The Effectiveness of Application Permissions
نویسندگان
چکیده
Traditional user-based permission systems assign the user’s full privileges to all applications. Modern platforms are transitioning to a new model, in which each application has a different set of permissions based on its requirements. Application permissions offer several advantages over traditional user-based permissions, but these benefits rely on the assumption that applications generally require less than full privileges. We explore whether that assumption is realistic, which provides insight into the value of application permissions. We perform case studies on two platforms with application permissions, the Google Chrome extension system and the Android OS. We collect the permission requirements of a large set of Google Chrome extensions and Android applications. From this data, we evaluate whether application permissions are effective at protecting users. Our results indicate that application permissions can have a positive impact on system security when applications’ permission requirements are declared upfront by the developer, but can be improved.
منابع مشابه
ریسک سنج: ابزاری برای سنجش دقیق میزان ریسک امنیتی برنامهها در دستگاههای همراه
Nowadays smartphones and tablets are widely used due to their various capabilities and features for end users. In these devices, accessing a wide range of services and sensitive information including private personal data, contact list, geolocation, sending and receiving messages, accessing social networks and etc. are provided via numerous application programs. These types of accessibilities, ...
متن کاملیک سامانه مدیریت دسترسی برای کاهش تهدیدهای عملیاتی در سامانه اسکادا
One of the most dangerous insider threats in a supervisory control and data acquisition (SCADA) system is the operational threat. An operational threat occurs when an authorized operator misuses the permissions, and brings catastrophic damages by sending legitimate control commands. Providing too many permissions may backfire, when an operator wrongly or deliberately abuses the privileges. Ther...
متن کاملThe Effectiveness of Install-Time Permission Systems for Third-Party Applications
In many modern development platforms, application permissions control third-party access to sensitive parts of the API (e.g., the camera or microphone). We study install-time permissions, which the user grants to applications during installation; different applications can receive different installtime permissions. Install-time permissions offer several advantages over traditional user-based pe...
متن کاملGenerating various contexts from permissions for testing Android applications
Context-awareness of mobile applications yields several issues for testing, since the mobile applications should be testable in any environment and with any contextual input. In previous studies of testing for Android applications as eventdriven systems, many researchers have focused on using the generated test cases considering only GUI events. However, it is difficult to detect failures in th...
متن کاملA Permission verification approach for android mobile applications
Mobile applications build part of their security and privacy on a declarative permission model. In this approach mobile applications, to get access to sensitive resources, have to define the corresponding permissions in a manifest. However, mobile applications may request access to permissions that they do not require for their execution (over-privileges) and offer opportunities to malicious so...
متن کامل