Treffer: Mandatory Access Control for the Android Dalvik Virtual Machine

With the growing use of smartphones and other mobile devices, it becomes essential to be able to assure the user that his system and applications are doing exactly what they are supposed to do. Over the years and despite its configuration complexity, Mandatory Access Control has proven its efficiency in protecting systems. This paper proposes a solution providing a generic protection that doesn't need to modify the applications. Moreover, in order to face the complexity of defining an efficient MAC policy, a tool automatizes the generation of the policies required for the various applications. However, to efficiently guarantee the security of a system, each layer that composes it must be secured. Therefore, MAC implementations should not be limited to the operating system, but should also protect the inside of the applications. This paper presents Security Enhanced Dalvik (SEDalvik), a MAC approach for the Dalvik Virtual Machine in order to control the flows inside the Java applications running in Android. SEDalvik proposes a new mandatory protection to block the attacks that exploit the weakness of the Dalvik VM. By controlling the information flows between the Java objects, SEDalvik could prevent the new vectors of attack coming from the threat of the Java virtual machine as explained by Kaspersky Labs1. In contrast with other approaches, our solution corresponds to a self-organizing system since it transparently protects existing Java applications without any modifications. An experiment on an Android phone shows the efficiency of the protection.