Boxify: Full-fledged App Sandboxing for Stock Android
Authors:
Michael Backes, Saarland University and Max Planck Institute for Software Systems (MPI-SWS); Sven Bugiel, Christian Hammer, Oliver Schranz, and Philipp von Styp-Rekowsky, Saarland University
Abstract:
We present the first concept for full-fledged app sandboxing on stock Android. Our approach is based on application virtualization and process-based privilege separation to securely encapsulate untrusted apps in an isolated environment. In contrast to all related work on stock Android, we eliminate the necessity to modify the code of monitored apps, and thereby overcome existing legal concerns and deployment problems that rewriting-based approaches have been facing. We realize our concept as a regular Android app called Boxify that can be deployed without firmware modifications or root privileges. A systematic evaluation of Boxify demonstrates its capability to enforce established security policies without incurring a significant runtime performance overhead.
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
@inproceedings {190928,
author = {Michael Backes and Sven Bugiel and Christian Hammer and Oliver Schranz and Philipp von Styp-Rekowsky},
title = {Boxify: Full-fledged App Sandboxing for Stock Android},
booktitle = {24th {USENIX} Security Symposium ({USENIX} Security 15)},
year = {2015},
isbn = {978-1-931971-232},
address = {Washington, D.C.},
pages = {691--706},
url = {https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/backes},
publisher = {{USENIX} Association},
}
Twitter
Facebook
LinkedIn
Google+
YouTube
Comments
One of my favorite Security papers