TruStore: Implementing a Trusted Store for Android

Yury, Zhauniarovich and Olga, Gadyatskaya and Bruno, Crispo (2013) TruStore: Implementing a Trusted Store for Android. CCS : ACM.

PDF - Full Text
Download (947Kb) | Preview


    In the Android ecosystem, the process of verifying the integrity of downloaded apps is left to the user. Different from other systems, e.g., Apple, App Store, Google does not provide any certified vetting process for the Android apps. This choice has a lot of advantages but it is also the open door to possible attacks as the recent one shown by Bluebox. To address this issue, we present how to enable the deployment of application certification service, we called TruStores, for the Android platform. In our approach, the TruStore client enabled on the end-user device ensures that only the applications, which have been certified by the TruStore server, are installed on the user smartphone. We envisage trusted markets (TruStore servers, which can be, e.g., corporate application markets) that guarantee security by enabling an application vetting process. The TruStore infrastructure maintains the open nature of the Android ecosystem and requires minor modications to Android stack. Moreover, it is backward-compatible and transparent for developers, and does not change the application management process on a device. In the paper we present the TruStore architecture and report the implementation details of the client part.

    Item Type: Departmental Technical Report
    Department or Research center: Information Engineering and Computer Science
    Subjects: Q Science > QA Mathematics > QA076 Computer software
    Report Number: DISI-14-010
    Repository staff approval on: 22 Oct 2014 11:08

    Actions (login required)

    View Item