An Effective Access Control Scheme for Preventing Permission Leak in Android

被引:0
|
作者
Wu, Longfei [1 ]
Du, Xiaojiang [1 ]
Zhang, Hongli [2 ]
机构
[1] Temple Univ, Dept Comp & Informat Sci, Philadelphia, PA 19122 USA
[2] Harbin Inst Technol, Sch Comp Sci & Technol, Harbin 150001, Peoples R China
来源
2015 INTERNATIONAL CONFERENCE ON COMPUTING, NETWORKING AND COMMUNICATIONS (ICNC) | 2015年
关键词
Permission leak; access control; smartphone security;
D O I
暂无
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
In the Android system, each application runs in its own sandbox, and the permission mechanism is used to enforce access control to the system APIs and applications. However, permission leak could happen when an application without certain permission illegally gain access to protected resources through other privileged applications. We propose SPAC, a component-level system permission based access control scheme that can help developers better secure the public components of their applications. In the SPAC scheme, obscure custom permissions are replaced by explicit system permissions. We extend current permission checking mechanism so that multiple permissions are supported on component level. SPAC has been implemented on a Nexus 4 smartphone, and our evaluation demonstrates its effectiveness in mitigating permission leak vulnerabilities.
引用
收藏
页码:57 / 61
页数:5
相关论文
共 50 条
  • [31] DPC:A Dynamic Permission Control Mechanism for Android Third-Party Libraries
    Hsu, Fu-Hau
    Liu, Nien-Chi
    Hwang, Yan-Ling
    Liu, Che-Hao
    Wang, Chuan-Sheng
    Chen, Chang-Yi
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2021, 18 (04) : 1751 - 1761
  • [32] XDroid: An Android Permission Control Using Hidden Markov Chain and Online Learning
    Rashidi, Bahman
    Fung, Carol
    2016 IEEE CONFERENCE ON COMMUNICATIONS AND NETWORK SECURITY (CNS), 2016, : 46 - 54
  • [33] CA-ARBAC: privacy preserving using context-aware role-based access control on Android permission system
    Abdella, J.
    Ozuysal, M.
    Tomur, E.
    SECURITY AND COMMUNICATION NETWORKS, 2016, 9 (18) : 5977 - 5995
  • [34] (Short Paper) Method for Preventing Suspicious Web Access in Android WebView
    Sato, Masaya
    Imamura, Yuta
    Orito, Rintaro
    Yamauchi, Toshihiro
    ADVANCES IN INFORMATION AND COMPUTER SECURITY, IWSEC 2019, 2019, 11689 : 241 - 250
  • [35] Dynamic permission access control model based on privacy protection
    Qikun Zhang
    Liang Zhu
    Kunyuan Zhao
    Yimeng Wu
    Baohua Jin
    Jianyong Li
    Yinghui Meng
    Sikang Hu
    Telecommunication Systems, 2022, 81 : 191 - 205
  • [36] Research of Permission Administration System Based on Access Control Matrix
    Li, Xiaofei
    Xie, Xusheng
    2009 INTERNATIONAL CONFERENCE ON INFORMATION MANAGEMENT, INNOVATION MANAGEMENT AND INDUSTRIAL ENGINEERING, VOL 3, PROCEEDINGS, 2009, : 496 - 498
  • [37] The Permission Management Of Access And Control Based On Role In Monitoring Platform
    Jiang, Lihua
    Zhu, Aixia
    PROCEEDINGS OF THE 2ND INTERNATIONAL CONFERENCE ON ADVANCES IN MECHANICAL ENGINEERING AND INDUSTRIAL INFORMATICS (AMEII 2016), 2016, 73 : 1575 - 1580
  • [38] Dynamic permission access control model based on privacy protection
    Zhang, Qikun
    Zhu, Liang
    Zhao, Kunyuan
    Wu, Yimeng
    Jin, Baohua
    Li, Jianyong
    Meng, Yinghui
    Hu, Sikang
    TELECOMMUNICATION SYSTEMS, 2022, 81 (02) : 191 - 205
  • [39] Access Control System: a Cost Effective Protection Scheme for Fiber Fault Identification
    Premadi, Aswir
    Ab-Rahman, Mohammad Syuhaimi
    Aziz, Siti Asma Che
    Jumari, Kasmiran
    PROCEEDINGS OF THE 2009 INTERNATIONAL CONFERENCE ON SIGNAL ACQUISITION AND PROCESSING, 2009, : 57 - 60
  • [40] LHSC: An Effective Dynamic Key Management Scheme for Linear Hierarchical Access Control
    Odelu, Vanga
    Das, Ashok Kumar
    Goswami, Adrijit
    2013 FIFTH INTERNATIONAL CONFERENCE ON COMMUNICATION SYSTEMS AND NETWORKS (COMSNETS), 2013,
12345