A Secure, Usable, and Transparent Middleware for Permission Managers on Android
作者: Daibin Wang , Haixia Yao , Yingjiu Li , Hai Jin , Deqing Zou
DOI: 10.1109/TDSC.2015.2479613
关键词: Installation 、 Computer security 、 Permission 、 Permission system 、 Power consumption 、 Usability 、 Android (operating system) 、 Computer science 、 Operating system 、 USable
摘要: Android’s permission system offers an all-or-nothing choice when installing app. To make it more flexible and fine-grained, users may choose a popular app tool, called manager , to selectively grant or revoke app’s permissions at runtime. A fundamental requirement for such is that the granted revoked should be enforced faithfully. However, we discover none of existing managers meet this due leaks in which unprivileged can exercise certain are not-granted through communicating with privileged app.To address problem, propose secure, usable, transparent OS-level middleware any defend against leaks. The provably secure sense effectively block all possible leaks.The designed have minimal impact on usability running apps. In addition, developers requires minor modifications Android OS. Finally, our evaluation shows incurs relatively low performance overhead power consumption.
smu.edu.sg参考文章(33)
Yajin Zhou, Xinwen Zhang, Xuxian Jiang, Vincent W. Freeh, Taming information-stealing smartphone applications (on Android) trust and trustworthy computing. pp. 93- 107 ,(2011) , 10.1007/978-3-642-21599-5_7
Shashi Shekhar, Michael Dietz, Dan S. Wallach, AdSplit: separating smartphone advertising from applications usenix security symposium. pp. 28- 28 ,(2012)
Mauro Conti, Vu Thien Nga Nguyen, Bruno Crispo, CRePE: context-related policy enforcement for android international conference on information security. ,vol. 6531, pp. 331- 345 ,(2010) , 10.1007/978-3-642-18178-8_29
Machigar Ongtang, Stephen McLaughlin, William Enck, Patrick McDaniel, Semantically rich application-centric security in Android Security and Communication Networks. ,vol. 5, pp. 658- 673 ,(2012) , 10.1002/SEC.360
Shashi Shekhar, Michael Dietz, Anhei Shu, Dan S. Wallach, Yuliy Pisetsky, Quire: lightweight provenance for smart phone operating systems usenix security symposium. pp. 23- 23 ,(2011)
Alexander Moshchuk, Adrienne Porter Felt, Helen J. Wang, Erika Chin, Steven Hanna, Permission re-delegation: attacks and defenses usenix security symposium. pp. 22- 22 ,(2011)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee, Guofei Jiang, CHEX Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 229- 240 ,(2012) , 10.1145/2382196.2382223
Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner, Analyzing inter-application communication in Android Proceedings of the 9th international conference on Mobile systems, applications, and services - MobiSys '11. pp. 239- 252 ,(2011) , 10.1145/1999995.2000018
Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang, The impact of vendor customizations on android security computer and communications security. pp. 623- 634 ,(2013) , 10.1145/2508859.2516728