- Security '12 Home
- Registration Information
- Registration Discounts
- Organizers
- At a Glance
- Calendar
- Technical Sessions
- Workshops
- Hotel & Travel Information
- Poster Session
- Rump Session
- Birds-of-a-Feather Sessions
- Sponsors
- Activities
- Students
- Questions?
- For Participants
- Help Promote
- Call for Papers
- Past Proceedings
sponsors
usenix conference policies
Aurasium: Practical Policy Enforcement for Android Applications
Rubin Xu, Computer Laboratory, University of Cambridge; Hassen Saïdi, Computer Science Laboratory, SRI International; Ross Anderson, Computer Laboratory, University of Cambridge
The increasing popularity of Google’s mobile platform Android makes it the prime target of the latest surge in mobile malware. Most research on enhancing the platform’s security and privacy controls requires extensive modification to the operating system, which has significant usability issues and hinders efforts for widespread adoption. We develop a novel solution called Aurasium that bypasses the need to modify the Android OS while providing much of the security and privacy that users desire. We automatically repackage arbitrary applications to attach user-level sandboxing and policy enforcement code, which closely watches the application’s behavior for security and privacy violations such as attempts to retrieve a user’s sensitive information, send SMS covertly to premium numbers, or access malicious IP addresses. Aurasium can also detect and prevent cases of privilege escalation attacks. Experiments show that we can apply this solution to a large sample of benign and malicious applications with a near 100 percent success rate, without significant performance and space overhead. Aurasium has been tested on three versions of the Android OS, and is freely available.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Rubin Xu and Hassen Sa{\"\i}di and Ross Anderson},
title = {Aurasium: Practical Policy Enforcement for Android Applications},
booktitle = {21st USENIX Security Symposium (USENIX Security 12)},
year = {2012},
isbn = {978-931971-95-9},
address = {Bellevue, WA},
pages = {539--552},
url = {https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/xu_rubin},
publisher = {USENIX Association},
month = aug
}
connect with us