Wallach, Daniel S.2013-03-082013-03-082012Dietz, Michael. "QUIRE: Lightweight Provenance for Smart Phone Operating Systems." (2012) Master’s Thesis, Rice University. <a href="https://hdl.handle.net/1911/70228">https://hdl.handle.net/1911/70228</a>.https://hdl.handle.net/1911/70228Smartphone applications(apps) often run with full privileges to access the network and sensitive local resources, making it difficult for remote systems to have any trust in the provenance of network connections they receive. Even within the phone, different apps with different privileges can communicate with one another, allowing one app to trick another into improperly exercising its privileges (a confused deputy attack). This thesis presents two new security mechanisms built into the Android operating system to address these issues. First, the call chain of all interprocess communications are tracked, allowing an app the choice of operating with the diminished privileges of its callers or to act explicitly on its own behalf. Additionally, a lightweight signature scheme allows any app to create a signed statement that can be verified anywhere inside the phone. Both of these mechanisms are reflected in network RPCs, allowing remote endpoints visibility into the state of the phone when an RPC is made.66 p.application/pdfengCopyright is held by the author, unless otherwise indicated. Permission to reuse, publish, or reproduce the work beyond the bounds of fair use or other exemptions to copyright law must be obtained from the copyright holder.Applied sciencesComputer scienceThesisDietzMTHESIS COMP.SCI. 2012 DIETZ