JOURNAL BROWSE
Search
Advanced SearchSearch Tips
Mandatory Access Control for Android Application Security
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
  • Journal title : Journal of KIISE
  • Volume 43, Issue 3,  2016, pp.275-288
  • Publisher : Korean Institute of Information Scientists and Engineers
  • DOI : 10.5626/JOK.2016.43.3.275
 Title & Authors
Mandatory Access Control for Android Application Security
Na, June-sung; Kim, Do-Yun; Pak, Wooguil; Choi, Young-June;
 
 Abstract
In this paper, we investigate the security issues of the Android platform which dominates the global market of smart mobile devices. The current permission model for Android security is not powerful and has two problems. One is the coarse-grained relationship between permissions and methods which require them. The other is that mobile users do not have rights to control the permissions of the application. To solve these problems, we propose MacDroid which can control the platform's resources for accessing installed applications. Users can control the application's behavior via MacDroid's policy. We have divided the permission set into method units. The results of the performance test using a pure Android platform show that our proposed scheme can improve security within a short time.
 Keywords
mobile security;mobile platform security;Android security;mandatory access control;
 Language
Korean
 Cited by
 References
1.
Google Android [Online]. Available: http://www.android.com

2.
International Data Corporation (IDC) http://www.idc.com/prodserv/smartphone-os-market-share.jsp.

3.
Y. Zhou and X. Jiang, Dissecting Android Malware: Characte rization and Evolution, Dissecting Android Malware: Charact erization and Evolution, Proc. of IEEE Symposium on Security and Privacy, 2012.

4.
Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, Hey, "You, Get off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets," Proc. of the 19th Annual Symposium on Network and Distributed System Security, 2012.

5.
Ahnlab blog, "Explosive increase in Android malicious code," [Online]. Available: http://blog.ahnlab.com/asec/i/entry/547?TSSESSIONblogahnlabcom=1e4d4dde4b62504416d640071c0d1367, 2011.

6.
Di Cerbo, F. Girardello, A, Michahelles, F, and Voronkova, S. Detection of malicious applications on android os. Computational Forensics, pp. 138-149, 2010.

7.
Xu, R, Saidi, H, and Anderson, R., "Aurasium: Practical Policy Enforcement for Android Applications," USENIX Security Symposium, pp. 539-552, Aug. 2012.

8.
Android Malware Repository [Online]. Available: https://sites.google.com/site/androidmalrepo/home

9.
K. Harsha, Bharath M. Palavalli, Shrisha Rao, Ashwin Ashwin, "Lothlorien: Mandatory Access Control using Linux Security Modules," Proc. of the 3rd IEEE international conference on Internet multimedia services architecture and applications, pp. 211-216, 2009.

10.
Song Hyeongju, Kim Taeyeon, Park Jihun, Lee Baek, Lim Giyeong, "Inside Android," Wikibooks, pp. 411-424, 2011.

11.
Bartel, A, Klein, J, Le Traon, Y, and Monperrus, M., "Automatically securing permission-based software by reducing the attack surface: An application to android," Proc. of the 27th IEEE/ACM International Conference on Automated Software Engineering, pp. 274-277, Sep. 2012.

12.
Bousquet, A, Briffaut, J, Clevy, L, Toinard, C, and Venelle, B., "Mandatory Access Control for the Android Dalvik Virtual Machine," 2013-USENIX Federated Conferences, ESOS: Workshop on Embedded Self-Organizing Systems, Jun. 2013.

13.
Smalley, Stephen, and Robert Craig, "Security Enhanced (SE) Android: Bringing Flexible MAC to Android," NDSS, Vol. 310, Feb. 2013.

14.
Bugiel, S., Heuser, S. and Sadeghi, A. R., "Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies," Usenix security, pp. 131-146, Aug. 2014.

15.
Backes, M., Bugiel, S, Gerling, S, and von Styp-Rekowsky, P., "Android security framework: Enabling generic and extensible access control on android," arXiv preprint arXiv, pp. 1404.1395, 2014.

16.
Zhauniarovich, Y, Russello, G, Conti, M., Crispo, B. and Fernandes, E., "MOSES: supporting and enforcing security profiles on smartphones," Dependable and Secure Computing, IEEE Transactions on, Vol. 11, No. 3, pp. 211-223, 2014. crossref(new window)

17.
Enck, W, Gilbert, P, Han, S, Tendulkar, V, Chun, B. G, Cox, L. P. and Sheth, A. N., "TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones," ACM Transactions on Computer Systems (TOCS), Vol. 32, No. 2, 2014.

18.
Felt, A. P., Chin, E., Hanna, S., Song, D., and Wagner, D., "Android permissions demystified," Proc. of the 18th ACM conference on Computer and communications security, pp. 627-638, Oct. 2011.

19.
Chin, E, Felt, A. P, Greenwood, K, and Wagner, D, "Analyzing Inter-Application Communication in Android," Proc. of the 9th international conference on Mobile systems, applications, and services, pp. 239-252. 2011.

20.
James Steele, Neison To, "The Android Developer's Cookbook," Pearson Education, Inc. pp. 243, 2010.

21.
Bartel, A, Klein, J, Le Traon, Y, and Monperrus, M, "Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android," Proc. of the 27th IEEE/ACM International Conference On Automated Software Engineering, 2012.

22.
Vidas, T, Christin, N, and Cranor, L, "Curbing Android Permission Creep," Proc. of the 2011 Web 2.0 Security and Privacy Workshop (W2SP 2011), Oakland, CA. 2011.

23.
Android snippets. Encript/Decrypt Strings [Online]. Available: http://www.androidsnippets.com/encryptdecrypt-strings