NativeProtector: Protecting android applications by isolating and intercepting third-party native libraries

Yu Yang Hong; Yu Ping Wang; Jie Yin

doi:10.1007/978-3-319-33630-5_23

NativeProtector: Protecting android applications by isolating and intercepting third-party native libraries

Yu Yang Hong^*, Yu Ping Wang, Jie Yin

^*Corresponding author for this work

Tsinghua University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

6 Citations (Scopus)

Abstract

An increasing number of Android developers are incorporating third-party native libraries in their applications for code reuse, CPU-intensive tasks and other purposes. However current Android security mechanism can not regulate the native code in applications well. Many approaches have been proposed to enforce security of Android applications, but few of them involve security of the native libraries in Android applications. In this paper, we propose NativeProtector, a system that regulates the third-party native libraries in Android applications. The standalone Android application is separated into two components: the server app and the client app where server app contains the native libraries for providing services from the native libraries while the client app contains the rest parts of the original app. The client app binds to the server app at the launching time, and all native function calls are replaced with interprocess calls to the server app. NativeProtector also generates the stub libraries intercept system calls in server app and enforce security of the native libraries in server app. We have implemented a prototype of NativeProtector. Our evaluation shows that NativeProtector can successfully detect and block the attempts of performing dangerous operations by the third-party native libraries in Android applications. The performance overhead introduced by NativeProtector is acceptable.

Original language	English
Title of host publication	ICT Systems Security and Privacy Protection - 31st IFIP TC 11 International Conference, SEC 2016, Proceedings
Editors	Jaap-Henk Hoepman, Stefan Katzenbeisser
Publisher	Springer New York LLC
Pages	337-351
Number of pages	15
ISBN (Print)	9783319336299
DOIs	https://doi.org/10.1007/978-3-319-33630-5_23
Publication status	Published - 2016
Externally published	Yes
Event	31st IFIP TC 11 International Conference on Systems Security and Privacy Protection, SEC 2016 - Ghent, Belgium Duration: 30 May 2016 → 1 Jun 2016

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	471
ISSN (Print)	1868-4238

Conference

Conference	31st IFIP TC 11 International Conference on Systems Security and Privacy Protection, SEC 2016
Country/Territory	Belgium
City	Ghent
Period	30/05/16 → 1/06/16

Keywords

Android security
Call interception
Native libraries
Process isolation

Access to Document

10.1007/978-3-319-33630-5_23

Cite this

Hong, Y. Y., Wang, Y. P., & Yin, J. (2016). NativeProtector: Protecting android applications by isolating and intercepting third-party native libraries. In J.-H. Hoepman, & S. Katzenbeisser (Eds.), ICT Systems Security and Privacy Protection - 31st IFIP TC 11 International Conference, SEC 2016, Proceedings (pp. 337-351). (IFIP Advances in Information and Communication Technology; Vol. 471). Springer New York LLC. https://doi.org/10.1007/978-3-319-33630-5_23

Hong, Yu Yang ; Wang, Yu Ping ; Yin, Jie. / NativeProtector : Protecting android applications by isolating and intercepting third-party native libraries. ICT Systems Security and Privacy Protection - 31st IFIP TC 11 International Conference, SEC 2016, Proceedings. editor / Jaap-Henk Hoepman ; Stefan Katzenbeisser. Springer New York LLC, 2016. pp. 337-351 (IFIP Advances in Information and Communication Technology).

@inproceedings{7f891cb24cf34d359aa460a100208a2c,

title = "NativeProtector: Protecting android applications by isolating and intercepting third-party native libraries",

abstract = "An increasing number of Android developers are incorporating third-party native libraries in their applications for code reuse, CPU-intensive tasks and other purposes. However current Android security mechanism can not regulate the native code in applications well. Many approaches have been proposed to enforce security of Android applications, but few of them involve security of the native libraries in Android applications. In this paper, we propose NativeProtector, a system that regulates the third-party native libraries in Android applications. The standalone Android application is separated into two components: the server app and the client app where server app contains the native libraries for providing services from the native libraries while the client app contains the rest parts of the original app. The client app binds to the server app at the launching time, and all native function calls are replaced with interprocess calls to the server app. NativeProtector also generates the stub libraries intercept system calls in server app and enforce security of the native libraries in server app. We have implemented a prototype of NativeProtector. Our evaluation shows that NativeProtector can successfully detect and block the attempts of performing dangerous operations by the third-party native libraries in Android applications. The performance overhead introduced by NativeProtector is acceptable.",

keywords = "Android security, Call interception, Native libraries, Process isolation",

author = "Hong, {Yu Yang} and Wang, {Yu Ping} and Jie Yin",

note = "Publisher Copyright: {\textcopyright} IFIP International Federation for Information Processing 2016.; 31st IFIP TC 11 International Conference on Systems Security and Privacy Protection, SEC 2016 ; Conference date: 30-05-2016 Through 01-06-2016",

year = "2016",

doi = "10.1007/978-3-319-33630-5_23",

language = "English",

isbn = "9783319336299",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer New York LLC",

pages = "337--351",

editor = "Jaap-Henk Hoepman and Stefan Katzenbeisser",

booktitle = "ICT Systems Security and Privacy Protection - 31st IFIP TC 11 International Conference, SEC 2016, Proceedings",

}

Hong, YY, Wang, YP & Yin, J 2016, NativeProtector: Protecting android applications by isolating and intercepting third-party native libraries. in J-H Hoepman & S Katzenbeisser (eds), ICT Systems Security and Privacy Protection - 31st IFIP TC 11 International Conference, SEC 2016, Proceedings. IFIP Advances in Information and Communication Technology, vol. 471, Springer New York LLC, pp. 337-351, 31st IFIP TC 11 International Conference on Systems Security and Privacy Protection, SEC 2016, Ghent, Belgium, 30/05/16. https://doi.org/10.1007/978-3-319-33630-5_23

NativeProtector: Protecting android applications by isolating and intercepting third-party native libraries. / Hong, Yu Yang; Wang, Yu Ping; Yin, Jie.
ICT Systems Security and Privacy Protection - 31st IFIP TC 11 International Conference, SEC 2016, Proceedings. ed. / Jaap-Henk Hoepman; Stefan Katzenbeisser. Springer New York LLC, 2016. p. 337-351 (IFIP Advances in Information and Communication Technology; Vol. 471).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - NativeProtector

T2 - 31st IFIP TC 11 International Conference on Systems Security and Privacy Protection, SEC 2016

AU - Hong, Yu Yang

AU - Wang, Yu Ping

AU - Yin, Jie

N1 - Publisher Copyright: © IFIP International Federation for Information Processing 2016.

PY - 2016

Y1 - 2016

N2 - An increasing number of Android developers are incorporating third-party native libraries in their applications for code reuse, CPU-intensive tasks and other purposes. However current Android security mechanism can not regulate the native code in applications well. Many approaches have been proposed to enforce security of Android applications, but few of them involve security of the native libraries in Android applications. In this paper, we propose NativeProtector, a system that regulates the third-party native libraries in Android applications. The standalone Android application is separated into two components: the server app and the client app where server app contains the native libraries for providing services from the native libraries while the client app contains the rest parts of the original app. The client app binds to the server app at the launching time, and all native function calls are replaced with interprocess calls to the server app. NativeProtector also generates the stub libraries intercept system calls in server app and enforce security of the native libraries in server app. We have implemented a prototype of NativeProtector. Our evaluation shows that NativeProtector can successfully detect and block the attempts of performing dangerous operations by the third-party native libraries in Android applications. The performance overhead introduced by NativeProtector is acceptable.

AB - An increasing number of Android developers are incorporating third-party native libraries in their applications for code reuse, CPU-intensive tasks and other purposes. However current Android security mechanism can not regulate the native code in applications well. Many approaches have been proposed to enforce security of Android applications, but few of them involve security of the native libraries in Android applications. In this paper, we propose NativeProtector, a system that regulates the third-party native libraries in Android applications. The standalone Android application is separated into two components: the server app and the client app where server app contains the native libraries for providing services from the native libraries while the client app contains the rest parts of the original app. The client app binds to the server app at the launching time, and all native function calls are replaced with interprocess calls to the server app. NativeProtector also generates the stub libraries intercept system calls in server app and enforce security of the native libraries in server app. We have implemented a prototype of NativeProtector. Our evaluation shows that NativeProtector can successfully detect and block the attempts of performing dangerous operations by the third-party native libraries in Android applications. The performance overhead introduced by NativeProtector is acceptable.

KW - Android security

KW - Call interception

KW - Native libraries

KW - Process isolation

UR - http://www.scopus.com/inward/record.url?scp=84969924851&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-33630-5_23

DO - 10.1007/978-3-319-33630-5_23

M3 - Conference contribution

AN - SCOPUS:84969924851

SN - 9783319336299

T3 - IFIP Advances in Information and Communication Technology

SP - 337

EP - 351

BT - ICT Systems Security and Privacy Protection - 31st IFIP TC 11 International Conference, SEC 2016, Proceedings

A2 - Hoepman, Jaap-Henk

A2 - Katzenbeisser, Stefan

PB - Springer New York LLC

Y2 - 30 May 2016 through 1 June 2016

ER -

Hong YY, Wang YP, Yin J. NativeProtector: Protecting android applications by isolating and intercepting third-party native libraries. In Hoepman JH, Katzenbeisser S, editors, ICT Systems Security and Privacy Protection - 31st IFIP TC 11 International Conference, SEC 2016, Proceedings. Springer New York LLC. 2016. p. 337-351. (IFIP Advances in Information and Communication Technology). doi: 10.1007/978-3-319-33630-5_23

NativeProtector: Protecting android applications by isolating and intercepting third-party native libraries

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this