Dynamic Security Policy Enforcement on Android

被引:0
作者
Vanco, Matus [1 ]
Aron, Lukas [1 ]
机构
[1] Brno Univ Technol, Brno, Czech Republic
来源
INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS | 2016年 / 10卷 / 09期
关键词
private data; Aurasium framework; operating system; system call; binder driver; Android security; policy enforcement; security policy;
D O I
10.14257/ijsia.2016.10.9.15
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
This work presentss the system for dynamic enforcement of access rights on Android. Each application will be repackaged by this system, so that the access to selected private data is restricted for the outer world. The system intercepts the system calls using Aurasium framework and adds an innovative approach of tracking the information flows from the privacy-sensitive sources using tainting mechanism without need of administrator rights. There has been designed file-level and data-level taint propagation and policy enforcement based on Android binder.
引用
收藏
页码:141 / 148
页数:8
相关论文
共 50 条
[31]   A Framework for Security Policy Derivation [J].
Peng, Fei ;
Zhang, Tao ;
Xu, Weiguang ;
Zhao, Min .
PROCEEDINGS OF THE 2016 2ND WORKSHOP ON ADVANCED RESEARCH AND TECHNOLOGY IN INDUSTRY APPLICATIONS, 2016, 81 :1899-1903
[32]   Security Enforcement by Rewriting: An Algebraic Approach [J].
Sui, Guangye ;
Mejri, Mohamed .
FOUNDATIONS AND PRACTICE OF SECURITY (FPS 2015), 2016, 9482 :311-321
[33]   Formal and efficient enforcement of security policies [J].
Langar, A ;
Mejri, M .
FCS '05: Proceedings of the 2005 International Conference on Foundations of Computer Science, 2005, :143-149
[34]   Probabilistic cost enforcement of security policies [J].
Mallios, Yannis ;
Bauer, Lujo ;
Kaynar, Dilsun ;
Martinelli, Fabio ;
Morisset, Charles .
JOURNAL OF COMPUTER SECURITY, 2015, 23 (06) :759-787
[35]   Investigating Weaknesses in Android Certificate Security [J].
Krych, Daniel E. ;
Lange-Maney, Stephen ;
McDaniel, Patrick ;
Glodek, William .
MODELING AND SIMULATION FOR DEFENSE SYSTEMS AND APPLICATIONS X, 2015, 9478
[36]   Android data storage security: A review [J].
Altuwaijri, Haya ;
Ghouzali, Sanaa .
JOURNAL OF KING SAUD UNIVERSITY-COMPUTER AND INFORMATION SCIENCES, 2020, 32 (05) :543-552
[37]   Security-enhanced Android for an enterprise [J].
Rehman S.R. ;
Waheed M. ;
Masood A. .
International Journal of Security and Networks, 2022, 17 (02) :92-106
[38]   A Security Configuration Assessment for Android Devices [J].
Vecchiato, Daniel ;
Vieira, Marco ;
Martins, Eliane .
30TH ANNUAL ACM SYMPOSIUM ON APPLIED COMPUTING, VOLS I AND II, 2015, :2299-2304
[39]   Android Security: Permission Based Attacks [J].
Jain, Arushi ;
Prachi .
PROCEEDINGS OF THE 10TH INDIACOM - 2016 3RD INTERNATIONAL CONFERENCE ON COMPUTING FOR SUSTAINABLE GLOBAL DEVELOPMENT, 2016, :2754-2759
[40]   Network Security Challenges in Android Applications [J].
Buhov, Damjan ;
Huber, Markus ;
Merzdovnik, Georg ;
Weippl, Edgar ;
Dimitrova, Vesna .
PROCEEDINGS 10TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY ARES 2015, 2015, :327-332
12345