VTechWorks staff will be away for the Thanksgiving holiday beginning at noon on Wednesday, November 27, through Friday, November 29. We will resume normal operations on Monday, December 2. Thank you for your patience.
 

Secure and flexible message-based communication for mobile apps within and across devices

dc.contributor.authorLiu, Yinen
dc.contributor.authorCruz, Breno Dantasen
dc.contributor.authorTilevich, Elien
dc.date.accessioned2023-01-23T13:26:02Zen
dc.date.available2023-01-23T13:26:02Zen
dc.date.issued2022-11-01en
dc.date.updated2023-01-20T21:35:56Zen
dc.description.abstractIn modern mobile platforms, message-based communication is afflicted by data leakage attacks, through which untrustworthy apps access the transferred message data. Existing defenses are overly restrictive, as they block all suspicious message exchanges, thus preventing any app from receiving messages. To better secure message-based communication, we present a model that strengthens security, while also allowing untrusted-but-not-malicious apps to execute their business logic. Our model, HTPD, introduces two novel mechanisms: hidden transmission and polymorphic delivery. Sensitive messages are transmitted hidden in an encrypted envelope. Their delivery is polymorphic: as determined by the destination's trustworthiness, it can be delivered no data, raw data, or encrypted data. To allow an untrusted destination to operate on encrypted data deliveries, HTPD integrates homomorphic and convergent encryption. We concretely realize HTPD as POLICC, a plug-in replacement of Android Inter-Component Communication (ICC) middleware. POLICC mitigates three classic Android data leakage attacks, while allowing untrusted apps to perform useful operations on delivered messages. Our evaluation shows that POLICC supports secure message-based communication within and across devices by trading off performance costs, programming effort overheads, and security1.en
dc.description.versionAccepted versionen
dc.format.mimetypeapplication/pdfen
dc.identifier111460 (Article number)en
dc.identifier.doihttps://doi.org/10.1016/j.jss.2022.111460en
dc.identifier.issn0164-1212en
dc.identifier.orcidTilevich, Eli [0000-0003-2415-6926]en
dc.identifier.urihttp://hdl.handle.net/10919/113351en
dc.identifier.volume193en
dc.language.isoenen
dc.publisherElsevieren
dc.rightsIn Copyrighten
dc.rights.urihttp://rightsstatements.org/vocab/InC/1.0/en
dc.titleSecure and flexible message-based communication for mobile apps within and across devicesen
dc.title.serialJournal of Systems and Softwareen
dc.typeArticle - Refereeden
dc.type.dcmitypeTexten
dc.type.otherJournal Articleen
pubs.organisational-group/Virginia Techen
pubs.organisational-group/Virginia Tech/Engineeringen
pubs.organisational-group/Virginia Tech/Engineering/Computer Scienceen
pubs.organisational-group/Virginia Tech/All T&R Facultyen
pubs.organisational-group/Virginia Tech/Engineering/COE T&R Facultyen

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
HTPD_Journal[1].pdf
Size:
690.29 KB
Format:
Adobe Portable Document Format
Description:
Accepted version