Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Security '12 Home
  • Registration Information
  • Registration Discounts
  • Organizers
  • At a Glance
  • Calendar
  • Technical Sessions
  • Workshops
  • Hotel & Travel Information
  • Poster Session
  • Rump Session
  • Birds-of-a-Feather Sessions
  • Sponsors
  • Activities
  • Students
  • Questions?
  • For Participants
  • Help Promote
  • Call for Papers
  • Past Proceedings

sponsors

Gold Sponsor
Silver Sponsor
Silver Sponsor
Bronze Sponsor
Bronze Sponsor
Bronze Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor

twitter

Tweets by USENIXSecurity

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Aurasium: Practical Policy Enforcement for Android Applications
Tweet

connect with us

http://twitter.com/USENIXSecurity
https://www.facebook.com/events/309825352408177/

Aurasium: Practical Policy Enforcement for Android Applications

Authors: 

Rubin Xu, Computer Laboratory, University of Cambridge; Hassen Saïdi, Computer Science Laboratory, SRI International; Ross Anderson, Computer Laboratory, University of Cambridge

Abstract: 

The increasing popularity of Google’s mobile platform Android makes it the prime target of the latest surge in mobile malware. Most research on enhancing the platform’s security and privacy controls requires extensive modification to the operating system, which has significant usability issues and hinders efforts for widespread adoption. We develop a novel solution called Aurasium that bypasses the need to modify the Android OS while providing much of the security and privacy that users desire. We automatically repackage arbitrary applications to attach user-level sandboxing and policy enforcement code, which closely watches the application’s behavior for security and privacy violations such as attempts to retrieve a user’s sensitive information, send SMS covertly to premium numbers, or access malicious IP addresses. Aurasium can also detect and prevent cases of privilege escalation attacks. Experiments show that we can apply this solution to a large sample of benign and malicious applications with a near 100 percent success rate, without significant performance and space overhead. Aurasium has been tested on three versions of the Android OS, and is freely available.

 

Rubin Xu, Computer Laboratory, University of Cambridge

Hassen Saïdi, SRI International

Ross Anderson, Computer Laboratory, University of Cambridge

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {180235,
author = {Rubin Xu and Hassen Sa{\"\i}di and Ross Anderson},
title = {Aurasium: Practical Policy Enforcement for Android Applications},
booktitle = {21st USENIX Security Symposium (USENIX Security 12)},
year = {2012},
isbn = {978-931971-95-9},
address = {Bellevue, WA},
pages = {539--552},
url = {https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/xu_rubin},
publisher = {USENIX Association},
month = aug,
}
Download
Xu PDF
View the slides

Presentation Video

Presentation Audio

MP3 Download OGG Download

Download Audio

saidi_usenixsecurity12_slides.ppt
  • Log in or    Register to post comments

Gold Sponsors

Silver Sponsors

Bronze Sponsors

Media Sponsors & Industry Partners

© USENIX

  • Privacy Policy
  • Contact Us