Practical Context-Aware Permission Control for Hybrid Mobile Applications
作者: Kapil Singh
DOI: 10.1007/978-3-642-41284-4_16
关键词:
摘要: The rapid growth of mobile computing has resulted in the development new programming paradigms for quick and easy applications. Hybrid frameworks, such as PhoneGap, allow use web technologies applications with native access to device's resources. These untrusted third-party desire user's data resources, leaving content vulnerable accidental or malicious leaks by hybrid frameworks present opportunities enhance security platforms providing an application-layer runtime controlling application's behavior. In this work, we a practical design novel framework, named MobileIFC, building privacy-preserving platforms. We information flow models control what can do they receive. utilize framework develop fine-grained, context-sensitive permission model that enables users application developers specify rich policies. show viability our means prototype. usability is further evaluated developing sample using APIs. Our evaluation experience suggests MobileIFC provides performant solution
springer.com
sci-hub.se 参考文章(17)
Ross Anderson, Hassen Saïdi, Rubin Xu, Aurasium: practical policy enforcement for Android applications usenix security symposium. pp. 27- 27 ,(2012)
Mauro Conti, Vu Thien Nga Nguyen, Bruno Crispo, CRePE: context-related policy enforcement for android international conference on information security. ,vol. 6531, pp. 331- 345 ,(2010) , 10.1007/978-3-642-18178-8_29
Manuel Egele, Christopher Kruegel, Engin Kirda, Giovanni Vigna, PiOS : Detecting privacy leaks in iOS applications network and distributed system security symposium. ,(2011)
Kapil Singh, Wenke Lee, Sumeer Bhola, xBook: redesigning privacy control in social networking platforms usenix security symposium. pp. 249- 266 ,(2009)
Alexander Moshchuk, Adrienne Porter Felt, Helen J. Wang, Erika Chin, Steven Hanna, Permission re-delegation: attacks and defenses usenix security symposium. pp. 22- 22 ,(2011)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
William Enck, Machigar Ongtang, Patrick McDaniel, On lightweight mobile phone application certification computer and communications security. pp. 235- 245 ,(2009) , 10.1145/1653662.1653691
Silas Boyd-Wickizer, David Mazières, Nickolai Zeldovich, Eddie Kohler, Making information flow explicit in HiStar operating systems design and implementation. pp. 263- 278 ,(2006) , 10.5555/1298455.1298481
Mohammad Nauman, Sohail Khan, Xinwen Zhang, Apex: extending Android permission model and enforcement with user-defined runtime constraints computer and communications security. pp. 328- 332 ,(2010) , 10.1145/1755688.1755732
Machigar Ongtang, Stephen McLaughlin, William Enck, Patrick McDaniel, Semantically Rich Application-Centric Security in Android annual computer security applications conference. pp. 340- 349 ,(2009) , 10.1109/ACSAC.2009.39