A Context-Aware Kernel IPC Firewall for Android presented at ShmooCon 2017

by Sergey Bratus, David J. Wu,

Summary : Our phones go wherever we go. Ever present, and with ever more data and connections, smartphones hold as much sensitive data as traditional systems but do not have the same protections. Android’s recent 6.0 (Marshmallow) release introduced much needed dynamic permission checks for applications. However, this does not go far enough in adapting to mobile phone’s unique security needs. Smartphones encounter a wide variety of settings and situations that current security solutions fail to account for. We introduce a context-aware IPC firewall for Android that dynamically filters messages based on environmental data. Our BinderFilter can both block and modify Android IPC messages sent through Binder, which is in a position of complete mediation in Android. Our Binder hooking framework and message parser are unique in their scope and implementation—and mitigate broad classes of cross-app attacks, such as “collusion” and “UI-based activity hijacking” attacks. We also provide a policy application, Picky, with which users can set policy rules for any message and target applications.

Sergey Bratus: Sergey Bratus is a Research Assistant Professor of Computer Science at Dartmouth College. He enjoys wireless and wired network hacking and tries to help fellow academics to understand its value and relevance. Before coming to Dartmouth, he worked on machine learning for natural text processing at BBN Technologies. He has a Ph.D. In Mathematics from Northeastern University.