TY - GEN
T1 - Flexible data-driven security for Android
AU - Feth, Denis
AU - Pretschner, Alexander
PY - 2012
Y1 - 2012
N2 - Android allows users to cancel the installation of apps whenever requested permissions to resources seem inappropriate from their point of view. Since permissions can neither be granted individually nor changed after installation, this results in rather coarse, and often too liberal, access rules. We propose a more fine-grained security system beyond the standard permission system. With our system, it is possible to enforce complex policies that are built on temporal, cardinality, and spatial conditions ("notify if data is used after thirty days", "blur data outside company's premises", etc.). Enforcement can be done by means of modification or inhibition of certain events and the execution of additional actions. Leveraging recent advances in information flow tracking technology, our policies can also pertain to data rather than single representations of that data. For instance, we can prohibit a movie from being played more than twice even if several copies have been created. We present design and implementation of the system and provide a security and performance analysis.
AB - Android allows users to cancel the installation of apps whenever requested permissions to resources seem inappropriate from their point of view. Since permissions can neither be granted individually nor changed after installation, this results in rather coarse, and often too liberal, access rules. We propose a more fine-grained security system beyond the standard permission system. With our system, it is possible to enforce complex policies that are built on temporal, cardinality, and spatial conditions ("notify if data is used after thirty days", "blur data outside company's premises", etc.). Enforcement can be done by means of modification or inhibition of certain events and the execution of additional actions. Leveraging recent advances in information flow tracking technology, our policies can also pertain to data rather than single representations of that data. For instance, we can prohibit a movie from being played more than twice even if several copies have been created. We present design and implementation of the system and provide a security and performance analysis.
KW - Access control
KW - Android
KW - Information flow
KW - Security
KW - Usage control
UR - http://www.scopus.com/inward/record.url?scp=84866700087&partnerID=8YFLogxK
U2 - 10.1109/SERE.2012.14
DO - 10.1109/SERE.2012.14
M3 - Conference contribution
AN - SCOPUS:84866700087
SN - 9780769547428
T3 - Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012
SP - 41
EP - 50
BT - Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012
T2 - 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012
Y2 - 20 June 2012 through 22 June 2012
ER -