Abstract
Mobile operating systems such as Android are facing serious security risk. First, they have a large number of users and store a large number of users’ private data, which have become major targets of network attack; second, their openness leads to high security risks; third, their coarse-grained static permission control mechanism leads to a large number of privacy leaks. Recent decentralized information flow control (DIFC) operating systems such as Asbestos, HiStar, and Flume dynamically adjust the label of each process. Asbestos contains inherent covert channels due to this implicit label adjustment. The others close these covert channels through the use of explicit label change, but this impedes communication and increases performance overhead. We present an enhanced implicit label change model (EILCM) for mobile operating systems that can close the known covert channel in these models with implicit label change and supports dynamic constraints on tags for separation of duty. We also formally analyze the reasons why EILCM can close the known covert channels and prove that abstract EILCM systems have the security property of noninterference with declassification by virtue of the model checker tool FDR. We also prove that the problem of EILCM policy verification is NP-complete and propose a backtrack-based search algorithm to solve the problem. Experiments are presented to show that the algorithm is effective.
Highlights
At present, mobile operating systems have a large number of users and are key targets of network attack. eir privacy security problem is very serious
In 2020, China Internet Security Center intercepted 332000 new malicious app samples related to privacy theft on mobile operating systems and monitored 1.12 billion malicious attacks with an average of 3.06 million attacks per day. e openness of the mobile operating system leads to high security risks. e characteristics of mobile system interacting with the outside from multiple channels make their vulnerabilities easier to be exposed and utilized. e quality and security of apps in online app stores are uneven, and it is difficult to ensure that there are no Trojans and viruses implanted by hackers
We describe the model specification using the communicating sequential processes (CSP) to clarify the formal semantics of information flow control behaviors of the enhanced implicit label change model (EILCM) system; we prove that an abstract EILCM system has the security property of noninterference based on CSP formulas
Summary
Mobile operating systems have a large number of users and are key targets of network attack. eir privacy security problem is very serious. Is paper presents a model for information flow control at the operating system level, called enhanced implicit label change model (EILCM), to solve the contradiction. Our model has the following characteristics: firstly, it allows implicit label change but tries to close the known covert channels; secondly, it solves the contradictions between users’ sharing of common software and authorization constraints for separation of duty or least privilege through mutually exclusive tag constraints; and thirdly, its rule covers more information flow types such as file operation and program execution in addition to inter-process communication (IPC). We describe the model specification using the communicating sequential processes (CSP) to clarify the formal semantics of information flow control behaviors of the EILCM system; we prove that an abstract EILCM system has the security property of noninterference based on CSP formulas.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
