Mandatory Access Control (MAC) has provided a great contribution to the improvement of the security of modern operating systems. A clear demonstration is represented by Android, which has progressively assigned a greater role to SELinux since its introduction in 2013. These benefits have been mostly dedicated to the protection of system components against the behavior of apps and no control is offered to app developers on the use of MAC. Our solution overcomes this limitation, giving developers the power to define ad-hoc MAC policies for their apps, supporting the internal compartmentalization of app components. This is a natural evolution of the security mechanisms already available in Android, but its realization requires to consider that (i) the security of system components must be maintained, (ii) the solution must be usable by developers, and (iii) the performance impact should be limited. Our proposal meets these three requirements. The proposal is supported by an open-source implementation.

(2021). SEApp: Bringing mandatory access control to Android apps . Retrieved from http://hdl.handle.net/10446/202636

SEApp: Bringing mandatory access control to Android apps

Rossi, Matthew;Facchinetti, Dario;Bacis, Enrico;Rosa, Marco;Paraboschi, Stefano
2021-01-01

Abstract

Mandatory Access Control (MAC) has provided a great contribution to the improvement of the security of modern operating systems. A clear demonstration is represented by Android, which has progressively assigned a greater role to SELinux since its introduction in 2013. These benefits have been mostly dedicated to the protection of system components against the behavior of apps and no control is offered to app developers on the use of MAC. Our solution overcomes this limitation, giving developers the power to define ad-hoc MAC policies for their apps, supporting the internal compartmentalization of app components. This is a natural evolution of the security mechanisms already available in Android, but its realization requires to consider that (i) the security of system components must be maintained, (ii) the solution must be usable by developers, and (iii) the performance impact should be limited. Our proposal meets these three requirements. The proposal is supported by an open-source implementation.
2021
Rossi, Matthew; Facchinetti, Dario; Bacis, Enrico; Rosa, Marco; Paraboschi, Stefano
File allegato/i alla scheda:
File Dimensione del file Formato  
seapp.pdf

accesso aperto

Versione: publisher's version - versione editoriale
Licenza: Licenza default Aisberg
Dimensione del file 1.86 MB
Formato Adobe PDF
1.86 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10446/202636
Citazioni
  • Scopus 5
  • ???jsp.display-item.citation.isi??? 4
social impact