Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers

Research Article

FineDroid: Enforcing Permissions with System-Wide Application Execution Context

Download
441 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-28865-9_1,
        author={Yuan Zhang and Min Yang and Guofei Gu and Hao Chen},
        title={FineDroid: Enforcing Permissions with System-Wide Application Execution Context},
        proceedings={Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2016},
        month={2},
        keywords={Permission enforcement Application context Policy framework},
        doi={10.1007/978-3-319-28865-9_1}
    }
    
  • Yuan Zhang
    Min Yang
    Guofei Gu
    Hao Chen
    Year: 2016
    FineDroid: Enforcing Permissions with System-Wide Application Execution Context
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-28865-9_1
Yuan Zhang,*, Min Yang,*, Guofei Gu1,*, Hao Chen2,*
  • 1: Teax A&M University
  • 2: University of California
*Contact email: yuanxzhang@fudan.edu.cn, m_yang@fudan.edu.cn, guofei@cse.tamu.edu, chen@ucdavis.edu

Abstract

To protect sensitive resources from unauthorized use, modern mobile systems, such as Android and iOS, design a permission-based access control model. However, current model could not enforce control over the dynamic permission use contexts, causing two severe security problems. First, any code package in an application could use the granted permissions, inducing attackers to embed malicious payloads into benign apps. Second, the permissions granted to a benign application may be utilized by an attacker through vulnerable application interactions. Although ad hoc solutions have been proposed, none could systematically solve these two issues within a unified framework.