Dynamic Security Policy Enforcement on Android

被引:0
作者
Vanco, Matus [1 ]
Aron, Lukas [1 ]
机构
[1] Brno Univ Technol, Brno, Czech Republic
来源
INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS | 2016年 / 10卷 / 09期
关键词
private data; Aurasium framework; operating system; system call; binder driver; Android security; policy enforcement; security policy;
D O I
10.14257/ijsia.2016.10.9.15
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
This work presentss the system for dynamic enforcement of access rights on Android. Each application will be repackaged by this system, so that the access to selected private data is restricted for the outer world. The system intercepts the system calls using Aurasium framework and adds an innovative approach of tracking the information flows from the privacy-sensitive sources using tainting mechanism without need of administrator rights. There has been designed file-level and data-level taint propagation and policy enforcement based on Android binder.
引用
收藏
页码:141 / 148
页数:8
相关论文
共 50 条
[41]   Network Security Challenges in Android Applications [J].
Buhov, Damjan ;
Huber, Markus ;
Merzdovnik, Georg ;
Weippl, Edgar ;
Dimitrova, Vesna .
PROCEEDINGS 10TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY ARES 2015, 2015, :327-332
[42]   Controlling Interactions with Libraries in Android Apps Through Runtime Enforcement [J].
Riganelli, Oliviero ;
Micucci, Daniela ;
Mariani, Leonardo .
ACM TRANSACTIONS ON AUTONOMOUS AND ADAPTIVE SYSTEMS, 2019, 14 (02)
[43]   SafeCandy: System for security, analysis and validation in Android [J].
Londono, Sebastian ;
Camilo Urcuqui, Christian ;
Navarro Cadavid, Andres ;
Fuentes Amaya, Manuel ;
Gomez, Johan .
SISTEMAS & TELEMATICA, 2015, 13 (35) :89-102
[44]   A security framework for mHealth apps on Android platform [J].
Hussain, Muzammil ;
Al-Haiqi, Ahmed ;
Zaidan, A. A. ;
Zaidan, B. B. ;
Kiah, M. ;
Iqbal, Salman ;
Iqbal, S. ;
Abdulnabi, Mohamed .
COMPUTERS & SECURITY, 2018, 75 :191-217
[45]   Permission based Android security: Issues and countermeasures [J].
Fang, Zheran ;
Han, Weili ;
Li, Yingjiu .
COMPUTERS & SECURITY, 2014, 43 :205-218
[46]   Security Analysis of Mobile Money Applications on Android [J].
Darvish, Hesham ;
Husain, Mohammad .
2018 IEEE INTERNATIONAL CONFERENCE ON BIG DATA (BIG DATA), 2018, :3072-3078
[47]   Enforcing Multiple Security Policies for Android System [J].
Guo, Tao ;
Zhang, Puhan ;
Liang, Hongliang ;
Shao, Shuai .
PROCEEDINGS OF THE 2ND INTERNATIONAL SYMPOSIUM ON COMPUTER, COMMUNICATION, CONTROL AND AUTOMATION, 2013, 68 :165-169
[48]   A Framework and Language Support for Dynamic Security Policy in Service-Oriented Architecture [J].
Chi Wu-Lee ;
Hwang, Gwan-Hwan .
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING, 2014, 30 (06) :1887-1903
[49]   Semantic Security: Specification and Enforcement of Semantic Policies for Security-driven Collaborations [J].
Sinnott, R. O. ;
Doherty, T. ;
Gray, N. ;
Lusted, J. .
HEALTHGRID RESEARCH, INNOVATION AND BUSINESS CASE, 2009, 147 :201-+
[50]   A Sticky Policy Framework for Big Data Security [J].
Li, Shuyu ;
Zhang, Tao ;
Gao, Jerry ;
Park, Younghee .
2015 IEEE FIRST INTERNATIONAL CONFERENCE ON BIG DATA COMPUTING SERVICE AND APPLICATIONS (BIGDATASERVICE 2015), 2015, :130-137
12345