Demo

Enabling trusted stores for Android

Yury Zhauniarovich, Olga Gadyatskaya, Bruno Crispo

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

In the Android ecosystem, the process of verifying the integrity of downloaded apps is left to the user. Different from other systems, e.g., Apple App Store, Google does not provide any certified vetting process for the Android apps. This choice has a lot of advantages but it is also the open door to possible attacks as the recent one shown by Bluebox. To address this issue, this demo presents how to enable the deployment of application certification service, we called TruStore, for the Android platform. In our approach, the TruStore client enabled on the end-user device ensures that only the applications, which have been certified by the TruStore server, are installed on the user smartphone. We envisage trusted markets (TruStore servers, which can be, e.g., corporate application markets) that guarantee security by enabling an application vetting process. The TruStore infrastructure maintains the open nature of the Android ecosystem and requires minor modifications to Android stack. Moreover, it is backward-compatible and transparent for developers, and does not change the application management process on a device.

Original languageEnglish
Title of host publicationCCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security
Pages1345-1347
Number of pages3
DOIs
Publication statusPublished - 9 Dec 2013
Externally publishedYes
Event2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013 - Berlin
Duration: 4 Nov 20138 Nov 2013

Other

Other2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013
CityBerlin
Period4/11/138/11/13

Fingerprint

Application programs
Ecosystems
Servers
Smartphones

Keywords

  • android
  • application markets
  • trusted installation

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Zhauniarovich, Y., Gadyatskaya, O., & Crispo, B. (2013). Demo: Enabling trusted stores for Android. In CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (pp. 1345-1347) https://doi.org/10.1145/2508859.2512496

Demo : Enabling trusted stores for Android. / Zhauniarovich, Yury; Gadyatskaya, Olga; Crispo, Bruno.

CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. 2013. p. 1345-1347.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Zhauniarovich, Y, Gadyatskaya, O & Crispo, B 2013, Demo: Enabling trusted stores for Android. in CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. pp. 1345-1347, 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, Berlin, 4/11/13. https://doi.org/10.1145/2508859.2512496
Zhauniarovich Y, Gadyatskaya O, Crispo B. Demo: Enabling trusted stores for Android. In CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. 2013. p. 1345-1347 https://doi.org/10.1145/2508859.2512496
Zhauniarovich, Yury ; Gadyatskaya, Olga ; Crispo, Bruno. / Demo : Enabling trusted stores for Android. CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. 2013. pp. 1345-1347
@inproceedings{af76b57ee23b47ba93914582d8c2b928,
title = "Demo: Enabling trusted stores for Android",
abstract = "In the Android ecosystem, the process of verifying the integrity of downloaded apps is left to the user. Different from other systems, e.g., Apple App Store, Google does not provide any certified vetting process for the Android apps. This choice has a lot of advantages but it is also the open door to possible attacks as the recent one shown by Bluebox. To address this issue, this demo presents how to enable the deployment of application certification service, we called TruStore, for the Android platform. In our approach, the TruStore client enabled on the end-user device ensures that only the applications, which have been certified by the TruStore server, are installed on the user smartphone. We envisage trusted markets (TruStore servers, which can be, e.g., corporate application markets) that guarantee security by enabling an application vetting process. The TruStore infrastructure maintains the open nature of the Android ecosystem and requires minor modifications to Android stack. Moreover, it is backward-compatible and transparent for developers, and does not change the application management process on a device.",
keywords = "android, application markets, trusted installation",
author = "Yury Zhauniarovich and Olga Gadyatskaya and Bruno Crispo",
year = "2013",
month = "12",
day = "9",
doi = "10.1145/2508859.2512496",
language = "English",
isbn = "9781450324779",
pages = "1345--1347",
booktitle = "CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security",

}

TY - GEN

T1 - Demo

T2 - Enabling trusted stores for Android

AU - Zhauniarovich, Yury

AU - Gadyatskaya, Olga

AU - Crispo, Bruno

PY - 2013/12/9

Y1 - 2013/12/9

N2 - In the Android ecosystem, the process of verifying the integrity of downloaded apps is left to the user. Different from other systems, e.g., Apple App Store, Google does not provide any certified vetting process for the Android apps. This choice has a lot of advantages but it is also the open door to possible attacks as the recent one shown by Bluebox. To address this issue, this demo presents how to enable the deployment of application certification service, we called TruStore, for the Android platform. In our approach, the TruStore client enabled on the end-user device ensures that only the applications, which have been certified by the TruStore server, are installed on the user smartphone. We envisage trusted markets (TruStore servers, which can be, e.g., corporate application markets) that guarantee security by enabling an application vetting process. The TruStore infrastructure maintains the open nature of the Android ecosystem and requires minor modifications to Android stack. Moreover, it is backward-compatible and transparent for developers, and does not change the application management process on a device.

AB - In the Android ecosystem, the process of verifying the integrity of downloaded apps is left to the user. Different from other systems, e.g., Apple App Store, Google does not provide any certified vetting process for the Android apps. This choice has a lot of advantages but it is also the open door to possible attacks as the recent one shown by Bluebox. To address this issue, this demo presents how to enable the deployment of application certification service, we called TruStore, for the Android platform. In our approach, the TruStore client enabled on the end-user device ensures that only the applications, which have been certified by the TruStore server, are installed on the user smartphone. We envisage trusted markets (TruStore servers, which can be, e.g., corporate application markets) that guarantee security by enabling an application vetting process. The TruStore infrastructure maintains the open nature of the Android ecosystem and requires minor modifications to Android stack. Moreover, it is backward-compatible and transparent for developers, and does not change the application management process on a device.

KW - android

KW - application markets

KW - trusted installation

UR - http://www.scopus.com/inward/record.url?scp=84889046937&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84889046937&partnerID=8YFLogxK

U2 - 10.1145/2508859.2512496

DO - 10.1145/2508859.2512496

M3 - Conference contribution

SN - 9781450324779

SP - 1345

EP - 1347

BT - CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security

ER -