Porscha: Policy oriented secure content handling in android

MacHigar Ongtang, Kevin Butler, Patrick McDaniel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

54 Scopus citations

Abstract

The penetration of cellular networks worldwide and emergence of smart phones has led to a revolution in mobile content. Users consume diverse content when, for example, exchanging photos, playing games, browsing websites, and viewing multimedia. Current phone platforms provide protections for user privacy, the cellular radio, and the integrity of the OS itself. However, few offer protections to protect the content once it enters the phone. For example, MP3-based MMS or photo content placed on Android smart phones can be extracted and shared with impunity. In this paper, we explore the requirements and enforcement of digital rights management (DRM) policy on smart phones. An analysis of the Android market shows that DRM services should ensure: a) protected content is accessible only by authorized phones b) content is only accessible by provider-endorsed applications, and c) access is regulated by contextual constraints, e.g., used for a limited time, a maximum number of viewings, etc. The Porscha system developed in this work places content proxies and reference monitors within the Android middleware to enforce DRM policies embedded in received content. A pilot study controlling content obtained over SMS, MMS, and email illustrates the expressibility and enforcement of Porscha policies. Our experiments demonstrate that Porscha is expressive enough to articulate needed DRM policies and that their enforcement has limited impact on performance.

Original languageEnglish (US)
Title of host publicationProceedings - 26th Annual Computer Security Applications Conference, ACSAC 2010
Pages221-230
Number of pages10
DOIs
StatePublished - Dec 1 2010
Event26th Annual Computer Security Applications Conference, ACSAC 2010 - Austin, TX, United States
Duration: Dec 6 2010Dec 10 2010

Publication series

NameProceedings - Annual Computer Security Applications Conference, ACSAC
ISSN (Print)1063-9527

Other

Other26th Annual Computer Security Applications Conference, ACSAC 2010
CountryUnited States
CityAustin, TX
Period12/6/1012/10/10

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Porscha: Policy oriented secure content handling in android'. Together they form a unique fingerprint.

  • Cite this

    Ongtang, M., Butler, K., & McDaniel, P. (2010). Porscha: Policy oriented secure content handling in android. In Proceedings - 26th Annual Computer Security Applications Conference, ACSAC 2010 (pp. 221-230). (Proceedings - Annual Computer Security Applications Conference, ACSAC). https://doi.org/10.1145/1920261.1920295