SemaDroid: A Privacy-Aware Sensor Management Framework for Smartphones
作者: Zhi Xu , Sencun Zhu
关键词: Android (operating system) 、 Enforcement 、 Private information retrieval 、 Computer security 、 Third party 、 Computer science 、 Access control 、 Usability 、 Android security 、 Attack surface
摘要: While mobile sensing applications are booming, the sensor management mechanisms in current smartphone operating systems left behind -- they incomprehensive and coarse-grained, exposing a huge attack surface for malicious or aggressive third party apps to steal user's private information through sensors.In this paper, we propose privacy-aware framework, called SemaDroid, which extends existing framework on Android provide comprehensive fine-grained access control over onboard sensors. SemaDroid allows user monitor usage of installed apps, disclosure while not affecting app's usability. Furthermore, supports context-aware quality-of-sensing based policies. The enforcement update policies real-time. Detailed design implementation presented show that works compatible with security framework. Demonstrations also given capability defeating emerging sensor-based attacks. Finally, high efficiency SemaDroid.
acm.org
elsevier.com
sci-hub.se 参考文章(40)
Yajin Zhou, Xinwen Zhang, Xuxian Jiang, Vincent W. Freeh, Taming information-stealing smartphone applications (on Android) trust and trustworthy computing. pp. 93- 107 ,(2011) , 10.1007/978-3-642-21599-5_7
Tao Xie, Rahul Pandita, William Enck, Xusheng Xiao, Wei Yang, WHYPER: towards automating risk assessment of mobile applications usenix security symposium. pp. 527- 542 ,(2013)
Damien Octeau, William Enck, Patrick McDaniel, Swarat Chaudhuri, A study of android application security usenix security symposium. pp. 21- 21 ,(2011)
M. Hilty, A. Pretschner, D. Basin, C. Schaefer, T. Walter, A Policy Language for Distributed Usage Control Computer Security – ESORICS 2007. pp. 531- 546 ,(2007) , 10.1007/978-3-540-74835-9_35
Philippe Golle, Kurt Partridge, On the Anonymity of Home/Work Location Pairs international conference on pervasive computing. pp. 390- 397 ,(2009) , 10.1007/978-3-642-01516-8_26
Mary J. Culnan, How did they get my name?: an exploratory investigation of consumer attitudes toward secondary information use Management Information Systems Quarterly. ,vol. 17, pp. 341- 363 ,(1993) , 10.2307/249775
Hong Lu, A. J. Bernheim Brush, Bodhi Priyantha, Amy K. Karlson, Jie Liu, SpeakerSense: energy efficient unobtrusive speaker identification on mobile phones international conference on pervasive computing. pp. 188- 205 ,(2011) , 10.1007/978-3-642-21726-5_12
Nan Xu, Fan Zhang, Yisha Luo, Weijia Jia, Dong Xuan, Jin Teng, Stealthy video capturer Proceedings of the second ACM conference on Wireless network security - WiSec '09. pp. 69- 78 ,(2009) , 10.1145/1514274.1514285
Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Ahmad-Reza Sadeghi, Bhargava Shastry, Practical and lightweight domain isolation on Android Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices - SPSM '11. pp. 51- 62 ,(2011) , 10.1145/2046614.2046624
Jun Han, Emmanuel Owusu, Le T Nguyen, Sauvik Das, Adrian Perrig, Joy Zhang, ACComplice: Location inference using accelerometers on smartphones communication systems and networks. pp. 1- 9 ,(2012) , 10.1109/COMSNETS.2012.6151305