An Effective Access Control Scheme for Preventing Permission Leak in Android

被引:0
|
作者
Wu, Longfei [1 ]
Du, Xiaojiang [1 ]
Zhang, Hongli [2 ]
机构
[1] Temple Univ, Dept Comp & Informat Sci, Philadelphia, PA 19122 USA
[2] Harbin Inst Technol, Sch Comp Sci & Technol, Harbin 150001, Peoples R China
来源
2015 INTERNATIONAL CONFERENCE ON COMPUTING, NETWORKING AND COMMUNICATIONS (ICNC) | 2015年
关键词
Permission leak; access control; smartphone security;
D O I
暂无
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
In the Android system, each application runs in its own sandbox, and the permission mechanism is used to enforce access control to the system APIs and applications. However, permission leak could happen when an application without certain permission illegally gain access to protected resources through other privileged applications. We propose SPAC, a component-level system permission based access control scheme that can help developers better secure the public components of their applications. In the SPAC scheme, obscure custom permissions are replaced by explicit system permissions. We extend current permission checking mechanism so that multiple permissions are supported on component level. SPAC has been implemented on a Nexus 4 smartphone, and our evaluation demonstrates its effectiveness in mitigating permission leak vulnerabilities.
引用
收藏
页码:57 / 61
页数:5
相关论文
共 50 条
  • [1] DACPCC: A Data Access Control Scheme with Access Permission for Cloud Computing
    Wang Y.-D.
    Yang J.-H.
    Yang, Jia-Hai (yang@cernet.edu.cn), 2018, Chinese Institute of Electronics (46): : 236 - 244
  • [2] Permission Token Segmentation Scheme based on Blockchain Access Control
    Shi, Jinshan
    Li, Ru
    2020 IEEE 19TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2020), 2020, : 1956 - 1964
  • [3] Towards a multilayered permission-based access control for extending Android security
    Chang, Rui
    Jiang, Liehui
    Chen, Wenzhi
    He, Hongqi
    Yang, Shuiqiao
    Jiang, Hang
    Liu, Wei
    Liu, Yong
    CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE, 2018, 30 (05):
  • [4] DroidProtector: Preventing Capability Leak of Android Applications
    Sun, Jiyuan
    Ye, Shaozhen
    Liu, Jianwei
    Shang, Tao
    Lei, Qi
    2017 INTERNATIONAL CONFERENCE ON GREEN INFORMATICS (ICGI), 2017, : 163 - 168
  • [5] Malevolent App Pairs: An Android Permission Overpassing Scheme
    Dimitriadis, Antonios
    Efraimidis, Pavlos S.
    Katos, Vasilios
    PROCEEDINGS OF THE ACM INTERNATIONAL CONFERENCE ON COMPUTING FRONTIERS (CF'16), 2016, : 431 - 436
  • [6] Accept - Maybe - Decline: Introducing Partial Consent for the Permission-based Access Control Model of Android
    Momen, Nurul
    Bock, Sven
    Fritsch, Lothar
    SACMAT'20: PROCEEDINGS OF THE 25TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, 2020, : 71 - 80
  • [7] Permission-Combination-based Scheme for Android Mobile Malware Detection
    Liang, Shuang
    Du, Xiaojiang
    2014 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC), 2014, : 2301 - 2306
  • [8] An Improved Permission Management Scheme of Android Application Based on Machine Learning
    Niu, Shaozhang
    Huang, Ruqiang
    Chen, Wenbo
    Xue, Yiming
    SECURITY AND COMMUNICATION NETWORKS, 2018,
  • [9] Dude, Ask The Experts!: Android Resource Access Permission Recommendation with RecDroid
    Rashidi, Bahman
    Fung, Carol
    Tam Vu
    PROCEEDINGS OF THE 2015 IFIP/IEEE INTERNATIONAL SYMPOSIUM ON INTEGRATED NETWORK MANAGEMENT (IM), 2015, : 296 - 304
  • [10] An Effective and Secure Access Control System Scheme in the Cloud
    Niu Shaozhang
    Tu Shanshan
    Huang Yongfeng
    CHINESE JOURNAL OF ELECTRONICS, 2015, 24 (03) : 524 - 528
12345