Complex software systems, such as the software running on mobile phones, have multiple software components. Such software systems often communicate via message-passing. Communicating in this manner allows one software component to trigger an action in another component. For example, when a user taps on a particular icon displayed on the screen of a mobile device, the tapping on the icon may be handled by a first application (which is typically termed a “launcher application”). This first application, in turn, may send a message to a second application that is represented by the icon. Upon receiving the message, the second application represented by the icon will launch. This type of message-passing is typically abbreviated as “inter-process communication” or IPC.
There are a variety of reasons for dividing complex software systems into components that communicate via inter-process communication. One such reason is security. Components may be configured to require different levels of access privileges. For example, an email component may be permitted to access a mobile phone network (and consequently render the user liable for monetary charges for accessing the mobile phone network) while another application, such as a calendar application, may not be permitted to access the network. Therefore, if malicious software were to infect the calendar program, the infected calendar program would not be able to cost the user money for using the network.
Certain prior art approaches employ an IPC firewall to secure the interactions between certain software components. FIG. 1 is a block diagram of an IPC firewall according to the prior art. As shown in FIG. 1, an IPC firewall according to the prior art blocks a message from arriving at its destination if the message is denied passage by the firewall. Prior art IPC firewalls reside within the operating system.