Apex: extending Android permission model and enforcement with user-defined runtime constraints (original) (raw)
Related papers
An Android runtime security policy enforcement framework
2010
Today, smart phone's malwares are deceptive enough to spoof itself as a legal mobile application. The front-end service of Trojans is attractive enough to deceive mobile users. Mobile users download similar malwares without knowing their illegitimate background threat. Unlike other vendors, Android is an open-source mobile operating system, and hence, it lacks a dedicated team to analyze the application code and decide its trustworthiness. We propose an augmented framework for Android that monitors the dynamic behavior of application during its execution. Our proposed architecture called Security Enhanced Android Framework (SEAF) validates the behavior of an application through its permissions exercising patterns. Based on the exercised permissions' combination, the mobile user is intimated about the dangerous behavior of an application. We have implemented the proposed framework within Android software stack and ported it to device. Our initial investigation shows that our solution is practical enough to be used in the consumer market.
CAPEF: Context-Aware Policy Enforcement Framework for Android Applications
Journal of Engineering Research and Sciences
The notion of Context-Awareness of mobile applications is drawing more attention, where many applications need to adapt to physical environments of users and devices, such as location, time, connectivity, resources, etc. While these adaptive features can facilitate better communication and help users to access their information anywhere at any time, this however bring risks caused by the potential loss, misuse, or leak of users' confidential information. Therefore, a flexible policy-based access control system is needed to monitor critical functions executed by Android applications, especially, those requiring access to user's sensitive and crucial information. This paper introduces CAPEF, which is a policy specification framework that enforces context-aware inter-app security policies to mitigate privacy leakage across different Android applications. It also, provides an instrumentation framework to effectively enforce different behaviors based on automated context-aware policies to each Android application individually without modifying the underlying platform. Accordingly, the modified applications will be forced to communicate with our centralized policy engine to avoid any malware collusion that occur without the users' awareness. Experiments conducted on CAPEF shows an effective performance on the size of the enforced application after the instrumentation. The average size added was 705 bytes, which is about 0.063% of the size of the original applications, which is significantly small compared to other existing enforcement approaches. Also, we have denoted that the size and the execution time of the policy increases whenever the policies become more complex.
CRePE: context-related policy enforcement for android
Information Security, 2011
Most of the research work for enforcing security policies on smartphones considered coarse-grained policies, e.g. either to allow an application to run or not. In this paper we present CRePE, the first system that is able to enforce fine-grained policies, e.g. that vary while an application is running, that also depend on the context of the smartphone. A context can be defined by the status of some variables (e.g. location, time, temperature, noise, and light), the presence of other devices, a particular interaction between the user and the smartphone, or a combination of these. CRePE allows context-related policies to be defined either by the user or by trusted third parties. Depending on the authorization, third parties can set a policy on a smartphone at any moment or just when the phone is within a particular context, e.g. within a building, or a plane.
Modeling and enhancing Android’s permission system
2012
Several works have recently shown that Android's security architecture cannot prevent many undesired behaviors that compromise the integrity of applications and the privacy of their data. This paper makes two main contributions to the body of research on Android security: first, it develops a formal framework for analyzing Android-style security mechanisms; and, second, it describes the design and implementation of Sorbet, an enforcement system that enables developers to use permissions to specify secrecy and integrity policies.
2015 IEEE 28th Computer Security Foundations Symposium, 2015
The Android Security Framework controls the executions of applications through permissions which are statically granted by the user during installation. However, the definition of security policies over permissions is not supported. Security policies must be therefore manually encoded into the application by the developer, which is a dangerous practice and may cause security breaches. We propose an improvement over the Android permission system that supports the specification and enforcement of fine-grained security policies. Enforcement is achieved by reducing policy decision problems to propositional satisfiability and leveraging a state-of-the-art SAT solver. Unlike alternative proposals, our approach does not require changes in the operating system and, therefore, it can be readily deployed in any commercial device.
Security Constraint System for Android Devices
The applications that we use in our mobile devices often access sensitive data and resources. But when the users data has been misused due to some malicious applications which may lead to leakage of sensitive data and also reflect in privacy. An example is a malicious application records users banking details. The problem starts when the user have installed the application by granting all the privileges on which the user have no control on operating the features. To avoid this problem we propose a context based access control system by which a user can activate and deactivate some of the applications that are already present in the users mobile based on the context that is provided. It can also perform its action in a particular location by using GPS, Wi-Fi etc.. based on the context that is provided by the user. We have preformed many experiments for accessing the data in a particular location based on context.
CRêPE: A System for Enforcing Fine-Grained Context-Related Policies on Android
IEEE Transactions on Information Forensics and Security, 2000
Current smartphone systems allow the user to use only marginally contextual information to specify the behaviour of the applications: this hinders the wide adoption of this technology to its full potential. In this paper, we fill this gap by proposing CRêPE, a fine-grained Context-Related Policy Enforcement System for Android. While the concept of contextrelated access control is not new, this is the first work that brings this concept into the smartphone environment. In particular, in our work a context can be defined by: the status of variables sensed by physical (low level) sensors, like time and location; additional processing on these data via software (high level) sensors; or particular interactions with the users or third parties. CRêPE allows context-related policies to be set (even at runtime) by both the user and authorized third parties locally (via an application) or remotely (via SMS, MMS, Bluetooth, and QR-code). A thorough set of experiments shows that our full implementation of CRêPE has a negligible overhead in terms of energy consumption, time, and storage, making our system ready for a production environment.
Design and Implementation of a Fine-grained Resource Usage Model for the Android Platform
2010
Android is among the new breed of smartphone software stacks. It is powerful yet friendly enough to be widely adopted by both the end users and the developer community. This adoption has led to the creation of a large number of thirdparty applications that run on top of the software stack accessing device resources and data. Users installing third party applications are provided information about which resources an application might use but have no way of restricting access to these resources if they wish to use the application. All permissions have to be granted or the application fails to install. In this paper, we present a fine-grained usage control model for Android that allows users to specify exactly what resources an application should be allowed access to. These decisions might be based on runtime constraints such as time of day or location of the device or on application attributes such as the number of SMSs already sent by the application. We give details of our implementation and describe an extended installer that provides an easy-to-use interface to the users for setting their policies. Our architecture only requires a minimal change to the existing code base and is thus compatible with the existing security mechanism. As a result, it has a high potential for adoption by the Android community at large.
Dynamic Security Policy Enforcement on Android
International Journal of Security and Its Applications, 2016
This work deals with the concepts of Android security and proposes the system for dynamic enforcement of access rights. Each suspicious application can be repackaged by this system, so that the access to selected private data is restricted for the outer world. In the first phase, interprocess communication and existing frameworks, which are capable to intercept communication between application and the operating system on the level of system calls, are explored. After that, the system is designed and developed, utilizing the possibilities of one of the compared frameworks-Aurasium framework. The system adds an innovative approach of tracking the information flows from the privacy-sensitive sources using tainting mechanism without need of administrator rights. There has been designed file-level and data-level taint propagation and policy enforcement based on Android binder.
Realization of a user-centric, privacy preserving permission framework for Android
Security and Communication Networks, 2014
Android has been steadily gaining market share, and the number of available applications is increasing at a healthy pace. Because of the myriad of third-party applications, privacy concerns are starting to surface in the community. Application developers usually request access to more system resources than are strictly required for their apps. However, the stock Android permission model does not allow users to selectively grant permissions. This is a well-known issue, but existing solutions to this problem are either too abstract or require detailed changes to the core model-making it difficult for both developers and users to accept them. In this paper, we present a fine-grained, user-centric permission model for Android that allows users to selectively grant permissions to applications that they install. Our model allows specification of permissions based on application and system attributes as well as simple yes or no policies. The model is kept as simple as possible, and its open source implementation is highly usable for the average end user. It requires minimal backward compatible changes to the core permission model and is shown to be highly efficient in terms of performance overhead. We present our model and point interested readers to our freely available changeset to help them use, evaluate, and improve our permission model.