An Effective Usage and Access Control Scheme for Preventing Permission Leak in a Trusted Execution Environment
作者: Rui Chang , Liehui Jiang , Qing Yin , Lu Ren , Qingfeng Liu
关键词:
摘要: In the universal Android system, each application runs in its own sandbox, and permission mechanism is used to enforce access control system APIs applications. However, leak could happen when an without certain illegally gain protected resources through other privileged order address a trusted execution environment, this paper designs security architecture which contains sandbox module, middleware usage proposes effective scheme that can prevent environment. Security based on has been implemented ARM-Android platform, evaluation of proposed demonstrates effectiveness mitigating vulnerabilities.
acm.org
sci-hub.se 参考文章(24)
Yajin Zhou, Xinwen Zhang, Xuxian Jiang, Vincent W. Freeh, Taming information-stealing smartphone applications (on Android) trust and trustworthy computing. pp. 93- 107 ,(2011) , 10.1007/978-3-642-21599-5_7
Michael Backes, Sebastian Gerling, Christian Hammer, Matteo Maffei, Philipp von Styp-Rekowsky, AppGuard: enforcing user requirements on android apps tools and algorithms for construction and analysis of systems. pp. 543- 548 ,(2013) , 10.1007/978-3-642-36742-7_39
Sven Bugiel, Ahmad-Reza Sadeghi, Stephan Heuser, Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies usenix security symposium. pp. 131- 146 ,(2013)
Zhongwen Zhang, Yuewu Wang, Jiwu Jing, Qiongxiao Wang, Lingguang Lei, Once Root Always a Threat: Analyzing the Security Threats of Android Permission System Information Security and Privacy. pp. 354- 369 ,(2014) , 10.1007/978-3-319-08344-5_23
Ross Anderson, Hassen Saïdi, Rubin Xu, Aurasium: practical policy enforcement for Android applications usenix security symposium. pp. 27- 27 ,(2012)
Mauro Conti, Vu Thien Nga Nguyen, Bruno Crispo, CRePE: context-related policy enforcement for android international conference on information security. ,vol. 6531, pp. 331- 345 ,(2010) , 10.1007/978-3-642-18178-8_29
Aliaksandr Lazouski, Fabio Martinelli, Paolo Mori, Survey: Usage control in computer security: A survey Computer Science Review. ,vol. 4, pp. 81- 99 ,(2010) , 10.1016/J.COSREV.2010.02.002
Yury Zhauniarovich, Giovanni Russello, Mauro Conti, Bruno Crispo, Earlence Fernandes, MOSES: Supporting and Enforcing Security Profiles on Smartphones IEEE Transactions on Dependable and Secure Computing. ,vol. 11, pp. 211- 223 ,(2014) , 10.1109/TDSC.2014.2300482
Michael Backes, Sven Bugiel, Sebastian Gerling, Philipp von Styp-Rekowsky, Android security framework: extensible multi-layered access control on Android annual computer security applications conference. pp. 46- 55 ,(2014) , 10.1145/2664243.2664265
Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang, The impact of vendor customizations on android security computer and communications security. pp. 623- 634 ,(2013) , 10.1145/2508859.2516728