25th USENIX Security Symposium has ended
Back To Schedule
Friday, August 12 • 4:30pm - 5:00pm
Practical DIFC Enforcement on Android

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Smartphone users often use private and enterprise data with untrusted third party applications. The fundamental lack of secrecy guarantees in smartphone OSes, such as Android, exposes this data to the risk of unauthorized exfiltration. A natural solution is the integration of secrecy guarantees into the OS. In this paper, we describe the challenges for decentralized information flow control (DIFC) enforcement on Android. We propose contextsensitive DIFC enforcement via lazy polyinstantiation and practical and secure network export through domain declassification. Our DIFC system,Weir, is backwards compatible by design, and incurs less than 4 ms overhead for component startup. With Weir, we demonstrate practical and secure DIFC enforcement on Android.

avatar for Will Enck

Will Enck

Associate Professor, NC State University

Friday August 12, 2016 4:30pm - 5:00pm PDT
Zilker Ballroom 2

Attendees (1)