Semantically rich application-centric security in Android

Authors:
Machigar Ongtang;Stephen McLaughlin;William Enck;Patrick McDaniel
Affiliations:
Faculty of Information Technology, Dhurakijpundit University, Bangkok, 10210, Thailand;SIIS Laboratory, Department of Computer Science and Engineering, The Pennsylvania State University, University Park, PA16802, U.S.A.;Department of Computer Science, North Carolina State University, Raleigh, NC17695, U.S.A.;SIIS Laboratory, Department of Computer Science and Engineering, The Pennsylvania State University, University Park, PA16802, U.S.A.
Venue:
Security and Communication Networks
Year:
2012

Citing 9
Cited 2

Methods and Limitations of Security Policy Reconciliation

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Firewalls and Internet Security: Repelling the Wily Hacker

Firewalls and Internet Security: Repelling the Wily Hacker
A trusted mobile phone reference architecturevia secure kernel

Proceedings of the 2007 ACM workshop on Scalable trusted computing
A flexible security architecture to support third-party applications on mobile devices

Proceedings of the 2007 ACM workshop on Computer security architecture
Measuring integrity on mobile phone systems

Proceedings of the 13th ACM symposium on Access control models and technologies
Understanding Android Security

IEEE Security and Privacy
Dynamic mandatory access control for multiple stakeholders

Proceedings of the 14th ACM symposium on Access control models and technologies
On lightweight mobile phone application certification

Proceedings of the 16th ACM conference on Computer and communications security
Semantically Rich Application-Centric Security in Android

ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference

Defending users against smartphone apps: techniques and future directions

ICISS'11 Proceedings of the 7th international conference on Information Systems Security
DR BACA: dynamic role based access control for Android

Proceedings of the 29th Annual Computer Security Applications Conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

Smartphones are now ubiquitous. However, the security requirements of these relatively new systems and the applications they support are still being understood. As a result, the security infrastructure available in current smartphone operating systems is largely underdeveloped. In this paper, we consider the security requirements of smartphone applications and augment the existing Android operating system with a framework to meet them. We present Secure Application INTeraction (Saint), a modified infrastructure that governs install-time permission assignment and their run-time use as dictated by application provider policy. An in-depth description of the semantics of application policy is presented. The architecture and technical detail of Saint are given, and areas for extension, optimization, and improvement are explored. We demonstrate through a concrete example and study of real-world applications that Saint provides necessary utility for applications to assert and control the security decisions on the platform. Copyright © 2012 John Wiley & Sons, Ltd.