DOI QR코드

DOI QR Code

Selective Management of System-level Access Permission in Android-based Application

안드로이드 기반 애플리케이션의 시스템 수준 접근 권한에 대한 선택적 관리

Jeong, Jongmun;Lee, Hoon;Hwang, Mintae
정종문;이훈;황민태

  • Received : 2015.09.17
  • Accepted : 2015.10.13
  • Published : 2016.01.31

Abstract

In this paper, we propose a new method to enhance an android security by exploiting a selective management of application permission. To that purpose, we analyze behavior of the current android security, via which we draw out possible vulnerabilities. After that, we develop a tool to implement the selective management of the application permission, witch has a function to give a permission selectively for the application when we install a new application. Via experiment we show validity of the developed tool in solving the drawn vulnerability in the current android security.

Keywords

Android security;Permission management;Selective Management;System-level security

References

  1. Doug Olenlck. (2015, May). Apple iOS And Google Android Smartphone Market Share Flattening: IDC [Internet]. Available: http://www.forbes.com/sites/dougolenick/2015/05/27/apple-ios-and-google-android-smartphone-market-share-flattening-idc/.
  2. Intel Security. (2015, May). McAfee Labs Threat Report [Internet]. Available: http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q1-2015.pdf.
  3. Taizo Sueyasu, "Application permission model and its management in a new version of Android M," Nikkei Communications, pp. 46-47, Jul. 2015.
  4. Dongmin Kim, Heeyoul Kim, "A Novel Android Permission Model Based on User's Policies," The Journal of Korean Institute of Information Technology, vol. 12, no. 5, pp. 101-106, May. 2014.
  5. Youngdong Kim, Ikhwan Kim, Taehyoun Kim, "Analysis of Usage Patterns and Security Vulnerabilities in Android Permissions and Broadcast Intent Mechanism," Korea Institute of Information Security and Cryptology, vol. 22, no. 5, pp. 1145-1157, Oct. 2012.
  6. Jongmun Jeong, Hoon Lee, Mintae Hwang, "A Study on Vulnerability of Information Security for Android-based Mobile System," Proc. of electronics and communications symposium, vol.4, no.1, pp.99-102, June 2015.
  7. Daeil Yang, Information Security Introduction. Hanbit Academy Inc., ch. 7, pp. 323-342, 2013.
  8. Univercity of Seoul Industry Cooperation Foundation, Analysis of Android Mobile Platform Security Model, Korea Internet & Security Agency, Ch. 4, pp. 74-126, Aug. 2010.
  9. Android Developers. [Internet]. Available: http://developer.android.com/guide/topics/manifest/manifes t-element.html.
  10. Min Jae Jo, Ji Sun Shin, "Study on Security Vulnerabilities of Implicit Intents in Android," Korea Institute of Information Security and Cryptology, vol. 24, no. 6, pp. 1175-1184, Dec. 2014. https://doi.org/10.13089/JKIISC.2014.24.6.1175
  11. Android Developers. Verifying App Behavior on the Android Runtime (ART) [Internet]. Available: http://developer.android.com/guide/practices/verifying-apps-art.html.
  12. Android Open Source Project. ART and Dalvik [Internet]. Available: https://source.android.com/devices/tech/dalvik/.
  13. Android Developers. Android 5.0 Behavior Changes [Internet]. Available: https://developer.android.com/about/versions/android-5.0-changes.html.
  14. Android Developers. Signing Your Applications [Internet]. Available: https://developer.android.com/tools/publishing/app-signing.html.
  15. Android Developers. System Permissions [Internet]. Available:http://developer.android.com/guide/topics/security/permissions.html.
  16. Android Developers. (2015, September) Dashboards [Internet]. Available: https://developer.android.com/about/dashboards/index.html.

Acknowledgement

Supported by : Changwon National University