CoDRA: Context-based dynamically reconfigurable access control system for android

Abstract

We present, CoDRA, an access control system for Android that offers context-based dynamically configurable restrictions, fine-granular policy and ability to enforce various policy configurations at different levels of system operation. The fine grained policy and policy diversification are achieved through the application of context based on resource features. Policies are established and classified, as system-wide and application-wise, after careful examination on application activities. The dynamic generation and enforcement of policies enables greater protection for open resources, e.g., sensors. CoDRA enforces different policy configuration on user basis through its integration of multiuser support in Android. A simple graphical control panel is provided for policy administration. CoDRA performance and overhead were analysed by testing 55 popular applications in Nexus 5 and 9 devices. The results proved that CoDRA successfully fulfilled its objectives by introducing 1–20ms executional overhead. It occupied about 800kB memory for policy storage and 5kB of memory for every additional user context space. The evaluation also proved that the tested applications did not exhibit any adverse effects during execution even with full restriction, and higher granularity in policies.