Don't Just BYOD, Bring-Your-Own-App Too! Protection via Virtual Micro Security Perimeters

摘要

Mobile devices are increasingly becoming a melting pot of different types of data ranging from sensitive corporate documents to commercial media to personal content produced and shared via online social networks. While it is desirable for such diverse content to be accessible from the same device via a unified user experience and through a rich plethora of mobile apps, ensuring that this data remains protected has become challenging. Even though different data types have very different security and privacy needs and accidental instances of data leakage are common, today's mobile operating systems include few, if any, facilities for fine-grained data protection and isolation. In this paper, we present SWIRLS, an Android-based mobile OS that provides a rich policy-based information-flow data protection abstraction for mobile apps to support BYOD (bring-your-own-device) use cases. SWIRLS allows security and privacy policies to be attached to individual pieces of data contained in signed and encrypted capsules, and enforces these policies as the data flows through the device. Unlike current BYOD solutions like VMs and containers that create duplication and cognitive overload, SWIRLS provides a single environment that allows users to access content belonging to different security contexts using the same applications without fear of inadverdant or malicious data leakage. SWIRLS also unburdens app developers from having to worry about security policies, and provides APIs through which they can create seamless multi-security-context user interfaces. To implement it's abstractions, SWIRLS develops a cryptographically protected capsule distribution and installation scheme, enhances Taintdroid-based taint-tracking mechanisms to support efficient kernel and user-space security policy enforcement, implements techniques for persisting security context along with data, and provides transparent security-context switching mechanisms. Using our Android-based prototype (>25K LOC), we show a number of data protection use-cases such as isolation of personal and work data, limiting document sharing and preventing leakage based on document classification, and security policies based on geo-and time-fencing. Our experiments show that SWIRLS imposes a very minimal overhead in both battery consumption and performance.