DefDroid: Securing Android with Fine-Grained Security Policy
نویسندگان
چکیده
Android occupies the absolute dominant position in mobile operating system and has the largest market share. Meanwhile, Android faces the risk of malicious insiders leaking sensitive information. In this paper, we present DefDroid, a repackaging tool for enforcing security policies by modifying Android applications without root privilege. The main advantages of DefDroid are that it provides a user-friendly interface to configure fine-grained policies and it supplies multiple deployment methods. We have implemented policies aimed at three types of services of Android system, i.e., content provider, file system, and network. We choose 74 arbitrary applications from Android market and the experimental results show that the successful rate of repackaging applications is about 94.6% which effectively improve the privacy security of Android system while the increased overhead can be tolerated. Keywords—Android; permission restriction; repackage; bytecode
منابع مشابه
Towards a Framework for Android Security Modules: Extending SE Android Type Enforcement to Android Middleware
Smartphones and tablets have become an integral part of our daily life. They increasingly store and process security and privacy sensitive data which makes them attractive targets for attackers. In particular for the popular Android OS, a number of security extensions have been proposed that target specific security and privacy problems caused by Android’s lack of a fine-grained, dynamic and sy...
متن کاملFlexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies
In this paper we tackle the challenge of providing a generic security architecture for the Android OS that can serve as a flexible and effective ecosystem to instantiate different security solutions. In contrast to prior work our security architecture, termed FlaskDroid, provides mandatory access control simultaneously on both Android’s middleware and kernel layers. The alignment of policy enfo...
متن کاملOn the Security and Engineering Implications of Finer-Grained Access Controls for Android Developers and Users
One of the main security mechanisms in Android is the permission system. Previous research has pointed out that this system is too coarse-grained. Hence, several mechanisms have been proposed to address this issue. However, to date, the impact of changes in the current permission system on both end users and software developers has not been studied, and no significant work has been done to dete...
متن کاملContext-Aware Usage Control for Android
The security of smart phones is increasingly important due to their rapid popularity. Mobile computing on smart phones introduces many new characteristics such as personalization, mobility, pay-for-service and limited resources. These features require additional privacy protection and resource usage constraints in addition to the security and privacy concerns on traditional computers. As one of...
متن کاملCRêPE: A System for Enforcing Fine-Grained Context-Related Policies on Android
Current smartphone systems allow the user to use only marginally contextual information to specify the behavior of the applications: this hinders the wide adoption of this technology to its full potential. In this paper, we fill this gap by proposing CRêPE, a fine-grained Context-Related Policy Enforcement System for Android. While the concept of context-related access control is not new, this ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2015