We propose to build a tool, Triceratops, for securing mobile applications. It allows any user to protect his or her personal information from malicious mobile apps, in ways that are not possible today. Triceratops takes a mobile app with a set of security policies as input, and generates a secured version of the app. The secured app dynamically and efficiently enforces the specified policies, guaranteeing the security and privacy of its users.
Our tool provides (a) Finer grained control than current security models, and (b) Security guarantees, which ensure no false negatives (no missed alarms) regarding malware. These properties provide a more secure environment for users with smartphones. The following three properties make Triceratops practical:
(1) Automated: The tool runs in a fully automated manner, with no manual code-inspection required, thus greatly speeding up the code review process.
(2) Portable: Triceratops uses code instrumentation to enforce the security policies within the app’s own code. Thus it can run on any runtime environment and without modification to the host OS.
(3) Lightweight: triceratops utilizes a combination of static analysis and dynamic enforcement mechanisms, that keep the overhead of running our system very low. We are excited that Triceratops’s enhanced security and ease of use have the potential to make secure mobile apps a reality.