optimal protection. Analyze the experimental results demonstrating App Guardian's success in defeating known RIG attacks while minimizing impact on legitimate app utility and system performance. Gain insights into the broader implications of this approach for Android security and future research directions in the field.
Leave Me Alone - App-Level Protection against Runtime Information Gathering on Android
Overview
Syllabus
Intro
Permission-Based Access Control
App's Runtime Statistics
RIG Attacks Are Pervasive
NetCam Communication Model
NetCam Attacks
Mute alarm
Overview of App Guardian
Life Cycle of Guardian Protection
Finding Suspects
Data Stealing Attacks
Side Channel Attacks
Self Protection
Effectiveness
Utility Impacts and Performance
Overhead
Conclusion
Taught by
IEEE Symposium on Security and Privacy
