Android Protection Mechanism: A Signed Code Security Mechanism for Smartphone Applications
Abstract
This research develops the Android Protection System (APS), a hardware-implemented application security mechanism on Android smartphones. APS uses a hash-based white-list approach to protect mobile devices from unapproved application execution. Functional testing confirms this implementation allows approved content to execute on the mobile device while blocking unapproved content. Performance benchmarking shows system overhead during application installation increases linearly as the application package size increases. APS presents no noticeable performance degradation during application execution. The security mechanism degrades system performance only during application installation, when users expect delay. APS is implemented within the default Android application installation process. Applications are hashed prior to installation and compared against a white-list of approved content. APS allows applications that generate a matching hash; all others are blocked. APS blocks 100% of unapproved content while allowing 100% of approved content. Performance overhead for APS varies from 100.5% to 112.5% with respect to the default Android application installation process. This research directly supports the efforts of the USAF and the DoD to protect our information and ensure that adversaries do not gain access to our systems.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2011
- Accession Number
- ADA540342
Entities
People
- Jonathan Stueckle
Organizations
- Air Force Institute of Technology