Stay in your Cage! a sound sandbox for third-party libraries on android

Fabo Wang, Yuqing Zhang, Kai Wang, Peng Liu, Wenjie Wang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

12 Scopus citations

Abstract

Third-party libraries are widely used in Android application development. While they extend functionality, third-party libraries are likely to pose a threat to users. Firstly, third-party libraries enjoy the same permissions as the applications; therefore libraries are overprivileged. Secondly, third-party libraries and applications share the same internal file space, so that applications’ files are exposed to thirdparty libraries. To solve these problems, a considerable amount of effort has been made. Unfortunately, the requirement for a modified Android framework makes their methods impractical. In this paper, a developer-friendly tool called LibCage is proposed, to prohibit permission abuse of third-party libraries and protect user privacy without modifying the Android framework or libraries’ bytecode. At its core, LibCage builds a sandbox for each third-party library in order to ensure that each library is subject to a separate permission set assigned by developers. Moreover, each library is allocated an isolated file space and has no access to other space. Importantly, LibCage works on Java reflection as well as dynamic code execution, and can defeat several possible attacks. We test on real-world third-party libraries, and the results show that LibCage is capable of enforcing a flexible policy on third-party libraries at run time with a modest performance overhead.

Original languageEnglish (US)
Title of host publicationComputer Security - 21st European Symposium on Research in Computer Security, ESORICS 2016, Proceedings
EditorsSokratis Katsikas, Catherine Meadows, Ioannis Askoxylakis, Sotiris Ioannidis
PublisherSpringer Verlag
Pages458-476
Number of pages19
ISBN (Print)9783319457437
DOIs
StatePublished - 2016
Event21st European Symposium on Research in Computer Security, ESORICS 2016 - Heraklion, Greece
Duration: Sep 26 2016Sep 30 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9878 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other21st European Symposium on Research in Computer Security, ESORICS 2016
Country/TerritoryGreece
CityHeraklion
Period9/26/169/30/16

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Stay in your Cage! a sound sandbox for third-party libraries on android'. Together they form a unique fingerprint.

Cite this