Dynamic Security Policy Enforcement on Android

被引:0
|
作者
Vanco, Matus [1 ]
Aron, Lukas [1 ]
机构
[1] Brno Univ Technol, Brno, Czech Republic
来源
INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS | 2016年 / 10卷 / 09期
关键词
private data; Aurasium framework; operating system; system call; binder driver; Android security; policy enforcement; security policy;
D O I
10.14257/ijsia.2016.10.9.15
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
This work presentss the system for dynamic enforcement of access rights on Android. Each application will be repackaged by this system, so that the access to selected private data is restricted for the outer world. The system intercepts the system calls using Aurasium framework and adds an innovative approach of tracking the information flows from the privacy-sensitive sources using tainting mechanism without need of administrator rights. There has been designed file-level and data-level taint propagation and policy enforcement based on Android binder.
引用
收藏
页码:141 / 148
页数:8
相关论文
共 50 条
  • [1] An Android Security Policy Enforcement Tool
    Cotterell, Kathryn
    Welch, Ian
    Chen, Aaron
    [J]. INTERNATIONAL JOURNAL OF ELECTRONICS AND TELECOMMUNICATIONS, 2015, 61 (04) : 311 - 320
  • [2] An Android runtime security policy enforcement framework
    Hammad Banuri
    Masoom Alam
    Shahryar Khan
    Jawad Manzoor
    Bahar Ali
    Yasar Khan
    Mohsin Yaseen
    Mir Nauman Tahir
    Tamleek Ali
    Quratulain Alam
    Xinwen Zhang
    [J]. Personal and Ubiquitous Computing, 2012, 16 : 631 - 641
  • [3] An Android runtime security policy enforcement framework
    Security Engineering Research Group , Institute of Management Sciences, 1-A, E-5, Phase VII, Hayatabad, Peshawar, Pakistan
    不详
    [J]. Pers. Ubiquitous Comp., 6 (631-641):
  • [4] An Android runtime security policy enforcement framework
    Banuri, Hammad
    Alam, Masoom
    Khan, Shahryar
    Manzoor, Jawad
    Ali, Bahar
    Khan, Yasar
    Yaseen, Mohsin
    Tahir, Mir Nauman
    Ali, Tamleek
    Alam, Quratulain
    Zhang, Xinwen
    [J]. PERSONAL AND UBIQUITOUS COMPUTING, 2012, 16 (06) : 631 - 641
  • [5] Formal and Automatic Security Policy Enforcement on Android Applications by Rewriting
    Ziadia, Marwa
    Mejri, Mohamed
    Fattahi, Jaouhar
    [J]. NEW TRENDS IN INTELLIGENT SOFTWARE METHODOLOGIES, TOOLS AND TECHNIQUES, 2021, 337 : 85 - 98
  • [6] Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework
    Shao, Yuru
    Ott, Jason
    Chen, Qi Alfred
    Qian, Zhiyun
    Mao, Z. Morley
    [J]. 23RD ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2016), 2016,
  • [7] SecureDroid: An Android Security Framework Extension for Context-Aware Policy Enforcement
    Arena, Valerio
    Catania, Vincenzo
    La Torre, Giuseppe
    Monteleone, Salvatore
    Ricciato, Fabio
    [J]. 2013 INTERNATIONAL CONFERENCE ON PRIVACY AND SECURITY IN MOBILE SYSTEMS (PRISMS), 2013,
  • [8] Lightweight Security Enforcement on Android Platform
    Park, Jiyeon
    Kim, Bongjae
    Min, Hong
    Cho, Yookun
    Jang, Minwoo
    Chung, Yoojin
    [J]. INFORMATION-AN INTERNATIONAL INTERDISCIPLINARY JOURNAL, 2012, 15 (07): : 2823 - 2832
  • [9] IoTGUARD: Dynamic Enforcement of Security and Safety Policy in Commodity IoT
    Celik, Z. Berkay
    Tan, Gang
    McDaniel, Patrick
    [J]. 26TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2019), 2019,
  • [10] A permission-carrying security policy and static enforcement for information flows in Android programs
    Liu, Xiaojian
    Liu, Kehong
    [J]. COMPUTERS & SECURITY, 2023, 126
12345