Secure and flexible message-based communication for mobile apps within and across devices
dc.contributor.author | Liu, Yin | en |
dc.contributor.author | Cruz, Breno Dantas | en |
dc.contributor.author | Tilevich, Eli | en |
dc.date.accessioned | 2023-01-23T13:26:02Z | en |
dc.date.available | 2023-01-23T13:26:02Z | en |
dc.date.issued | 2022-11-01 | en |
dc.date.updated | 2023-01-20T21:35:56Z | en |
dc.description.abstract | In modern mobile platforms, message-based communication is afflicted by data leakage attacks, through which untrustworthy apps access the transferred message data. Existing defenses are overly restrictive, as they block all suspicious message exchanges, thus preventing any app from receiving messages. To better secure message-based communication, we present a model that strengthens security, while also allowing untrusted-but-not-malicious apps to execute their business logic. Our model, HTPD, introduces two novel mechanisms: hidden transmission and polymorphic delivery. Sensitive messages are transmitted hidden in an encrypted envelope. Their delivery is polymorphic: as determined by the destination's trustworthiness, it can be delivered no data, raw data, or encrypted data. To allow an untrusted destination to operate on encrypted data deliveries, HTPD integrates homomorphic and convergent encryption. We concretely realize HTPD as POLICC, a plug-in replacement of Android Inter-Component Communication (ICC) middleware. POLICC mitigates three classic Android data leakage attacks, while allowing untrusted apps to perform useful operations on delivered messages. Our evaluation shows that POLICC supports secure message-based communication within and across devices by trading off performance costs, programming effort overheads, and security1. | en |
dc.description.version | Accepted version | en |
dc.format.mimetype | application/pdf | en |
dc.identifier | 111460 (Article number) | en |
dc.identifier.doi | https://doi.org/10.1016/j.jss.2022.111460 | en |
dc.identifier.issn | 0164-1212 | en |
dc.identifier.orcid | Tilevich, Eli [0000-0003-2415-6926] | en |
dc.identifier.uri | http://hdl.handle.net/10919/113351 | en |
dc.identifier.volume | 193 | en |
dc.language.iso | en | en |
dc.publisher | Elsevier | en |
dc.rights | In Copyright | en |
dc.rights.uri | http://rightsstatements.org/vocab/InC/1.0/ | en |
dc.title | Secure and flexible message-based communication for mobile apps within and across devices | en |
dc.title.serial | Journal of Systems and Software | en |
dc.type | Article - Refereed | en |
dc.type.dcmitype | Text | en |
dc.type.other | Journal Article | en |
pubs.organisational-group | /Virginia Tech | en |
pubs.organisational-group | /Virginia Tech/Engineering | en |
pubs.organisational-group | /Virginia Tech/Engineering/Computer Science | en |
pubs.organisational-group | /Virginia Tech/All T&R Faculty | en |
pubs.organisational-group | /Virginia Tech/Engineering/COE T&R Faculty | en |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- HTPD_Journal[1].pdf
- Size:
- 690.29 KB
- Format:
- Adobe Portable Document Format
- Description:
- Accepted version