Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers

Research Article

FineDroid: Enforcing Permissions with System-Wide Application Execution Context

Download
445 downloads
Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1007/978-3-319-28865-9_1,
    author={Yuan Zhang and Min Yang and Guofei Gu and Hao Chen},
    title={FineDroid: Enforcing Permissions with System-Wide Application Execution Context},
    proceedings={Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers},
    proceedings_a={SECURECOMM},
    year={2016},
    month={2},
    keywords={Permission enforcement Application context Policy framework},
    doi={10.1007/978-3-319-28865-9_1}
}
  • Yuan Zhang
    Min Yang
    Guofei Gu
    Hao Chen
    Year: 2016
    FineDroid: Enforcing Permissions with System-Wide Application Execution Context
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-28865-9_1
Yuan Zhang,*, Min Yang,*, Guofei Gu1,*, Hao Chen2,*
  • 1: Teax A&M University
  • 2: University of California
*Contact email: yuanxzhang@fudan.edu.cn, m_yang@fudan.edu.cn, guofei@cse.tamu.edu, chen@ucdavis.edu

Abstract

To protect sensitive resources from unauthorized use, modern mobile systems, such as Android and iOS, design a permission-based access control model. However, current model could not enforce control over the dynamic permission use contexts, causing two severe security problems. First, any code package in an application could use the granted permissions, inducing attackers to embed malicious payloads into benign apps. Second, the permissions granted to a benign application may be utilized by an attacker through vulnerable application interactions. Although ad hoc solutions have been proposed, none could systematically solve these two issues within a unified framework.

Keywords
Permission enforcement Application context Policy framework
Published
2016-02-09
Appears in
SpringerLink
http://dx.doi.org/10.1007/978-3-319-28865-9_1
Copyright © 2015–2024 ICST
EAI Logo

About EAI

Community

Publish with EAI