Abstract

In Android systems, sensitive information associated with system permission is exposed to the application completely once it gains the permission. To solve this problem, this article presents a fine-grained access control framework for sensitive information based on eXtensible Access Control Markup Language data flow model. In this framework, a user can define access policies for each application and resource and the application’s access request to sensitive information is evaluated by these policies. Therefore, all access requests must comply with the security policy irrespective of whether they have gained the permission associated with the information. This helps to protect sensitive data outside the Android permission mechanism. In order to facilitate users to manage policies, the proposed framework implements automatic policy generation and policy conflict detection functions. The framework is implemented in TaintDroid and experiments indicate that the improvement is effective in achieving fine-grained access control to sensitive information and does not adversely affect the system overhead costs.

Highlights

  • With the development of the Internet of things, the functions of sensor nodes are becoming more and more powerful.[1,2] Many smart sensor nodes are designed based on embedded systems, and Android, as an embedded operating system, is playing an increasingly important role in the Internet of things

  • Once an app gains permission, whether it is obtaining private data or using information illegally, the users are helpless in this scenario. Aiming at this limitation of Android, this article presents a fine-grained access control framework for Android based on an eXtensible Access Control

  • Research on Android security can be classified into two directions

Read more

Summary

Introduction

With the development of the Internet of things, the functions of sensor nodes are becoming more and more powerful.[1,2] Many smart sensor nodes are designed based on embedded systems, and Android, as an embedded operating system, is playing an increasingly important role in the Internet of things. In Android systems, several applications (apps) abuse permissions to access sensitive information and maliciously use user privacy data sometimes without their knowledge. Permissions required by the app are manually granted by the user through an alert dialog This mechanism has solved the problem of permission abuse to a certain extent; it will never be eliminated. Once an app gains permission, whether it is obtaining private data or using information illegally, the users are helpless in this scenario. Aiming at this limitation of Android, this article presents a fine-grained access control framework for Android based on an eXtensible Access Control

Related work
Conclusion
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call