A lattice model of secure information flow
Communications of the ACM
Identity-Based Encryption from the Weil Pairing
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Toward Hierarchical Identity-Based Encryption
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Digital Rights Management: Technological, Economic, and Legal and Political Aspects (Lecture Notes in Computer Science, 2770)
Secure key issuing in ID-based cryptography
ACSW Frontiers '04 Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Dytan: a generic dynamic taint analysis framework
Proceedings of the 2007 international symposium on Software testing and analysis
Linux kernel integrity measurement using contextual inspection
Proceedings of the 2007 ACM workshop on Scalable trusted computing
Panorama: capturing system-wide information flow for malware detection and analysis
Proceedings of the 14th ACM conference on Computer and communications security
WiSec '08 Proceedings of the first ACM conference on Wireless network security
Measuring integrity on mobile phone systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Security for Telecommunications Networks
Security for Telecommunications Networks
Dynamic mandatory access control for multiple stakeholders
Proceedings of the 14th ACM symposium on Access control models and technologies
Securing Mobile Phone Calls with Identity-Based Cryptography
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Semantically Rich Application-Centric Security in Android
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Certificate-based encryption and the certificate revocation problem
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Enforcing spatial constraints for mobile RBAC systems
Proceedings of the 15th ACM symposium on Access control models and technologies
Securing Android-Powered Mobile Devices Using SELinux
IEEE Security and Privacy
A practical-time related-key attack on the KASUMI cryptosystem used in GSM and 3G telephony
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Device-enabled authorization in the grey system
ISC'05 Proceedings of the 8th international conference on Information Security
An efficient identity-based cryptosystem for end-to-end mobile security
IEEE Transactions on Wireless Communications
A study of android application security
SEC'11 Proceedings of the 20th USENIX conference on Security
Practical and lightweight domain isolation on Android
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
DRMFS: A file system layer for transparent access semantics of DRM-protected contents
Journal of Systems and Software
Defending users against smartphone apps: techniques and future directions
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Constroid: data-centric access control for android
Proceedings of the 27th Annual ACM Symposium on Applied Computing
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
Dr. Android and Mr. Hide: fine-grained permissions in android applications
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Information Security Tech. Report
Supporting visual security cues for WebView-based Android apps
Proceedings of the 28th Annual ACM Symposium on Applied Computing
SEC'13 Proceedings of the 22nd USENIX conference on Security
Transforming high-level requirements to executable policies for Android
Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication
| Hi-index | 0.00 |
The penetration of cellular networks worldwide and emergence of smart phones has led to a revolution in mobile content. Users consume diverse content when, for example, exchanging photos, playing games, browsing websites, and viewing multimedia. Current phone platforms provide protections for user privacy, the cellular radio, and the integrity of the OS itself. However, few offer protections to protect the content once it enters the phone. For example, MP3-based MMS or photo content placed on Android smart phones can be extracted and shared with impunity. In this paper, we explore the requirements and enforcement of digital rights management (DRM) policy on smart phones. An analysis of the Android market shows that DRM services should ensure: a) protected content is accessible only by authorized phones b) content is only accessible by provider-endorsed applications, and c) access is regulated by contextual constraints, e.g., used for a limited time, a maximum number of viewings, etc. The Porscha system developed in this work places content proxies and reference monitors within the Android middleware to enforce DRM policies embedded in received content. A pilot study controlling content obtained over SMS, MMS, and email illustrates the expressibility and enforcement of Porscha policies. Our experiments demonstrate that Porscha is expressive enough to articulate needed DRM policies and that their enforcement has limited impact on performance.