Premium
DroidAuditor: A framework for auditing covert communication on Android
Author(s) -
Qiang Weizhong,
Xin Shifan,
Jin Hai,
Sun Guozhong
Publication year - 2017
Publication title -
concurrency and computation: practice and experience
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.309
H-Index - 67
eISSN - 1532-0634
pISSN - 1532-0626
DOI - 10.1002/cpe.4205
Subject(s) - covert channel , covert , computer science , android (operating system) , computer security , audit , transmission channel , channel (broadcasting) , overhead (engineering) , computer network , transmission (telecommunications) , telecommunications , operating system , cloud computing , cloud computing security , security information and event management , linguistics , philosophy , management , economics
Summary Exploitation of covert channels in smartphone operating systems may lead to furtive data transmission between applications with different permissions, which might threaten users' privacy. Restricting the access to shared system resources can effectively prevent the exploitation of known covert channels. However, it inevitably limits the normal usage of those resources. In this paper, we propose a general method that detects covert channel attack at runtime without impacting the accessibility of shared resources in the system. The main idea of the method is to track and audit the use of system resources known as potential covert channel variables and impose interferences on those channels to reduce their capacity once violations are detected. We implement a prototype framework, which is able to audit and interfere covert communication both in the application layer and in the native layer of Android. The experimental results demonstrate that our method can effectively reduce the data rate of user‐defined covert channels while the overhead is negligible.