Concurrency and Computation: Practice and Experience

SPECIAL ISSUE PAPER

DroidAuditor: A framework for auditing covert communication on Android

Corresponding Author

Weizhong Qiang

[email protected]

orcid.org/0000-0003-4390-3819

Services Computing Technology and System Lab, Cluster and Grid Computing Lab, Big Data Technology and System Lab, Huazhong University of Science and Technology, Wuhan 430074, China

Correspondence

Weizhong Qiang, Huazhong University of Science and Technology, Wuhan 430074, China.

Email: [email protected]

Search for more papers by this author

Shifan Xin,

Shifan Xin

Services Computing Technology and System Lab, Cluster and Grid Computing Lab, Big Data Technology and System Lab, Huazhong University of Science and Technology, Wuhan 430074, China

Search for more papers by this author

Hai Jin,

Hai Jin

Services Computing Technology and System Lab, Cluster and Grid Computing Lab, Big Data Technology and System Lab, Huazhong University of Science and Technology, Wuhan 430074, China

Search for more papers by this author

Guozhong Sun,

Guozhong Sun

Dawning Information Industry (Beijing) Co., Ltd., Beijing 100193, China

Search for more papers by this author

Weizhong Qiang,

Corresponding Author

Weizhong Qiang

[email protected]

orcid.org/0000-0003-4390-3819

Services Computing Technology and System Lab, Cluster and Grid Computing Lab, Big Data Technology and System Lab, Huazhong University of Science and Technology, Wuhan 430074, China

Correspondence

Weizhong Qiang, Huazhong University of Science and Technology, Wuhan 430074, China.

Email: [email protected]

Search for more papers by this author

Shifan Xin,

Shifan Xin

Services Computing Technology and System Lab, Cluster and Grid Computing Lab, Big Data Technology and System Lab, Huazhong University of Science and Technology, Wuhan 430074, China

Search for more papers by this author

Hai Jin,

Hai Jin

Services Computing Technology and System Lab, Cluster and Grid Computing Lab, Big Data Technology and System Lab, Huazhong University of Science and Technology, Wuhan 430074, China

Search for more papers by this author

Guozhong Sun,

Guozhong Sun

Dawning Information Industry (Beijing) Co., Ltd., Beijing 100193, China

Search for more papers by this author

First published: 28 July 2017

https://doi.org/10.1002/cpe.4205

Citations: 2

Share a link

Email
Wechat
Bluesky

Summary

Exploitation of covert channels in smartphone operating systems may lead to furtive data transmission between applications with different permissions, which might threaten users' privacy. Restricting the access to shared system resources can effectively prevent the exploitation of known covert channels. However, it inevitably limits the normal usage of those resources. In this paper, we propose a general method that detects covert channel attack at runtime without impacting the accessibility of shared resources in the system. The main idea of the method is to track and audit the use of system resources known as potential covert channel variables and impose interferences on those channels to reduce their capacity once violations are detected. We implement a prototype framework, which is able to audit and interfere covert communication both in the application layer and in the native layer of Android. The experimental results demonstrate that our method can effectively reduce the data rate of user-defined covert channels while the overhead is negligible.

REFERENCES

1Schlegel R, Zhang K, Zhou X, Intwala M, Kapadia A, Wang X. Soundcomber: A stealthy and context-aware sound trojan for smartphones. Paper presented at: Proceedings of the 18th Annual Network and Distributed System Security Symposium: Internet Society, San Diego, CA, USA; 2011.
Google Scholar
2Davi L, Dmitrienko A, Sadeghi AR, Winandy M. Privilege escalation attacks on android. Information Security: Springer, Boca Raton, FL, USA; 2011: 346-360.
Google Scholar
3Zhu Y, Yu M, Hu H, Ahn GJ, Zhao H. Efficient construction of provably secure steganography under ordinary covert channels. Sci China Inf Sci. 2012; 5(7): 1639-1649.
10.1007/s11432-012-4598-3
Web of Science® Google Scholar
4Kemmerer RA. A practical approach to identifying storage and timing channels: Twenty years later. Paper presented at: Proceedings of the 18th Annual Computer Security Applications Conference: IEEE; 2002.
Google Scholar
5Cabuk S. Network covert channels: Design, analysis, detection, and elimination. Ph.D. Thesis; 2006.
Google Scholar
6Hansen M, Hill R, Wimberly S. Detecting covert communication on android. Paper presented at: Proceedings of the 38th Annual IEEE Conference on Local Computer Networks: IEEE, Clearwater, FL, USA; 2012.
Google Scholar
7Husted N, Quresi S, Gehani A. Android provenance: Diagnosing device disorders. Paper presented at: Proceedings of the 5th USENIX Workshop on the Theory and Practice of Provenance: USENIX, Lombard, IL, USA; 2013.
Google Scholar
8Lampson BW. A note on the confinement problem. Commun ACM. 1973; 16(10): 613-615.
10.1145/362375.362389
Web of Science® Google Scholar
9Marforio C, Ritzdorf H, Francillon A, Capkun S. Analysis of the communication between colluding applications on modern smartphones. Paper presented at: Proceedings of the 28th Annual Computer Security Applications Conference: ACM, Orlando, FL, USA; 2012.
Google Scholar
10Enck W, Ongtang M, McDaniel P. On lightweight mobile phone application certification. Paper presented at: Proceedings of the 16th ACM Conference on Computer and Communications Security: ACM, Chicago, IL, USA; 2009.
Google Scholar
11Grace M, Zhou Y, Zhang Q, Zou S, Jiang X. Riskranker: Scalable and accurate zero-day android malware detection. Paper presented at: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services: ACM, Low Wood Bay, Lake District, UK; 2012.
Google Scholar
12Lalande JF, Wendzel S. Hiding privacy leaks in android applications using low-attention raising covert channels. Paper presented at: Proceedings of the 8th International Conference on Availability, Reliability and Security: IEEE, Regensburg, Germany; 2013.
Google Scholar
13Enck W, Gilbert P, Chun BG, et al. Taintdroid: An information flow tracking system for real-time privacy monitoring on smartphones. Commun ACM. 2014; 57(3): 99-106.
10.1145/2494522
Web of Science® Google Scholar
14Al-Haiqi A, Ismail M, Nordin R. A new sensors-based covert channel on android. The Sci World J. 2014; 2014: 1-14.
10.1155/2014/969628
Web of Science® Google Scholar
15Deshotels L. Inaudible sound as a covert channel in mobile devices. Paper presented at: Proceedings of the 8th USENIX Workshop on Offensive Technologies: USENIX, San Diego, CA, USA; 2014.
Google Scholar
16Chandra S, Zhiqiang L, Kundu A, Khan L. Towards a systematic study of the covert channel attacks in smartphones. Paper presented at: Proceedings of the 10th EAI International Conference on Security and Privacy in Communication Networks: EAI, Beijing, China; 2014.
Google Scholar
17Yue M, Robinson WH, Watkins L, Corbett C. Constructing timing-based covert channels in mobile networks by adjusting cpu frequency. Paper presented at: Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy: ACM, Minneapolis, MN, USA; 2014.
Google Scholar
18Qi W, Xu Y, Ding W, Jiang Y, Wang J, Lu K. Privacy leaks when you play games: A novel user-behavior-based covert channel on smartphones. Paper presented at: Proceedings of the IEEE 23rd International Conference on Network Protocols: IEEE, San Francisco, CA, USA; 2015.
Google Scholar
19Mazurczyk W, Caviglione L. Steganography in modern smartphones and mitigation techniques. IEEE Commun Surv Tutorials. 2015; 17(1): 334-357.
10.1109/COMST.2014.2350994
Web of Science® Google Scholar
20Rubin J, Gordon MI, Nguyen N, Rinard M. Covert communication in mobile applications. Paper presented at: Proceedings of the 30th IEEE/ACM International Conference on Automated Software Engineering: IEEE, Lincoln, NE, USA; 2015.
Google Scholar
21Bugiel S, Davi L, Dmitrienko A, Fischer T, Sadeghi AR, Shastry B. Towards taming privilege-escalation attacks on android. Paper presented at: Proceedings of the 19th Annual Network and Distributed System Security Symposium: Internet Society, San Diego, CA, USA; 2012.
Google Scholar
22 Xposed Module Repository. http://repo.xposed.info/
Google Scholar
23 Auditd on Android. http://cgi.cs.indiana.edu/~nhusted/dokuwiki/doku.php?id=projects:androids/
Google Scholar
24Hill R, Hansen M, Singh V. Quantifying and classifying covert communications on android. Mob Networks Appl. 2014; 19(1): 79-87.
10.1007/s11036-013-0482-7
Web of Science® Google Scholar
25Ritzdorf H. Analyzing covert channels on mobile devices. Master's Thesis; 2012.
Google Scholar

Citing Literature

Volume29, Issue19

Combined Special issues on High performance and security in cloud computing (CloudCom‐Asia2016) and New trends and innovative methods in cloud computing and big data (CBD‐BDCloud2016)

10 October 2017

e4205

DroidAuditor: A framework for auditing covert communication on Android

Summary

REFERENCES

Citing Literature

References

Information

About Wiley Online Library

Help & Support

Opportunities

Connect with Wiley

DroidAuditor: A framework for auditing covert communication on Android

Summary

REFERENCES

Citing Literature

References

Related

Information