Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies
作者: Sven Bugiel , Ahmad-Reza Sadeghi , Stephan Heuser
DOI:
关键词:
摘要: In this paper we tackle the challenge of providing a generic security architecture for Android OS that can serve as flexible and effective ecosystem to instantiate different solutions. contrast prior work our architecture, termed FlaskDroid, provides mandatory access control simultaneously on both Android's middleware kernel layers. The alignment policy enforcement these two layers is non-trivial due their completely semantics. We present an efficient language (inspired by SELinux) tailored specifics show flexibility policy-driven instantiations selected models such existing Saint well new privacy-protecting, user-defined fine-grained per-app model. Other possible include phone booth mode, or dual persona phone. Finally evaluate implementation SE 4.0.4 illustrating its efficiency effectiveness.
cased.de
tu-darmstadt.de
acm.org 参考文章(46)
Yajin Zhou, Xinwen Zhang, Xuxian Jiang, Vincent W. Freeh, Taming information-stealing smartphone applications (on Android) trust and trustworthy computing. pp. 93- 107 ,(2011) , 10.1007/978-3-642-21599-5_7
Michael Backes, Sebastian Gerling, Christian Hammer, Matteo Maffei, Philipp von Styp-Rekowsky, AppGuard: enforcing user requirements on android apps tools and algorithms for construction and analysis of systems. pp. 543- 548 ,(2013) , 10.1007/978-3-642-36742-7_39
Todd Millstein, Kristopher K. Micinski, Jinseong Jeon, Nikhilesh Reddy, Jeffrey S. Foster, Yixin Zhu, Jeffrey A. Vaughan, Dr. Android and Mr. Hide: Fine-grained security policies on unmodified Android ,(2011)
P. MDaniel, A. Prakash, Methods and limitations of security policy reconciliation ieee symposium on security and privacy. pp. 73- 87 ,(2002) , 10.1109/SECPRI.2002.1004363
Niels Provos, Improving host security with system call policies usenix security symposium. pp. 18- 18 ,(2003)
Ross Anderson, Hassen Saïdi, Rubin Xu, Aurasium: practical policy enforcement for Android applications usenix security symposium. pp. 27- 27 ,(2012)
Mauro Conti, Vu Thien Nga Nguyen, Bruno Crispo, CRePE: context-related policy enforcement for android international conference on information security. ,vol. 6531, pp. 331- 345 ,(2010) , 10.1007/978-3-642-18178-8_29
Xinwen Zhang, Jean-Pierre Seifert, Onur Acıiçmez, SEIP: simple and efficient integrity protection for open mobile platforms international conference on information and communication security. pp. 107- 125 ,(2010) , 10.1007/978-3-642-17650-0_9
Shashi Shekhar, Michael Dietz, Anhei Shu, Dan S. Wallach, Yuliy Pisetsky, Quire: lightweight provenance for smart phone operating systems usenix security symposium. pp. 23- 23 ,(2011)
Alexander Moshchuk, Adrienne Porter Felt, Helen J. Wang, Erika Chin, Steven Hanna, Permission re-delegation: attacks and defenses usenix security symposium. pp. 22- 22 ,(2011)