6,530 research outputs found
ConXsense - Automated Context Classification for Context-Aware Access Control
We present ConXsense, the first framework for context-aware access control on
mobile devices based on context classification. Previous context-aware access
control systems often require users to laboriously specify detailed policies or
they rely on pre-defined policies not adequately reflecting the true
preferences of users. We present the design and implementation of a
context-aware framework that uses a probabilistic approach to overcome these
deficiencies. The framework utilizes context sensing and machine learning to
automatically classify contexts according to their security and privacy-related
properties. We apply the framework to two important smartphone-related use
cases: protection against device misuse using a dynamic device lock and
protection against sensory malware. We ground our analysis on a sociological
survey examining the perceptions and concerns of users related to contextual
smartphone security and analyze the effectiveness of our approach with
real-world context data. We also demonstrate the integration of our framework
with the FlaskDroid architecture for fine-grained access control enforcement on
the Android platform.Comment: Recipient of the Best Paper Awar
The Android Platform Security Model
Android is the most widely deployed end-user focused operating system. With
its growing set of use cases encompassing communication, navigation, media
consumption, entertainment, finance, health, and access to sensors, actuators,
cameras, or microphones, its underlying security model needs to address a host
of practical threats in a wide variety of scenarios while being useful to
non-security experts. The model needs to strike a difficult balance between
security, privacy, and usability for end users, assurances for app developers,
and system performance under tight hardware constraints. While many of the
underlying design principles have implicitly informed the overall system
architecture, access control mechanisms, and mitigation techniques, the Android
security model has previously not been formally published. This paper aims to
both document the abstract model and discuss its implications. Based on a
definition of the threat model and Android ecosystem context in which it
operates, we analyze how the different security measures in past and current
Android implementations work together to mitigate these threats. There are some
special cases in applying the security model, and we discuss such deliberate
deviations from the abstract model
Device-Centric Monitoring for Mobile Device Management
The ubiquity of computing devices has led to an increased need to ensure not
only that the applications deployed on them are correct with respect to their
specifications, but also that the devices are used in an appropriate manner,
especially in situations where the device is provided by a party other than the
actual user. Much work which has been done on runtime verification for mobile
devices and operating systems is mostly application-centric, resulting in
global, device-centric properties (e.g. the user may not send more than 100
messages per day across all applications) being difficult or impossible to
verify. In this paper we present a device-centric approach to runtime verify
the device behaviour against a device policy with the different applications
acting as independent components contributing to the overall behaviour of the
device. We also present an implementation for Android devices, and evaluate it
on a number of device-centric policies, reporting the empirical results
obtained.Comment: In Proceedings FESCA 2016, arXiv:1603.0837
In-Vivo Bytecode Instrumentation for Improving Privacy on Android Smartphones in Uncertain Environments
In this paper we claim that an efficient and readily applicable means to
improve privacy of Android applications is: 1) to perform runtime monitoring by
instrumenting the application bytecode and 2) in-vivo, i.e. directly on the
smartphone. We present a tool chain to do this and present experimental results
showing that this tool chain can run on smartphones in a reasonable amount of
time and with a realistic effort. Our findings also identify challenges to be
addressed before running powerful runtime monitoring and instrumentations
directly on smartphones. We implemented two use-cases leveraging the tool
chain: BetterPermissions, a fine-grained user centric permission policy system
and AdRemover an advertisement remover. Both prototypes improve the privacy of
Android systems thanks to in-vivo bytecode instrumentation.Comment: ISBN: 978-2-87971-111-
AdSplit: Separating smartphone advertising from applications
A wide variety of smartphone applications today rely on third-party
advertising services, which provide libraries that are linked into the hosting
application. This situation is undesirable for both the application author and
the advertiser. Advertising libraries require additional permissions, resulting
in additional permission requests to users. Likewise, a malicious application
could simulate the behavior of the advertising library, forging the user's
interaction and effectively stealing money from the advertiser. This paper
describes AdSplit, where we extended Android to allow an application and its
advertising to run as separate processes, under separate user-ids, eliminating
the need for applications to request permissions on behalf of their advertising
libraries.
We also leverage mechanisms from Quire to allow the remote server to validate
the authenticity of client-side behavior. In this paper, we quantify the degree
of permission bloat caused by advertising, with a study of thousands of
downloaded apps. AdSplit automatically recompiles apps to extract their ad
services, and we measure minimal runtime overhead. We also observe that most ad
libraries just embed an HTML widget within and describe how AdSplit can be
designed with this in mind to avoid any need for ads to have native code
- …