Weir

Weir is a practical DIFC system for Android. Weir allows data owner applications to set secrecy policies and control the export of their data to the network. Apart from the data owners, and applications that want to explicitly use Weir to change their labels, all other applications can execute unmodified. Weir solves the problem of shared state by separating memory and storage for different secrecy contexts through polyinstantiation. That is, Weir creates and manages instances of the application, its components, and its storage for each secrecy context that the application is called from, providing availability along with context-sensitive separation. Our model is transparent to applications; i.e., applications that do not use Weir may execute oblivious to Weir’s enforcement of secrecy contexts.

For more information and the source code, please visit wspr.csc.ncsu.edu/weir.

Android Security Modules (ASM)

The Android Security Modules (ASM) framework provides a set of authorization hooks to build reference monitors for Android security. The ASM design incorporates hook semantics obtained from our survey of over a dozen recent Android security architecture proposals. Of particular note, ASM (1) provides access control hooks that replace data values in OS APIs, and (2) allows third-party applications to define new ASM hooks for their own interfaces. The open source version of ASM is an extension of Android version 4.4. ASM currently provides great value to researchers with the ability to modify the source code of a device. It provides a modular interface to define callbacks for a set of authorization hooks that provide mediation of important protection events. As the Android OS changes, only the ASM hook placements need to change, eliminating the need to port each research project to new version. Since releasing the source code, 65 researchers from 10 industrial and 35 academic institutions have used ASM.

For more information and the source code, please visit androidsecuritymodules.org.

NativeWrap

NativeWrap is a new alternative model for privacy conscious consumers to use Web-based applications on smartphones. NativeWrap balances the security and privacy risks of using the smartphone application and the phone’s Web browser. When a user is visiting a Website in the phone’s browser that she would like to run as a native app, she “shares” the URL with NativeWrap. NativeWrap then “wraps” the URL into a native platform app while configuring best-practice security options. In effect, NativeWrap removes the third-party developer from the platform code, placing the user in control. NativeWrap was released on the Google Play store, and received over 1000 downloads in the first week. As of now, NativeWrap has been downloaded over 10000 times.

For more information and the source code, please visit wspr.csc.ncsu.edu/nativewrap.

Aquifer

Aquifer is a policy framework and system aimed at mitigating accidental information disclosure in modern operating systems. Aquifer is specifically designed to protect large, application-specific, user data objects such as office documents, voice or written notes, and images. In Aquifer, developers of applications that originate data objects specify secrecy restrictions based on the runtime context and the purpose of the app. This policy restricts all apps participating in a user interface workflow that Aquifer dynamically constructs as the user navigates different applications. Aquifer enforces two types of secrecy restrictions: export restrictions ensure only specific apps can export the data o↵ the host, and required restrictions ensure that specific apps are involved in workflows when exporting controlled data objects read from persistent storage. This policy is specified using a decentralized information flow control (DIFC) motivated language that allows many data owners on a workflow to participate in secrecy restrictions. In effect, Aquifer allows applications to gain control of shared sensitive data, thereby addressing the data intermediary problem for these large data objects.

For more information and the source code, please visit wspr.csc.ncsu.edu/aquifer.