Full Program »
FASE: Functionality-Aware Security Enforcement
We present Functionality-Aware Security Enforcement (FASE), a new run-time protection approach that addresses this important limitation. Our approach is based on the following key ideas: (i) fine-grained data flow tracking, able to precisely localize the (sub)values amenable to modification, (ii) an on-the-fly technique for repairing subsets of data that may compromise security, (iii) a declarative domain specific language (DSL) for expressing functional constraints over both the application and its library dependencies, and (iv) an online synthesizer which automatically replaces sensitive values with values satisfying the DSL constraints.
We implemented FASE for Android, and evaluated it on 20 real-world mobile apps. Our experimental results show that FASE is useful in practice: its average run-time overhead is less than 12%, the system avoids the crashes, visual side effects, and run-time errors exhibited by current solutions, and the apps' policies are readable and concise.
IBM T. J. Watson Research Center