FineDroid: Enforcing Permissions with System-Wide Application Execution Context

Yuan Zhang; Min Yang; Guofei Gu; Hao Chen

Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers

Research Article

FineDroid: Enforcing Permissions with System-Wide Application Execution Context

Download

400 downloads

Cite: BibTeX Plain Text

@INPROCEEDINGS{10.1007/978-3-319-28865-9_1,
    author={Yuan Zhang and Min Yang and Guofei Gu and Hao Chen},
    title={FineDroid: Enforcing Permissions with System-Wide Application Execution Context},
    proceedings={Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers},
    proceedings_a={SECURECOMM},
    year={2016},
    month={2},
    keywords={Permission enforcement Application context Policy framework},
    doi={10.1007/978-3-319-28865-9_1}
}

Yuan Zhang
Min Yang
Guofei Gu
Hao Chen
Year: 2016
FineDroid: Enforcing Permissions with System-Wide Application Execution Context
SECURECOMM
Springer
DOI: 10.1007/978-3-319-28865-9_1

Yuan Zhang^,*, Min Yang^,*, Guofei Gu¹^,*, Hao Chen²^,*

1: Teax A&M University
2: University of California

*Contact email: yuanxzhang@fudan.edu.cn, m_yang@fudan.edu.cn, guofei@cse.tamu.edu, chen@ucdavis.edu

Abstract

To protect sensitive resources from unauthorized use, modern mobile systems, such as Android and iOS, design a permission-based access control model. However, current model could not enforce control over the dynamic permission use contexts, causing two severe security problems. First, any code package in an application could use the granted permissions, inducing attackers to embed malicious payloads into benign apps. Second, the permissions granted to a benign application may be utilized by an attacker through vulnerable application interactions. Although ad hoc solutions have been proposed, none could systematically solve these two issues within a unified framework.

Keywords: Permission enforcement Application context Policy framework

Published: 2016-02-09
Appears in: SpringerLink

: http://dx.doi.org/10.1007/978-3-319-28865-9_1