Technical Report IR-CS-54 (September 2009) Protecting smart phones by means of execution replication Georgios Portokalidis Philip Homburg Vrije Universiteit Amsterdam Vrije Universiteit Amsterdam
[email protected] [email protected] Nicholas FitzRoy-Dale NICTA
[email protected] Kostas Anagnostakis Herbert Bos Institute for Infocomm Research Vrije Universiteit Amsterdam
[email protected] [email protected] Abstract attack detection techniques based on dynamic taint anal- Smartphones have come to resemble PCs in software ysis. complexity, with complexity usually leading to bugs and Categories and Subject Descriptors D.4.6 [Security vulnerabilities. Moreover, as smartphones are increas- and Protection]: Invasive software ingly used for financial transactions and other privacy- sensitive tasks, they are becoming attractive targets for General Terms Security, Mobile phones attackers. Unfortunately, smartphones are quite different Keywords Android, Decoupled security from PCs in terms of resource constraints imposed on the design of protection mechanisms, as battery power 1. Introduction is an extremely scarce resource. As a consequence, se- Smartphones have come to resemble general-purpose curity solutions designed for PCs may not be directly ap- computers: in addition to traditional telephony stacks, plicable to smartphones, as they may reduce battery life- calendars, games and addressbooks, we now use them time significantly. Worse, as no single protection mecha- for browsing the web, reading email, watching online nism offers 100% security, it may be desirable to tighten videos, and many other activities that we used to per- up security further by applying multiple security solu- form on PCs. A plethora of new applications, such as tions at the same time, thus increasing attack coverage navigation and location-sensitive information services, and accuracy.