Dynamic Security Policy Enforcement on Android

被引:0
|
作者
Vanco, Matus [1 ]
Aron, Lukas [1 ]
机构
[1] Brno Univ Technol, Brno, Czech Republic
来源
INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS | 2016年 / 10卷 / 09期
关键词
private data; Aurasium framework; operating system; system call; binder driver; Android security; policy enforcement; security policy;
D O I
10.14257/ijsia.2016.10.9.15
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
This work presentss the system for dynamic enforcement of access rights on Android. Each application will be repackaged by this system, so that the access to selected private data is restricted for the outer world. The system intercepts the system calls using Aurasium framework and adds an innovative approach of tracking the information flows from the privacy-sensitive sources using tainting mechanism without need of administrator rights. There has been designed file-level and data-level taint propagation and policy enforcement based on Android binder.
引用
收藏
页码:141 / 148
页数:8
相关论文
共 50 条
  • [1] An Android runtime security policy enforcement framework
    Hammad Banuri
    Masoom Alam
    Shahryar Khan
    Jawad Manzoor
    Bahar Ali
    Yasar Khan
    Mohsin Yaseen
    Mir Nauman Tahir
    Tamleek Ali
    Quratulain Alam
    Xinwen Zhang
    Personal and Ubiquitous Computing, 2012, 16 : 631 - 641
  • [2] An Android runtime security policy enforcement framework
    Banuri, Hammad
    Alam, Masoom
    Khan, Shahryar
    Manzoor, Jawad
    Ali, Bahar
    Khan, Yasar
    Yaseen, Mohsin
    Tahir, Mir Nauman
    Ali, Tamleek
    Alam, Quratulain
    Zhang, Xinwen
    PERSONAL AND UBIQUITOUS COMPUTING, 2012, 16 (06) : 631 - 641
  • [3] Formal and Automatic Security Policy Enforcement on Android Applications by Rewriting
    Ziadia, Marwa
    Mejri, Mohamed
    Fattahi, Jaouhar
    NEW TRENDS IN INTELLIGENT SOFTWARE METHODOLOGIES, TOOLS AND TECHNIQUES, 2021, 337 : 85 - 98
  • [4] CRePE: Context-Related Policy Enforcement for Android
    Conti, Mauro
    Vu Then Nga Nguyen
    Crispo, Bruno
    INFORMATION SECURITY, 2011, 6531 : 331 - +
  • [5] A permission-carrying security policy and static enforcement for information flows in Android programs
    Liu, Xiaojian
    Liu, Kehong
    COMPUTERS & SECURITY, 2023, 126
  • [6] Automatic security policy enforcement in computer systems
    Adi, Kamel
    Hamza, Lamia
    Pene, Liviu
    COMPUTERS & SECURITY, 2018, 73 : 156 - 171
  • [7] Multi-stakeholders' policy enforcement for Android
    Afridi, Shahryar Khan
    Khan, Daud
    Jan, Latif
    Khan, Aftab
    2016 IEEE 14TH INTL CONF ON DEPENDABLE, AUTONOMIC AND SECURE COMPUTING, 14TH INTL CONF ON PERVASIVE INTELLIGENCE AND COMPUTING, 2ND INTL CONF ON BIG DATA INTELLIGENCE AND COMPUTING AND CYBER SCIENCE AND TECHNOLOGY CONGRESS (DASC/PICOM/DATACOM/CYBERSC, 2016, : 317 - 321
  • [8] Runtime Enforcement of Dynamic Security Policies
    Horcas, Jose-Miguel
    Pinto, Monica
    Fuentes, Lidia
    SOFTWARE ARCHITECTURE, ECSA 2014, 2014, 8627 : 340 - 356
  • [9] ProSPEC: Proactive Security Policy Enforcement for Containers
    Kermabon-Bobinnec, Hugo
    Gholipourchoubeh, Mahmood
    Bagheri, Sima
    Majumdar, Suryadipta
    Jarraya, Yosr
    Pourzandi, Makan
    Wang, Lingyu
    CODASPY'22: PROCEEDINGS OF THE TWELVETH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY, 2022, : 155 - 166
  • [10] Security policy enforcement for networked smart objects
    Sicari, Sabrina
    Rizzardi, Alessandra
    Miorandi, Daniele
    Cappiello, Cinzia
    Coen-Porisini, Alberto
    COMPUTER NETWORKS, 2016, 108 : 133 - 147
12345