Modern smartphones from Apple, Google, and others have remarkably complex security needs. Applications, installed from a variety of third-party vendors, must be separated from one other, since some might be buggy or malicious, yet they must also communicate and share in a variety of ways, including displaying multimedia, sharing authentication credentials, and acting as local proxies for remote Internet sites to support payment services, advertisements, and so forth.
We design, implement, and evaluate novel smartphone mechanisms, leveraging Google's open-source Android project. For example, we carefully control how privileges are managed within the phone as applications collaborate. We must defeat "confused deputy" attacks, where privileged-but-buggy applications inadvertently allow their callers to exercise sensitive privileges, yet our infrastructure must also enable "intentional deputies" who are trusted to leverage dangerous privileges while offering safe interfaces.
Our work also considers the user's view of security features. Many applications require users to frequently retype passwords, annoying users and also making them vulnerable to spoofing attacks, because an attacker can fake a pixel-perfect dialog. We are studying a variety of approaches to improve security and usability, including better ways for applications to share credentials with one another (avoiding dialog boxes), and better ways for multiple applications to share screen real-estate (avoiding the need for singleton applications to be granted unnecessary privileges).
All of our research output will be available under suitable open-source licenses, helping our work to influence phone vendors and ultimately to have impact on the huge installed base of smartphone users.
