Analysis Techniques for Mobile Operating System Security

Open Access
Author:
Enck, William Harold
Graduate Program:
Computer Science and Engineering
Degree:
Doctor of Philosophy
Document Type:
Dissertation
Date of Defense:
February 22, 2011
Committee Members:
  • Patrick Drew Mcdaniel, Dissertation Advisor
  • Patrick Drew Mcdaniel, Committee Chair
  • Trent Ray Jaeger, Committee Member
  • Thomas F Laporta, Committee Member
  • Eileen M Kane, Committee Member
Keywords:
  • operating systems
  • smartphone
  • security
Abstract:
Devices such as smartphones running mobile operating systems have become an integral part of society. Current smartphones are a response to the Internet's influence on computing technology: devices provide nearly pervasive access to information and commoditize a seemingly endless number of services. However, smartphones are more than ultra-portable Web browsers. They combine the expanse knowledge and information available on the Internet with local context made accessible through hardware features such as GPS receivers, microphones, cameras, and accelerometers. In the past several years, smartphone innovation and popularity has surged in response to more open programming interfaces and network capabilities. Underlying this valuable innovation lies increased security risk for users and providers of content and cellular service. In this dissertation, we explore the limitations of existing mobile operating systems to protect end users from undesirable behavior by downloaded applications. Existing security frameworks define security policy in terms of permissions. We use requested permissions to focuses security analysis of available applications. First, we consider which permissions applications request and show that this limited information can prevent applications with dangerous functionality from being installed. Second, we consider what applications do with permissions. We design and build a framework for realtime dynamic taint analysis to identify misuse of information such as location and phone identifiers. Finally, we consider what applications can do with permissions based on implemented functionality. In doing so, we use several types of source code analysis to identify both dangerous behavior and vulnerabilities in decompiled applications. While we find the coarseness of permissions to be insufficient in several cases, the permission-based model fundamentally aided our analysis, demonstrating new potential for protecting future mobile platforms.