Browsing by Author "Khan, Muhammad Shahpar Nafees"

Filter results by typing the first few letters
Now showing 1 - 1 of 1
  • Thumbnail Image
    Item
    A Security Analysis of the Multi-User Ecosystem in Android Framework
    (University of Waterloo, 2024-10-23) Khan, Muhammad Shahpar Nafees; Aafer, Yousra
    The Android framework’s multi-user ecosystem introduces significant security challenges, particularly in the enforcement of user-specific access control checks. While previous research has highlighted flaws in Android’s access control mechanism, these efforts often overlook the complexities introduced by vendor customization and the unique demands of a multi-user environment. In this thesis, we conduct a systematic analysis of the Android Open Source Project (AOSP), identifying key patterns regulating multi-user access control implementations. We use these patterns to develop MVP, a static analysis tool that examines vendor ROMs for missing user-specific access control checks in custom ROMs. For example, our analysis reveals that Android’s multi-user environment is susceptible to cross-user attacks; sensitive data can be shared between profiles, and non-privileged users can manipulate privileged system settings. These findings underscore the need for rigorous enforcement of access control mechanisms to mitigate security risks in Android’s multi-user environment.