Search Icon
Register

DroidCap: OS Support for Capability-based Permissions in Android

Abdallah Dawoud (CISPA Helmholtz Center i.G.), Sven Bugiel (CISPA Helmholtz Center i.G.)

We present DroidCap, a retrofitting of Android’s central Binder IPC mechanism to change the way how permissions are being represented and managed in the system. In DroidCap, permissions are per-process Binder object capabilities. DroidCap's design removes Android’s UID-based ambient authority and allows the delegation of capabilities between processes to create least-privileged protection domains efficiently. With DroidCap, we show that object capabilities as underlying access control model integrates naturally and backward-compatible into Android’s stock permission model and application management. Thus, our Binder capabilities provide app developers with a new path to gradually adopting app compartmentalization, which we showcase at two favorite examples from the literature, privilege separated advertisement libraries and least privileged app components.

Paper
Video

View More Papers

Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability

Giulio Malavolta (Friedrich-Alexander University Erlangen-Nürnberg), Pedro Moreno Sanchez (TU Wien), Clara Schneidewind (TU Wien), Aniket Kate (Purdue University), Matteo Maffei (TU Wien)

Read More

Unveiling your keystrokes: A Cache-based Side-channel Attack on Graphics...

Daimeng Wang (University of California Riverside), Ajaya Neupane (University of California Riverside), Zhiyun Qian (University of California Riverside), Nael Abu-Ghazaleh (University of California Riverside), Srikanth V. Krishnamurthy (University of California Riverside), Edward J. M. Colbert (Virginia Tech), Paul Yu (U.S. Army Research Lab (ARL))

Read More

SANCTUARY: ARMing TrustZone with User-space Enclaves

Ferdinand Brasser (Technische Universität Darmstadt), David Gens (Technische Universität Darmstadt), Patrick Jauernig (Technische Universität Darmstadt), Ahmad-Reza Sadeghi (Technische Universität Darmstadt), Emmanuel Stapf (Technische Universität Darmstadt)

Read More

PeriScope: An Effective Probing and Fuzzing Framework for the...

Dokyung Song (University of California, Irvine), Felicitas Hetzelt (Technical University of Berlin), Dipanjan Das (University of California, Santa Barbara), Chad Spensky (University of California, Santa Barbara), Yeoul Na (University of California, Irvine), Stijn Volckaert (University of California, Irvine and KU Leuven), Giovanni Vigna (University of California, Santa Barbara), Christopher Kruegel (University of California, Santa Barbara),…

Read More