Polymer for Android

Building on the Polymer system designed by Bauer, Ligatti and Walker, which allowed enforcing user-defined security policies on single-threaded Java applications, this research extends Polymer to enforce policies on multiple applications, possibly distributed across several hosts. Using Android as a case study, we adapted Polymer to equip each app with a monitor, and we added communication capability and central storage so that monitors can regulate interactions between apps and make decisions based on their shared state. Our central storage design also includes load-linked and store-conditional operations to support synchronization of parallel updates, and each communication module is accompanied by a non-circumvention policy designed to protect the integrity, authenticity and confidentiality properties of the channel. The non-circumvention policy can be composed with user-defined policies that involve two or more apps. To demonstrate the efficacy of the system, we implemented and tested three policies: the first prevents apps from making background calls caused by confused deputy attacks or collusion attacks; the second disallows sending background SMS messages exceeding a specified quota, and the third enforces a specified device location sampling rate among all apps on the device.