Apex: extending Android permission model and enforcement with user-defined runtime constraints
作者: Mohammad Nauman , Sohail Khan , Xinwen Zhang
关键词: Computer security 、 Enforcement 、 User defined 、 Computer science 、 Permission 、 Android (operating system) 、 Mobile phone
摘要: Android is the first mass-produced consumer-market open source mobile platform that allows developers to easily create applications and users readily install them. However, giving ability third-party poses serious security concerns. While existing mechanism in a phone user see which resources an application requires, she has no choice but allow access all requested permissions if wishes use applications. There way of granting some denying others. Moreover, there restricting usage based on runtime constraints such as location device or number times resource been previously used. In this paper, we present Apex -- policy enforcement framework for selectively grant well impose resources. We also describe extended package installer set these through easy-to-use interface. Our implemented minimal change code base backward compatible with current mechanism.
acm.org
profsandhu.com参考文章(13)
Fabio Martinelli, Paolo Mori, Enhancing Java security with history based access control Foundations of security analysis and design IV. pp. 135- 159 ,(2007) , 10.1007/978-3-540-74810-6_5
Jaehong Park, Ravi Sandhu, Towards usage control models: beyond traditional access control symposium on access control models and technologies. pp. 57- 64 ,(2002) , 10.1145/507711.507722
Jerry Cheng, Starsky H.Y. Wong, Hao Yang, Songwu Lu, SmartSiren Proceedings of the 5th international conference on Mobile systems, applications and services - MobiSys '07. pp. 258- 271 ,(2007) , 10.1145/1247660.1247690
William Enck, Machigar Ongtang, Patrick McDaniel, On lightweight mobile phone application certification computer and communications security. pp. 235- 245 ,(2009) , 10.1145/1653662.1653691
R.S. Sandhu, Lattice-based access control models IEEE Computer. ,vol. 26, pp. 9- 19 ,(1993) , 10.1109/2.241422
Radmilo Racic, Denys Ma, Hao Chen, Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery 2006 Securecomm and Workshops. pp. 1- 10 ,(2006) , 10.1109/SECCOMW.2006.359550
William Enck, Machigar Ongtang, Patrick McDaniel, Understanding Android Security ieee symposium on security and privacy. ,vol. 7, pp. 50- 57 ,(2009) , 10.1109/MSP.2009.26
Ravi Sandhu, Rationale for the RBAC96 family of access control models Proceedings of the first ACM Workshop on Role-based access control. pp. 9- ,(1996) , 10.1145/270152.270167
Machigar Ongtang, Stephen McLaughlin, William Enck, Patrick McDaniel, Semantically Rich Application-Centric Security in Android annual computer security applications conference. pp. 340- 349 ,(2009) , 10.1109/ACSAC.2009.39
Nishith Khantal, Oscar Almeida, Benjamin G. Zorn, Johannes Helander, Evidence-Based Access Control for Ubiquitous Web Services IEEE. ,(2008)