Featured Research

from universities, journals, and other organizations

New framework would facilitate use of new Android security modules

Date:
August 20, 2014
Source:
North Carolina State University
Summary:
Computer security researchers have developed a modification to the core Android operating system that allows developers and users to plug in new security enhancements. The new Android Security Modules framework aims to eliminate the bottleneck that prevents developers and users from taking advantage of new security tools.

Computer security researchers from North Carolina State University and Technische Universitδt Darmstadt/CASED in Germany have developed a modification to the core Android operating system that allows developers and users to plug in new security enhancements. The new Android Security Modules (ASM) framework aims to eliminate the bottleneck that prevents developers and users from taking advantage of new security tools.

"In the ongoing arms race between white hats and black hats, researchers and developers are constantly coming up with new security extensions," says Dr. William Enck, an assistant professor of computer science at NC State and a senior author of a paper describing the new framework. "But these new tools aren't getting into the hands of users because every new extension requires users to change their device's firmware, or operating system (OS).

"The ASM framework allows users to implement these new extensions without overhauling their firmware," Enck says. "The framework is available now for security enthusiasts. But for widespread adoption, either Google or one of the Android phone manufacturers will need to adopt the framework and incorporate it into the OS."

The ASM framework allows the creation of custom security control modules that better protect phones owned by consumers and businesses. The custom security modules receive "callbacks" for every security-sensitive operation in the Android OS. In this context, a callback means that Android is contacting the security module to determine whether an operation should proceed.

"Our ASM framework can be used in various personal and enterprise scenarios. For instance, security modules can implement dual persona: i.e., enable users to securely use their smartphones and tablets at home and at work while strictly separating private and enterprise data," says Enck.

"Security modules can also enhance consumer privacy. The framework provides callbacks that can filter, modify, or anonymize data before it is shared with third-party apps, in order to protect personal information," Enck says. "For instance consider an app like Whatsapp, which usually copies all your contacts to its server -- which is not needed for it to function." With ASM, the user can make sure Whatsapp only gets the information it really needs.

"In addition, we designed the framework to allow apps to create their own hooks, which could be enforced by the security module," Enck says. "This increases flexibility for app developers and allows them to benefit from the security protections provided by the module."

The researchers also went to great lengths to ensure that the ASM framework complies with the security guarantees Google and others make with app developers. For example, the framework can only make data access more restrictive.

The researchers will present a paper on the ASM framework Aug. 22 at the USENIX Security Symposium in San Diego, California. The researchers are now reaching out to Google and Android phone manufacturers to demonstrate the effectiveness of the ASM framework. More information on the ASM framework, including sourcecode, is available at www.androidsecuritymodules.org.

Co-lead authors of the paper, "ASM: A Programmable Interface for Extending Android Security," are Adwait Nadkarni, a Ph.D. student at NC State, and Stephan Heuser, a Ph.D. student at TU Darmstadt/CASED. Co-authors include Enck and Dr. Ahmad-Reza Sadeghi, of TU Darmstadt/CASED. The work was supported by National Science Foundation grants CNS-1253346 and CNS-1222680.


Story Source:

The above story is based on materials provided by North Carolina State University. Note: Materials may be edited for content and length.


Cite This Page:

North Carolina State University. "New framework would facilitate use of new Android security modules." ScienceDaily. ScienceDaily, 20 August 2014. <www.sciencedaily.com/releases/2014/08/140820091707.htm>.
North Carolina State University. (2014, August 20). New framework would facilitate use of new Android security modules. ScienceDaily. Retrieved September 14, 2014 from www.sciencedaily.com/releases/2014/08/140820091707.htm
North Carolina State University. "New framework would facilitate use of new Android security modules." ScienceDaily. www.sciencedaily.com/releases/2014/08/140820091707.htm (accessed September 14, 2014).

Share This



More Computers & Math News

Sunday, September 14, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

iPhone 6 Sales Mark Yet Another Year Of Records, Glitches

iPhone 6 Sales Mark Yet Another Year Of Records, Glitches

Newsy (Sep. 13, 2014) — Customers looking to preorder the iPhone 6 on Friday experienced a few hiccups thanks to record demand for the device overnight. Video provided by Newsy
Powered by NewsLook.com
Ebola Batters Sierra Leone Economy Too

Ebola Batters Sierra Leone Economy Too

Reuters - Business Video Online (Sep. 12, 2014) — The World Health Organisation warns that local health workers in West Africa can't keep up with Ebola - and among those countries hardest hit by the outbreak, the economic damage is coming into focus, too. As David Pollard reports, Sierra Leone admits that growth in one of the poorest economies in the region is taking a beating. Video provided by Reuters
Powered by NewsLook.com
U.S. Threatened Yahoo With Hefty Fines

U.S. Threatened Yahoo With Hefty Fines

Reuters - Business Video Online (Sep. 12, 2014) — The U.S. threatened to fine Yahoo $250,000 a day if it didn't fork over user emails. Experts say Yahoo's legal loss led the way for the Prism program. Fred Katayama reports. Video provided by Reuters
Powered by NewsLook.com
iPhone Preorders Plagued By Site Glitches

iPhone Preorders Plagued By Site Glitches

Newsy (Sep. 12, 2014) — Apple's latest iPhones were set to go on sale Friday, but several sites experienced glitches resulting in delayed preorder windows. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
 
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:  

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

    Technology News



    Save/Print:
    Share:  

    Free Subscriptions


    Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

    Get Social & Mobile


    Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

    Have Feedback?


    Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
    Mobile iPhone Android Web
    Follow Facebook Twitter Google+
    Subscribe RSS Feeds Email Newsletters
    Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins