FUSE: Inter-Application Security for Android

Award Information
Agency:
Department of Defense
Branch
Defense Advanced Research Projects Agency
Amount:
$148,842.00
Award Year:
2010
Program:
SBIR
Phase:
Phase I
Contract:
W31P4Q-11-C-0019
Agency Tracking Number:
10SB2-0084
Solicitation Year:
2010
Solicitation Topic Code:
SB102-002
Solicitation Number:
2010.2
Small Business Information
Galois, Inc.
421 SW Sixth, Suite 300, Portland, OR, 97204
Hubzone Owned:
N
Socially and Economically Disadvantaged:
N
Woman Owned:
N
Duns:
098009918
Principal Investigator:
Michael Potoczny-Jones
Principal Investigator
(503) 808-7177
ijones@galois.com
Business Contact:
Anne McClaran
Contracts Administrator
(503) 808-7203
anne@galois.com
Research Institution:
n/a
Abstract
Mobile applications are becoming ubiquitous, appearing in many new situations. Some of these areas have specific requirements pertaining to information flow and device functionality. However, software on these devices is currently unregulated, and there are mechanisms within the mobile operating systems that facilitate unintended and undesirable information sharing as well as granting excessive control to untrusted applications. To demonstrate this problem, we have created sample applications that exhibit unexpected capabilities in a manner that is (a) trivially implemented, (b) conforms to the advertised mechanisms for protecting such functionality, and (c) can easily go unnoticed by the user. Our proposed Field Unit Security Enforcer (FUSE) system will detect and alert the user to the presence of unintended capabilities, such as those demonstrated in the sample applications. FUSE will operate by performing a static analysis of each application's configuration and byte code before that application is installed on an Android platform.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government