Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Selective Management of System-level Access Permission in Android-based Application

안드로이드 기반 애플리케이션의 시스템 수준 접근 권한에 대한 선택적 관리

  • Jeong, Jongmun (Department of Eco-friendly Offshore Plant FEED Engineering, Graduate School of Changwon National University) ;
  • Lee, Hoon (Department of Information & Communications Engineering, Changwon National University) ;
  • Hwang, Mintae (Department of Information & Communications Engineering, Changwon National University)
  • Received : 2015.09.17
  • Accepted : 2015.10.13
  • Published : 2016.01.31
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we propose a new method to enhance an android security by exploiting a selective management of application permission. To that purpose, we analyze behavior of the current android security, via which we draw out possible vulnerabilities. After that, we develop a tool to implement the selective management of the application permission, witch has a function to give a permission selectively for the application when we install a new application. Via experiment we show validity of the developed tool in solving the drawn vulnerability in the current android security.

본 논문에서는 안드로이드의 보안체계 강화를 위한 애플리케이션 권한의 선택적 관리방안에 대해 새로운 방법을 제안하였다. 먼저 기존의 안드로이드의 보안 체계에 대해 분석하고 발생 가능한 취약점을 도출하였다. 이어서 도출된 취약점을 해결하기 위한 방안으로서 애플리케이션 권한을 선택적으로 관리하는 툴을 구현하였다. 이 툴은 애플리케이션을 설치할 때 반드시 허용해야 하는 애플리케이션 권한을 선택적으로 허용하여 필요한 권한만 가지게 하는 기능을 가지고 있다. 구현한 관리 도구를 이용한 실험을 통하여 개발된 툴이 안드로이드의 시스템 레벨 보안 강화에 도움이 됨을 입증하였다.

Keywords

References

  1. Doug Olenlck. (2015, May). Apple iOS And Google Android Smartphone Market Share Flattening: IDC [Internet]. Available: http://www.forbes.com/sites/dougolenick/2015/05/27/apple-ios-and-google-android-smartphone-market-share-flattening-idc/.
  2. Intel Security. (2015, May). McAfee Labs Threat Report [Internet]. Available: http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q1-2015.pdf.
  3. Taizo Sueyasu, "Application permission model and its management in a new version of Android M," Nikkei Communications, pp. 46-47, Jul. 2015.
  4. Dongmin Kim, Heeyoul Kim, "A Novel Android Permission Model Based on User's Policies," The Journal of Korean Institute of Information Technology, vol. 12, no. 5, pp. 101-106, May. 2014.
  5. Youngdong Kim, Ikhwan Kim, Taehyoun Kim, "Analysis of Usage Patterns and Security Vulnerabilities in Android Permissions and Broadcast Intent Mechanism," Korea Institute of Information Security and Cryptology, vol. 22, no. 5, pp. 1145-1157, Oct. 2012.
  6. Jongmun Jeong, Hoon Lee, Mintae Hwang, "A Study on Vulnerability of Information Security for Android-based Mobile System," Proc. of electronics and communications symposium, vol.4, no.1, pp.99-102, June 2015.
  7. Daeil Yang, Information Security Introduction. Hanbit Academy Inc., ch. 7, pp. 323-342, 2013.
  8. Univercity of Seoul Industry Cooperation Foundation, Analysis of Android Mobile Platform Security Model, Korea Internet & Security Agency, Ch. 4, pp. 74-126, Aug. 2010.
  9. Android Developers. [Internet]. Available: http://developer.android.com/guide/topics/manifest/manifes t-element.html.
  10. Min Jae Jo, Ji Sun Shin, "Study on Security Vulnerabilities of Implicit Intents in Android," Korea Institute of Information Security and Cryptology, vol. 24, no. 6, pp. 1175-1184, Dec. 2014. https://doi.org/10.13089/JKIISC.2014.24.6.1175
  11. Android Developers. Verifying App Behavior on the Android Runtime (ART) [Internet]. Available: http://developer.android.com/guide/practices/verifying-apps-art.html.
  12. Android Open Source Project. ART and Dalvik [Internet]. Available: https://source.android.com/devices/tech/dalvik/.
  13. Android Developers. Android 5.0 Behavior Changes [Internet]. Available: https://developer.android.com/about/versions/android-5.0-changes.html.
  14. Android Developers. Signing Your Applications [Internet]. Available: https://developer.android.com/tools/publishing/app-signing.html.
  15. Android Developers. System Permissions [Internet]. Available:http://developer.android.com/guide/topics/security/permissions.html.
  16. Android Developers. (2015, September) Dashboards [Internet]. Available: https://developer.android.com/about/dashboards/index.html.

Cited by

  1. 안드로이드 저장소 취약점을 이용한 악성 행위 분석 및 신뢰실행환경 기반의 방어 기법 vol.31, pp.1, 2021, https://doi.org/10.13089/jkiisc.2021.31.1.73