Contextual Policy Enforcement in Android Applications with Permission Event Graphs
نویسندگان
چکیده
ion Phase Verification Phase Apps Permission Event Graph Conformance or counterexamples Policies Approach Overview Case Study: Geotag "Mark location of your photos" Case Study: Geotag "Mark location of your photos" Case Study: Geotag "Mark location of your photos" Case Study: SMS Replicator Secret A spyware that secretly forwards every SMS to another number. Case Study: SMS Replicator Secret A spyware that secretly forwards every SMS to another number.
منابع مشابه
Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework
The Android framework utilizes a permission-based security model, which is essentially a variation of the ACL-based access control mechanism. This security model provides controlled access to various system resources. Access control systems are known to be vulnerable to anomalies in security policies, such as inconsistency. In this work, we focus on inconsistent security enforcement within the ...
متن کاملAnalysis of Permission-based Security in Android through Policy Expert, Developer, and End User Perspectives
Being one of the major operating system in smartphone industry, security in Android is paramount importance to end users. Android applications are published through Google Play Store which is an official marketplace for Android. If we have to define the current security policy implemented by Google Play Store for publishing Android applications in one sentence then we can write it as “all are s...
متن کاملA Temporal Permission Analysis and Enforcement Framework for Android
Permission-induced attacks, i.e., security breaches enabled by permission misuse, are among the most critical and frequent issues threatening the security of Android devices. By ignoring the temporal aspects of an attack during the analysis and enforcement, the state-of-the-art approaches aimed at protecting the users against such attacks are prone to have low-coverage in detection and highdisr...
متن کاملFineDroid: Enforcing Permissions with System-Wide Application Execution Context
To protect sensitive resources from unauthorized use, modern mobile systems, such as Android and iOS, design a permission-based access control model. However, current model could not enforce fine-grained control over the dynamic permission use contexts, causing two severe security problems. First, any code package in an application could use the granted permissions, inducing attackers to embed ...
متن کاملOn the Security and Engineering Implications of Finer-Grained Access Controls for Android Developers and Users
One of the main security mechanisms in Android is the permission system. Previous research has pointed out that this system is too coarse-grained. Hence, several mechanisms have been proposed to address this issue. However, to date, the impact of changes in the current permission system on both end users and software developers has not been studied, and no significant work has been done to dete...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013