Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
Protection and the control of information sharing in multics
Communications of the ACM
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Semantically Rich Application-Centric Security in Android
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Apex: extending Android permission model and enforcement with user-defined runtime constraints
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Proceedings of the 17th ACM conference on Computer and communications security
Porscha: policy oriented secure content handling in Android
Proceedings of the 26th Annual Computer Security Applications Conference
Paranoid Android: versatile protection for smartphones
Proceedings of the 26th Annual Computer Security Applications Conference
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
CRePE: context-related policy enforcement for android
ISC'10 Proceedings of the 13th international conference on Information security
Analyzing inter-application communication in Android
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
Taming information-stealing smartphone applications (on Android)
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
A study of android application security
SEC'11 Proceedings of the 20th USENIX conference on Security
Permission re-delegation: attacks and defenses
SEC'11 Proceedings of the 20th USENIX conference on Security
Quire: lightweight provenance for smart phone operating systems
SEC'11 Proceedings of the 20th USENIX conference on Security
Crowdroid: behavior-based malware detection system for Android
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Practical and lightweight domain isolation on Android
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Android permissions demystified
Proceedings of the 18th ACM conference on Computer and communications security
Proceedings of the 18th ACM conference on Computer and communications security
MockDroid: trading privacy for application functionality on smartphones
Proceedings of the 12th Workshop on Mobile Computing Systems and Applications
Aurasium: practical policy enforcement for Android applications
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Security'12 Proceedings of the 21st USENIX conference on Security symposium
AdDroid: privilege separation for applications and advertisers in Android
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
Idea: callee-site rewriting of sealed system libraries
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
AppGuard: enforcing user requirements on android apps
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
RetroSkeleton: retrofitting android apps
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
SIF: a selective instrumentation framework for mobile applications
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Sound and precise malware analysis for android via pushdown reachability and entry-point saturation
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
FireDroid: hardening security in almost-stock Android
Proceedings of the 29th Annual Computer Security Applications Conference
SEC'13 Proceedings of the 22nd USENIX conference on Security
Compac: enforce component-level access control in android
Proceedings of the 4th ACM conference on Data and application security and privacy
A taxonomy of privilege escalation attacks in Android applications
International Journal of Security and Networks
Hi-index | 0.00 |
Google's Android platform includes a permission model that protects access to sensitive capabilities, such as Internet access, GPS use, and telephony. While permissions provide an important level of security, for many applications they allow broader access than actually required. In this paper, we introduce a novel framework that addresses this issue by adding finer-grained permissions to Android. Underlying our framework is a taxonomy of four major groups of Android permissions, each of which admits some common strategies for deriving sub-permissions. We used these strategies to investigate fine-grained versions of five of the most common Android permissions, including access to the Internet, user contacts, and system settings. We then developed a suite of tools that allow these fine-grained permissions to be inferred on existing apps; to be enforced by developers on their own apps; and to be retrofitted by users on existing apps. We evaluated our tools on a set of top apps from Google Play, and found that fine-grained permissions are applicable to a wide variety of apps and that they can be retrofitted to increase security of existing apps without affecting functionality.