the people problem/technical problem have a trivial solution? Why are the previous solutions and why are they inadequate? Proposed Solution: Why is it believed it will work? How does it represent an improvement? How is the solution achieved? Evaluation: What logic, argument, evidence, artifacts(e.g., a proof-of-concept system),or experiments are presented in support of the idea? Analysis Is this a good idea? What flaws do you perceive in the work?What are the most interesting or controversial ideas? For work that has practical implications, ask whether this will work,who would want it, what it will take to give it to them, and when might it become a reality? Contributions: Ideas, methods, software, experimental results, experimental techniques…? Directions: author’s and yours, perhaps driven by shortcomings or other critiques Questions: What questions would you like to raise in an open discussion of the work(review interesting and controversial points, above)? What do you find difficult to understand? List as many as you can. Bob (CUHK) Paper Summaries October 30, 2014 3 / 93
Android and Beyond Automatic Mediation of Privacy-Sensitive Resource Access in Smartphone Applications Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies WHYPER: Towards Automating Risk Assessment of Mobile Applications Jekyll on iOS: When Benign Apps Become Evil 2 CCS ’13 The Impact of Vendor Customizations on Android Security Unauthorized Origin Crossing on Mobile Platforms: Threats and Mitigation Identity, Location, Disease and More: Inferring Your Secrets from Android Public Resources Vetting Undesirable Behaviors in Android Apps with Permission Use Analysis AppIntent: Analyzing Sensitive Data Transmission in Android for Privacy Leakage Detection 3 ACSAC ’13 Bob (CUHK) Paper Summaries October 30, 2014 4 / 93
AFrame: Isolating Advertisements from Mobile Applications in Android The Man Who Was There: Validating Check-ins in Location-Based Services FireDroid: Hardening Security in Almost-Stock Android Bob (CUHK) Paper Summaries October 30, 2014 5 / 93
authors implement a modified Android system (LayerCake) to tackle the security issues of embedded user interfaces. 1Franziska Roesner and Tadayoshi Kohno. “Securing embedded user interfaces: Android and beyond”. In: Proceedings of the 22nd USENIX conference on Security. USENIX Association. 2013, pp. 97–112. Bob (CUHK) Paper Summaries October 30, 2014 6 / 93
Browsers provide secure isolation between an embedding page and embedded content. Android does not. Third-party libraries run in app’s context. No true cross-application UI embedding. Bob (CUHK) Paper Summaries October 30, 2014 8 / 93
not have a secured embedded user interface, we need to redesign secure embedded interfaces from scratch. Proposed Solution Modify Android system and add an embedded activity to achieve process isolation between application and embedded view. Managing windows. Handling focus. Supporting cross-principal APIs. Handling size conflicts. Support for clickjacking prevention. A malicious application may make a sensitive UI element transparent or very small, obscure, scroll off-screen. Covered, not the minimum requested size, not fully visible preventing ancestor redirection. Bob (CUHK) Paper Summaries October 30, 2014 9 / 93
Performance: loading time and event dispatching time Contributions: Authors implement the system (LayerCoke) which provides additional security properties and capabilities Isolated Embedded UI Secure WebViews Access Control Gadgets Bob (CUHK) Paper Summaries October 30, 2014 10 / 93
Android system can provieds lots of security benefits, We can also work on it. Questions Will the system benifit Android security community? Is it easy to write applications on these modified system? Bob (CUHK) Paper Summaries October 30, 2014 11 / 93
Message: The authors design a static analysis algorithm to automatically mediate (add, delete) the permission prompt codes in the Windows Phone project. 2Benjamin Livshits and Jaeyeon Jung. “Automatic mediation of privacy-sensitive resource access in smartphone applications”. In: Proceedings of the 22nd USENIX conference on Security. USENIX Association. 2013, pp. 113–130. Bob (CUHK) Paper Summaries October 30, 2014 12 / 93
Unlike Android, the permission mechanism in Windows Phone is to add prompt codes before calling sensitive APIs by developer manmually. Motivation Coding problem proper protection partial protection no protection The current practice often fails in providing adequate privacy protection. Bob (CUHK) Paper Summaries October 30, 2014 13 / 93
Solution The algorithm formulate the problem as prompt placement problem. And solve it to achieve the following conditions: safe, visible, frugal and not-repetitive. There are two approaches: Dominator-based approach Backward placement Checking for existing prompts Bob (CUHK) Paper Summaries October 30, 2014 14 / 93
Input statistics (processed methods, nodes) Results of applying analysis (succeeded #, failed #, dominator-based #, backward #) Performance analysis Contributions Study on the existing applications on resource access prompts. Two static analysis algorithm for correct promt placement. Bob (CUHK) Paper Summaries October 30, 2014 15 / 93
Some static methods can help developers to avoid some coding mistakes which can lead to security problem or battery consumption. Questions Why not add policy enforcement in system level like iOS? The study use a compiler algorithm method to solve the security problem. But I think the motivation and the issues to be solved is not so compelling. Bob (CUHK) Paper Summaries October 30, 2014 16 / 93
Security and Privacy Policies3 Take-away Message: The paper propose a system (FlaskDroid) which is a modified Android system. FlaskDroid can make mandatory access control (MAC) using SELinux. 3Sven Bugiel, Stephan Heuser, and Ahmad-Reza Sadeghi. “Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies”. In: 22nd USENIX Security Symposium (USENIX Security’13). USENIX. 2013. Bob (CUHK) Paper Summaries October 30, 2014 17 / 93
Security and Privacy Policies Motivation Almost all proposals for security extensions to Android constitute MAC mechanisms that are tailored to the specific semantics of the addressed problem. Current MAC system operate only at a specific layer (application layer, kernel layer). No generic MAC system both in application layer and kernel layer. Mobile system need a higher security standard than PC. Bob (CUHK) Paper Summaries October 30, 2014 18 / 93
Security and Privacy Policies Proposed Solution Modify Android system to achieve the architecture showed in the right. Extend SELinux’s policy semantics for type enforcement. Bob (CUHK) Paper Summaries October 30, 2014 19 / 93
Security and Privacy Policies Evaluation Root exploits Malicious apps executed by root Over-privileged and information stealing Sensory malware Confused deputy and collusion attacks Contributions: FlaskDroid system, extensible policy language Bob (CUHK) Paper Summaries October 30, 2014 20 / 93
Security and Privacy Policies Directions: Complex system, lots of engineering work. Questions: I think the system is so complex using on the normal implementation. The newly designed policy language is very hard for the developers. What’s the practical usage of the system? Bob (CUHK) Paper Summaries October 30, 2014 21 / 93
The paper presents a system WHYPER which use Natural Language Processing (NPL) techniques to identify sentences that describe the need for a given permission in an application description. 4Rahul Pandita, Xusheng Xiao, Wei Yang, William Enck, and Tao Xie. “WHYPER: towards automating risk assessment of mobile applications”. In: Proceedings of the 22nd USENIX conference on Security. USENIX Association. 2013, pp. 527–542. Bob (CUHK) Paper Summaries October 30, 2014 22 / 93
does the user expect? GPS Tracker Phone-Call Recorder One-Click Root Motivation: Bridging the semantic gap between what the user expects an application to do (application description) and what it actually does (permission usage). Bob (CUHK) Paper Summaries October 30, 2014 23 / 93
Preprocessor: preiod handling, sentence boundaries, named entity handling and abbreviation handling. NPL Parser: Stanford Parser Intermediate-representation generator: First-Order-Logic (FOL) Semantic Graph Generator: API Docs -> Semantic Graphs Semantic Engine: FOL, semantic graphs -> determine if a sentence describes the need for a permission Bob (CUHK) Paper Summaries October 30, 2014 24 / 93
FP, TN, FN precision, recall and F-Score How effective compared to keyword-based searching? Contributions WHYPER uses NLP techniques to bridge the semantic gap. 581 applications containing 10,000 sentences, substantial improvement Bob (CUHK) Paper Summaries October 30, 2014 25 / 93
the basic techniques to solve the security problems will come out a novel idea. But, we should clear about the motivation (the security problems). Questions Did this system help you find out the zero-day malware or existing malware in the wild? Can this method work on Chinese descriptions? Bob (CUHK) Paper Summaries October 30, 2014 26 / 93
The authors craft Jekyll apps which can be remotely exploited and introduce malicious control flows by rearranging codes on iOS. The Jekyll apps can bypass the review mechanism of Apple. 5Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee. “Jekyll on iOS: when benign apps become evil”. In: Proceedings of the 22nd USENIX conference on Security. USENIX Association. 2013, pp. 559–572. Bob (CUHK) Paper Summaries October 30, 2014 27 / 93
APIs, private APIs App signing Motivation Apple adopts the mandatory app review and code signing mechanisms to ensure the security of apps on iOS. The result is very good, and rare malware appears on App Store due to the mechanisms. Is there any methods can bypass the app review. If yes, why make this happened? Can we provide a better architecture? Bob (CUHK) Paper Summaries October 30, 2014 28 / 93
(Attack Design): Motivating example explained on the right figures. Normal application planted with vulnerabilities and hides code gadgets. Jekyll apps pass Apple’s app review and publish to the App Store. The attacker exploits the vulnerabilities and assembles the gadgets in a particular order to perform malicious operations. Challenges: ASLR, crafting vulnerability, hiding gadgets Bob (CUHK) Paper Summaries October 30, 2014 29 / 93
tweets and sending email and SMS Camera, bluetooth, device ID, and dialing exploiting kernel vulnerabilities Trampoline attack Contributions Novel attacking method on iOS which can pass App Review. Experiments. Bob (CUHK) Paper Summaries October 30, 2014 30 / 93
direction on finding unrevealed vulnerabilities. The discovery should have great impact on the industry or represent a new type of attack. Android vulnerabilities? The inconsistent programming issue between Java and native code (e.g., Master Key bugs). Questions iOS 7? How to figure out the vulnerabilities and exploit them? (ROP attacks?) Bob (CUHK) Paper Summaries October 30, 2014 31 / 93
The authors perform provenance analysis, permission usage analysis and vulnerability analysis on the customized Android OS from four different vendors. The results bring impact on the current smartphone industries. 6Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, and Xuxian Jiang. “The Impact of Vendor Customizations on Android Security”. In: Proceedings of the 20th ACM Conference on Computer and Communications Security. CCS, 2013. Bob (CUHK) Paper Summaries October 30, 2014 32 / 93
of the phone on the market are customized by vendors. Vendor customizations inherently impact over Android security. Authors want to study vendor customizations on stock Android devices and assess the impact on overall Android security. Proposed Solution Provenance analysis: AOSP app, vendor app, third-party app. Permission usage analysis compares the permissions requested by the app: permission overprivilege problem. Vulnerability analysis: permission re-delegation attacks and content leaks. Bob (CUHK) Paper Summaries October 30, 2014 33 / 93
customized systems from five vendors. (Samsung, HTC, LG, Sony, Google) Statistics of the distribution of AOSP app, vendor app and third-party app % of overprivileged apps among all pre-loaded apps % of vulnerable apps among all apps Two case studies: Samsung Galaxy S3 (wipe data) and LG Optimus P880 (reboot and account leak) Bob (CUHK) Paper Summaries October 30, 2014 34 / 93
analyze the security impact of customized systems from different vendors. The most attractive contribution is the discoveries in the below table. Bob (CUHK) Paper Summaries October 30, 2014 35 / 93
same study can be used in the third-party ROMs. The impact of third-party ROMs will be small than vendors. There may be more interesting discoveries: more severe security problems. Questions How long to determine a vulnerabilities using the tools mentioned in the paper? If a long time, then why? Bob (CUHK) Paper Summaries October 30, 2014 36 / 93
Message: The study analyze the mobile cross-origin risk and propose a protection mechanism called Morbs. Morbs labels every message with the origin information and enforce the policies based on origins. 7Rui Wang, Luyi Xing, XiaoFeng Wang, and Shuo Chen. “Unauthorized Origin Crossing on Mobile Platforms: Threats and Mitigation”. In: Proceedings of the 20th ACM Conference on Computer and Communications Security. CCS, 2013. Bob (CUHK) Paper Summaries October 30, 2014 37 / 93
Mobile communication channels Intent (Key value data) URL scheme: youtube://watch?token=xxx Web-accessing utility classes: WebView, UIWebView Motivation Unauthorized origin crossing is related to the prior research problems: confused deputy problem, permission redelegation problem, cross-site request forgery (CSRF) attack. However, prior studies aim at protecting mobile devices, the general problem has not been dug deeper. private Avtivity? other channels? Bob (CUHK) Paper Summaries October 30, 2014 38 / 93
the scheme Channel: Invoking apps from the web (Android and iOS) Login CSRF attacks on Dropbox iOS SDK Bob (CUHK) Paper Summaries October 30, 2014 43 / 93
the scheme Channel: Invoking apps from the web (Android and iOS) Bypassing Facebook’s app authentication mechanism. Bob (CUHK) Paper Summaries October 30, 2014 44 / 93
on Web-Accessing Utility Classes Exploiting Callbacks (WebView in iOS) Exploiting Header-attachement (HttpClient in Android) Bob (CUHK) Paper Summaries October 30, 2014 45 / 93
Effectiveness (examples) Performance (Morbs operation, impact of policy check on different channel) Campatibility and developer’s effort (Comparison between fix the problems w/o Morbs and w. Morbs) Bob (CUHK) Paper Summaries October 30, 2014 47 / 93
Problems System Evalutaion Directions: Try to figure out the security problems of App/System. Question: The problem is bring by the new communication mechanisms (intent, scheme) in mobile system. Are there any communication designs can defend against these security problem without modifying current architecuture/system? Bob (CUHK) Paper Summaries October 30, 2014 48 / 93
Public Resources8 Take-away Message: In this paper, the authors discovered three unexpected channels of information leaks on Android.What can a malicious app still learn about the user’s private information without any permissions at all? 8Xiaoyong Zhou, Soteris Demetriou, Dongjing He, Muhammad Naveed, Xiaorui Pan, XiaoFeng Wang, Carl A Gunter, and Klara Nahrstedt. “Identity, location, disease and more: inferring your secrets from android public resources”. In: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM. 2013, pp. 1017–1028. Bob (CUHK) Paper Summaries October 30, 2014 49 / 93
Public Resources Motivation: Assuming that Android’s security design has been faithfully implemented and apps are well protected by their developers, what can a malicious app still learn about the user’s private information without any permissions at all? Bob (CUHK) Paper Summaries October 30, 2014 50 / 93
Public Resources Attacks: Usage monitoring and analysis Identity inference Health and investment Location inference Driving Route inference Bob (CUHK) Paper Summaries October 30, 2014 51 / 93
Public Resources Usage monitoring and analysis: /proc/uid_stat/[uid]/tcp_rcv and /proc/uid_stat/[uid]/tcp_snd: record the total numbers of bytes received and sent by a specific app respectively. Stealthy and realtime monitoring: continuously reads from tcp_rcv and tcp_send of a target app to record increments in their values. Analyze a target app’s behavior offline to generate a payload-sequence signature for the behavior. Bob (CUHK) Paper Summaries October 30, 2014 52 / 93
Public Resources Finding where you are: Location inference BSSID-based geo-location /proc/net/arp and /proc/net/wireless is documented with ARP parameters. BSSID: the gateway’s MAC address -> MAC of wireless switch/route Google, Skyhook and Navizon collecting the BSSIDs of public Wi-Fi hotspots to help location-based service. Bob (CUHK) Paper Summaries October 30, 2014 55 / 93
Public Resources Knowing where you go: Driving route inference Assumption: driving, turn-by-turn void guidance. Speaker usage information: speech-length sequences. Bob (CUHK) Paper Summaries October 30, 2014 56 / 93
Public Resources Evaluation Experimental results: https://sites.google.com/site/sidedroid/ Geo-location with a single BSSID evaluation. FP, TP Contributions Reveal us what privacy can we steal by a zero-permission application. Directions: Any new attack methods. Questions?: Is it difficult to figure out the TCP payload sequence produced by a certain behavior? Bob (CUHK) Paper Summaries October 30, 2014 58 / 93
Take-away Message: TaintDroid + Permission usage 9Yuan Zhang, Min Yang, Bingquan Xu, Zhemin Yang, Guofei Gu, Peng Ning, X Sean Wang, and Binyu Zang. “Vetting undesirable behaviors in android apps with permission use analysis”. In: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM. 2013, pp. 611–622. Bob (CUHK) Paper Summaries October 30, 2014 59 / 93
Motivation: TaintDroid: Tracking how apps use sensitive information required integrating our software into the Android platform at a low level by tainting variables. Which variable should I taint? And how did the privacy leak? Bob (CUHK) Paper Summaries October 30, 2014 60 / 93
Solutions: Explicit permission use points (E-PUP), Implicit permission use points (I-PUP). Permission User Behavior is a function call graph based on E-PUP and I-PUP. Bob (CUHK) Paper Summaries October 30, 2014 61 / 93
E-PUP Identifier. I-PUP Tracker: 1. Delivery point; 2. Permission-based taint analysis. Application driver: Monkey. Behavior profiler: fine-grained permission model -> application usually need to use multiple permissions together to accomplish a meaningful behavior. Bob (CUHK) Paper Summaries October 30, 2014 62 / 93
Prototype, Evaluation Based on TaintDroid (Android 2.3). Two real-world malware study: malicious behavior analysis, system call trace comparison. Vetting market apps: comparison between TaintDroid and VetDroid with information leakage. Performance overhead evaluation: 80%, 238%. Bob (CUHK) Paper Summaries October 30, 2014 63 / 93
Contributions: VetDroid can help analyst to find privacy leakage easily based on TaintDroid. Directions: Still have some space to improve the dynamic analysis system. Questions: Can VetDroid analyze the privacy which go through native library? Bob (CUHK) Paper Summaries October 30, 2014 64 / 93
Detection10 Take-away Message: AppIntent uses an event-space constraint guided symbolic execution technique, which effectively reduces the event search space. 10Zhemin Yang, Min Yang, Yuan Zhang, Guofei Gu, Peng Ning, and X Sean Wang. “Appintent: Analyzing sensitive data transmission in android for privacy leakage detection”. In: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM. 2013, pp. 1043–1054. Bob (CUHK) Paper Summaries October 30, 2014 65 / 93
Detection Motivation: Existing symbolic execution only focus on non-interactive programs and has path explosion problem. Proposed Solution: Event-space constraint guided symbolic execution. Bob (CUHK) Paper Summaries October 30, 2014 66 / 93
Detection Construction of the event-space constraint graph Extracting critical events: backward traversing the call graph. Extracting essential events: construct the life cycle in an application. Guided symbolic execution Bob (CUHK) Paper Summaries October 30, 2014 67 / 93
Detection Dynamic analysis platform: AppIntent uses InstrumentationTestRunner which can: Automatically trigger event inputs. Automatically provide data inputs. Highlight activated views of GUI events. Highlight sensitive data read and transmission. Bob (CUHK) Paper Summaries October 30, 2014 68 / 93
Detection Evaluation: Effectiveness of event-space constraint guided symbolic execution. full graph v.s. event-space constraint graph Effectiveness on analyzing sensitive data transmission. Malicious apps/Google Play Findings: ID/phone number, logging system Analysis time. Case study. Bob (CUHK) Paper Summaries October 30, 2014 69 / 93
Detection Contributions Event-space constraint guided symbolic execution technique. Dynamic triggering using Instrument. Directions: Using the technique in other fields to solve the security problem is a good direction. Questions: How to extract sensitive data transmission path? How do you deal with the input data which is not from UI interaction (e.g. timing, network, sensor). Bob (CUHK) Paper Summaries October 30, 2014 70 / 93
PatchDroid use hooking technique to make scalable third-party security patches for Android devices. 11Collin Mulliner, Jon Oberheide, William Robertson, and Engin Kirda. “PatchDroid: Scalable Third-Party Security Patches for Android Devices”. In: Proceedings of the 2013 Annual Computer Security Applications Conference. 2013. Bob (CUHK) Paper Summaries October 30, 2014 71 / 93
Android upgrades quickly, the motivation is to fix security vulnerabilities in Android devices that are no longer supported by the manufacturer and mobile network operator. roll out third-party security fixes. Bob (CUHK) Paper Summaries October 30, 2014 72 / 93
patching native code function replacement fixing via function proxy failed return value checking patching Dalvik bytecode Bob (CUHK) Paper Summaries October 30, 2014 74 / 93
evaluation performance overhead: ZygoteBench measures the time that it takes zygote to create a new process on an Android device. user trails: 14 different models Master Key Bug (case study) Bob (CUHK) Paper Summaries October 30, 2014 75 / 93
distributing and applying third-party patches for security vulnerabilities in-memory patching evaluation Direction: What else can hooking take place in other research area? Question: Is there a lot of engineering work to fit for different phone models? Bob (CUHK) Paper Summaries October 30, 2014 76 / 93
Modify Android system to achieve advertisements isolation. 12Xiao Zhang, Amit Ahlawat, and Wenliang Du. “AFrame: Isolating Advertisements from Mobile Applications in Android”. In: Proceedings of the 2013 Annual Computer Security Applications Conference. 2013. Bob (CUHK) Paper Summaries October 30, 2014 77 / 93
a application is installed, both the advertisement and the original application will have the same privilege, as they are running in the same process, inseparable by the system. AdSplit different application activity. transparency technique clickjacking overhead in drawing require a stub library inside each application Inspiration comes from browser’s iframe. Bob (CUHK) Paper Summaries October 30, 2014 78 / 93
AFrame (Activity Frame) from the user perspective: transparent to end users from the developer perspective: easy to develop, permission assignments from the system perspective: process isolation, permission isolation, input isolation, display (output) isolation. Design and implementation: Modify Package Manager Service (PMS) hardware abstraction layer (HAL) Bob (CUHK) Paper Summaries October 30, 2014 79 / 93
isolation compatibility with various advertising libraries performance: system & application overhead Bob (CUHK) Paper Summaries October 30, 2014 80 / 93
is a modified Android system which can isolate the advertisement. It’s easy to use from either user’s perspective or developer’s perspective. Direction: Both this paper and CCS paper are solving the advertising isolation problem. However, both of them need to modify Android system. Is this problem still non-trivial? Can we use hooking to solve the problem? Question: Will Google uses this method in the next release to isolate the advertisement libraries? Why or why not? Is there any constraints for the system? Bob (CUHK) Paper Summaries October 30, 2014 81 / 93
Take-away Message: This paper discovers a detection mechanisms and demonstrates that both services are still vulnerable. And then, implement a system employs NFC hardware to eliminate fake-location attacks. 13Xiao Zhang, Amit Ahlawat, and Wenliang Du. “AFrame: Isolating Advertisements from Mobile Applications in Android”. In: Proceedings of the 2013 Annual Computer Security Applications Conference. 2013. Bob (CUHK) Paper Summaries October 30, 2014 82 / 93
Motivation A important aspect of LBS: venues attract customers by providing special offers for their mayor. Fake check-ins will have a negative impact on the system and deter users from participating. Cheating detection mechanism of Foursquare. Bob (CUHK) Paper Summaries October 30, 2014 83 / 93
Attacks: Foursquare GPS distance High speed Rapid fire Experimental Results: Inconsistent triggering Inconsistent non-triggering Bob (CUHK) Paper Summaries October 30, 2014 84 / 93
Attacks: Facebook Places For every venue, the user checks-in with the same location coordinates, regardless of the venue’s location. Experimental Results: An attacker can completely bypass the traveling speed constraints and check into venues around the globe with unlimited speed. Bob (CUHK) Paper Summaries October 30, 2014 85 / 93
Proposed Solution Validating user location: QR code, NFC Adapt existing detection mechanisms Implement NFC Design a data exchanged protocol by using asymmetric encryption. Evaluation: security analysis and performance analysis. Bob (CUHK) Paper Summaries October 30, 2014 86 / 93
Contributions Reveal the LBS attack. Propose a system. Direction: Is there any other rewarding systems in Android. Can we find the vulnerabilities? Question: We need to put NFC reader in every venue which is infeasible. Bob (CUHK) Paper Summaries October 30, 2014 87 / 93
ptrace to attach Zygote in order to enforce security policies. 14Xiao Zhang, Amit Ahlawat, and Wenliang Du. “AFrame: Isolating Advertisements from Mobile Applications in Android”. In: Proceedings of the 2013 Annual Computer Security Applications Conference. 2013. Bob (CUHK) Paper Summaries October 30, 2014 88 / 93
to recompile any parts of the Android system. it provides support for enterprise security management where security administrators can define security policies to be enforced on the devices without relying on the device’s user. Bob (CUHK) Paper Summaries October 30, 2014 89 / 93
PEP: policy enforcement point PDP: policy decision point PR: policy repository PAP: policy administration point GPR: global policy repository RPM: remote policy manager Bob (CUHK) Paper Summaries October 30, 2014 90 / 93
Suite Overhead on Benchmark: Quadrant, BenchmarkPi Inter-process Communication: HttpGet, BroadcastIntent, QueryContact and GetLastLocation Bob (CUHK) Paper Summaries October 30, 2014 92 / 93
language Direction: Performance evaluation is completed. Question: How to connect system call with the policy language? It is quiet obscure in the paper. Bob (CUHK) Paper Summaries October 30, 2014 93 / 93
mssun
sansan_randd
kentaitakura
k951286
trafficbrain
.png){kind=avatar}
elith
takumi1001
fta98
yukinobaba
hiromu1996
shibuyasmartcityassociation
eumesy
sonatard
garrettdimon
chriscoyier
kastner
addyosmani
reverentgeek
jnunemaker
caitiem20
jacobian
eileencodes
mclloyd
