CRêPE: A System for Enforcing Fine-Grained Context-Related Policies on Android
作者: M. Conti , B. Crispo , E. Fernandes , Y. Zhauniarovich
DOI: 10.1109/TIFS.2012.2204249
关键词:
摘要: Current smartphone systems allow the user to use only marginally contextual information specify behavior of applications: this hinders wide adoption technology its full potential. In paper, we fill gap by proposing CRePE, a fine-grained Context-Related Policy Enforcement System for Android. While concept context-related access control is not new, first work that brings into environment. particular, in our work, context can be defined by: status variables sensed physical (low level) sensors, like time and location; additional processing on these data via software (high sensors; or particular interactions with users third parties. CRePE allows policies set (even at runtime) both authorized parties locally (via an application) remotely SMS, MMS, Bluetooth, QR-code). A thorough experiments shows implementation has negligible overhead terms energy consumption, time, storage, making system ready production
sci-hub.se 参考文章(31)
Yajin Zhou, Xinwen Zhang, Xuxian Jiang, Vincent W. Freeh, Taming information-stealing smartphone applications (on Android) trust and trustworthy computing. pp. 93- 107 ,(2011) , 10.1007/978-3-642-21599-5_7
Guangdong Bai, Liang Gu, Tao Feng, Yao Guo, Xiangqun Chen, Context-Aware Usage Control for Android international conference on security and privacy in communication systems. pp. 326- 343 ,(2010) , 10.1007/978-3-642-16161-2_19
Mauro Conti, Vu Thien Nga Nguyen, Bruno Crispo, CRePE: context-related policy enforcement for android international conference on information security. ,vol. 6531, pp. 331- 345 ,(2010) , 10.1007/978-3-642-18178-8_29
A. Corradi, R. Montanari, D. Tibaldi, Context-based access control management in ubiquitous environments network computing and applications. pp. 253- 260 ,(2004) , 10.1109/NCA.2004.1347784
G.M. Djuknic, R.E. Richton, Geolocation and assisted GPS IEEE Computer. ,vol. 34, pp. 123- 125 ,(2001) , 10.1109/2.901174
A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev, C. Glezer, Google Android: A Comprehensive Security Assessment ieee symposium on security and privacy. ,vol. 8, pp. 35- 44 ,(2010) , 10.1109/MSP.2010.2
William Enck, Machigar Ongtang, Patrick McDaniel, On lightweight mobile phone application certification computer and communications security. pp. 235- 245 ,(2009) , 10.1145/1653662.1653691
Pietro Mazzoleni, Bruno Crispo, Swaminathan Sivasubramanian, Elisa Bertino, XACML Policy Integration Algorithms ACM Transactions on Information and System Security. ,vol. 11, pp. 4- ,(2008) , 10.1145/1330295.1330299
Alastair R. Beresford, Andrew Rice, Nicholas Skehin, Ripduman Sohan, MockDroid Proceedings of the 12th Workshop on Mobile Computing Systems and Applications - HotMobile '11. pp. 49- 54 ,(2011) , 10.1145/2184489.2184500
Michael A. Harrison, Walter L. Ruzzo, Jeffrey D. Ullman, Protection in operating systems Communications of The ACM. ,vol. 19, pp. 461- 471 ,(1976) , 10.1145/360303.360333