Aquifer: Preventing Accidental Data Disclosure in Modern OSes
Modern OSes such as Android, iOS, and Windows 8 have changed the way
consumers interact with computing devices. Tasks are often completed
by stringing together a collection of purpose-specific user
applications (e.g., a barcode reader, a social networking app, a
document viewer). As users direct this workflow between applications,
it is difficult to predict the consequence of each step. Poor selection
may result in accidental information disclosure when the target
application unknowingly uses cloud services. The Aquifer DIFC system
prevents accidental information disclosure in modern operating systems.
In Aquifer, application developers define secrecy restrictions that
protect the entire user interface workflow defining the user task. In
doing so, Aquifer provides protection beyond simple permission checks
and allows applications to retain control of data even after it is
shared.
Licensing Information
License for changes to the Android platform
License for changes to the Android (Linux) Kernel
Downloading the source code.
First, establish the AOSP build environment as described here.
Then, create a working directory for Aquifer, and download the source code
for android-4.0.3_r1 to it. This is the unmodified Android source
code; we will download Aquifer’s modifications in the next few steps.
Optional Note: Syncing the Android platform code will take significant time, so use screen to be safe.
Download and apply Aquifer patches for the Android framework
Patch /framework/base
Patch /bionic
Patch /system/core
Patch /system/extras
Generate the necessary syscalls
Download and configure the Android kernel for Aquifer
In the kernel, modify the .config file. Replace the “File Systems” section of .config with:
Replace the entire “Security options” section in the .config file with:
Build the Aquifer Kernel
Copy the newly built kernel to the aquifer-4.0.3_r1 build directory
Building Aquifer
Building the Android framework
First, download the proprietary binaries needed for building for the Galaxy Nexus (maguro), as shown here.
Then, in the working directory (i.e., “aquifer-4.0.3_r1”), execute the following commands:
Flashing Aquifer to a device
First, ensure that the bootloader of the device is unlocked. Then, use
fastboot to flash the newly built images to the device.
Finally, copy the modified android.jar file, needed for importing classes specific to Aquifer.