Semantically rich application-centric security in Android
作者: Machigar Ongtang , Stephen McLaughlin , William Enck , Patrick McDaniel
DOI: 10.1002/SEC.360
关键词:
摘要: Smartphones are now ubiquitous. However, the security requirements of these relatively new systems and applications they support still being understood. As a result, infrastructure available in current smartphone operating is largely underdeveloped. In this paper, we consider augment existing Android system with framework to meet them. We present Secure Application INTeraction (Saint), modified that governs install-time permission assignment their run-time use as dictated by application provider policy. An in-depth description semantics policy presented. The architecture technical detail Saint given, areas for extension, optimization, improvement explored. demonstrate through concrete example study real-world provides necessary utility assert control decisions on platform. Copyright © 2012 John Wiley & Sons, Ltd.
elsevier.com
sci-hub.se 参考文章(14)
James P. Anderson, Computer Security Technology Planning Study ,(1972)
P. MDaniel, A. Prakash, Methods and limitations of security policy reconciliation ieee symposium on security and privacy. pp. 73- 87 ,(2002) , 10.1109/SECPRI.2002.1004363
Ralf Hund, Michael Becher, Kernel-Level Interception and Applications on Mobile Devices ,(2008)
Matt Bishop, Computer Security: Art and Science ,(2002)
Steven M. Bellovin, Aviel D. Rubin, William R. Cheswick, Firewalls and Internet Security: Repelling the Wily Hacker ,(2003)
James P. Anderson, Computer Security Technology Planning Study. Volume 2 Defense Technical Information Center. ,(1972) , 10.21236/AD0772806
Lieven Desmet, Wouter Joosen, Fabio Massacci, Katsiaryna Naliuka, Pieter Philippaerts, Frank Piessens, Dries Vanoverberghe, A flexible security architecture to support third-party applications on mobile devices workshop on computer security architecture. pp. 19- 28 ,(2007) , 10.1145/1314466.1314470
William Enck, Machigar Ongtang, Patrick McDaniel, On lightweight mobile phone application certification computer and communications security. pp. 235- 245 ,(2009) , 10.1145/1653662.1653691
Vikhyath Rao, Trent Jaeger, Dynamic mandatory access control for multiple stakeholders Proceedings of the 14th ACM symposium on Access control models and technologies - SACMAT '09. pp. 53- 62 ,(2009) , 10.1145/1542207.1542217
Divya Muthukumaran, Anuj Sawani, Joshua Schiffman, Brian M. Jung, Trent Jaeger, Measuring integrity on mobile phone systems Proceedings of the 13th ACM symposium on Access control models and technologies - SACMAT '08. pp. 155- 164 ,(2008) , 10.1145/1377836.1377862