An Effective Access Control Scheme for Preventing Permission Leak in Android

被引:0
|
作者
Wu, Longfei [1 ]
Du, Xiaojiang [1 ]
Zhang, Hongli [2 ]
机构
[1] Temple Univ, Dept Comp & Informat Sci, Philadelphia, PA 19122 USA
[2] Harbin Inst Technol, Sch Comp Sci & Technol, Harbin 150001, Peoples R China
来源
2015 INTERNATIONAL CONFERENCE ON COMPUTING, NETWORKING AND COMMUNICATIONS (ICNC) | 2015年
关键词
Permission leak; access control; smartphone security;
D O I
暂无
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
In the Android system, each application runs in its own sandbox, and the permission mechanism is used to enforce access control to the system APIs and applications. However, permission leak could happen when an application without certain permission illegally gain access to protected resources through other privileged applications. We propose SPAC, a component-level system permission based access control scheme that can help developers better secure the public components of their applications. In the SPAC scheme, obscure custom permissions are replaced by explicit system permissions. We extend current permission checking mechanism so that multiple permissions are supported on component level. SPAC has been implemented on a Nexus 4 smartphone, and our evaluation demonstrates its effectiveness in mitigating permission leak vulnerabilities.
引用
收藏
页码:57 / 61
页数:5
相关论文
共 50 条
  • [21] The performance of system handover scheme with permission probability control
    Mori, H
    Hobayashi, H
    CCNC 2004: 1ST IEEE CONSUMER COMMUNICATIONS AND NETWORKING CONFERENCE, PROCEEDINGS: CONSUMER NETWORKING: CLOSING THE DIGITAL DIVIDE, 2004, : 116 - 121
  • [22] Risky Permission Set Based Access Control Constraint
    Tayir, Qawuljan
    Rahman, Kaysar
    Helil, Nurmamat
    2015 INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND TECHNOLOGY (ICCST 2015), 2015, : 510 - 517
  • [23] An Effective Evolutionary Analysis Scheme for Industrial Software Access Control Models
    Han, Zhuobing
    Li, Xiaohong
    Xu, Guangquan
    Xiong, Naixue
    Merlo, Ettore
    Stroulia, Eleni
    IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, 2020, 16 (02) : 1024 - 1034
  • [24] A Cost Effective Scheme for Content Verification and Access Control of Quality of an Image
    Phadikar, Amit
    Maity, Santi P.
    IEEE REGION 10 COLLOQUIUM AND THIRD INTERNATIONAL CONFERENCE ON INDUSTRIAL AND INFORMATION SYSTEMS, VOLS 1 AND 2, 2008, : 478 - +
  • [25] A secure and effective access control scheme for distributed wireless sensor networks
    Chatterjee, Santanu
    Das, Ashok Kumar
    Sing, Jamuna Kanta
    INTERNATIONAL JOURNAL OF COMMUNICATION NETWORKS AND DISTRIBUTED SYSTEMS, 2015, 14 (01) : 40 - 73
  • [26] Access Control Framework for Android System
    Guo, Tao
    Zhang, Puhan
    Liang, Hongliang
    PROCEEDINGS OF THE 1ST INTERNATIONAL WORKSHOP ON CLOUD COMPUTING AND INFORMATION SECURITY (CCIS 2013), 2013, 52 : 209 - 212
  • [27] Analysis of Access Control Enforcement in Android
    Enck, William
    SACMAT'20: PROCEEDINGS OF THE 25TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, 2020, : 117 - 118
  • [28] Mandatory Access Control for Android Application
    Na, June-seung
    Kim, Younghoon
    Choi, Young-June
    Pak, Wooguil
    2014 INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGY CONVERGENCE (ICTC), 2014, : 299 - 300
  • [29] Analysis of access control enforcement in android
    Enck, William
    Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT, 2020, : 117 - 118
  • [30] RETRACTED: A Secure Communication and Access Control Scheme for Native Libraries of Android Applications (Retracted Article)
    Liu, Pengju
    Peng, Guojun
    Fang, Jing
    SECURITY AND COMMUNICATION NETWORKS, 2022, 2022
12345