Sciweavers

DIMVA
2006

Using Labeling to Prevent Cross-Service Attacks Against Smart Phones

14 years 1 months ago
Using Labeling to Prevent Cross-Service Attacks Against Smart Phones
Wireless devices that integrate the functionality of PDAs and cell phones are becoming commonplace, making different types of network services available to mobile applications. However, the integration of different services allows an attacker to cross service boundaries. For example, an attack carried out through the wireless network interface may eventually provide access to the phone functionality. This type of attacks can cause considerable damage because some of the services (e.g., the GSM-based services) charge the user based on the traffic or time of use. In this paper, we demonstrate the feasibility of these attacks by developing a proof-of-concept exploit that crosses service boundaries. To address these security issues, we developed a solution based on resource labeling. We modified the kernel of an integrated wireless device so that processes and files are marked in a way that allows one to regulate the access to different system resources. Labels are set when certain network...
Collin Mulliner, Giovanni Vigna, David Dagon, Wenk
Added 30 Oct 2010
Updated 30 Oct 2010
Type Conference
Year 2006
Where DIMVA
Authors Collin Mulliner, Giovanni Vigna, David Dagon, Wenke Lee
Comments (0)