Android Security Framework: Extensible Multi-Layered Access Control on Android

Backes, Michael and Bugiel, Sven and Gerling, Sebastian and Styp-Rekowsky, Philipp von
(2014) Android Security Framework: Extensible Multi-Layered Access Control on Android.
In: In Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC'14).
Conference: ACSAC Annual Computer Security Applications Conference

[img]
Preview
 Text
bugiel14-acsac1.pdf - Published Version
Download (2MB) | Preview

Abstract

We introduce the Android Security Framework (ASF), a generic, extensible security framework for Android that enables the development and integration of a wide spectrum of security models in form of code-based security modules. The design of ASF reflects lessons learned from the literature on established security frameworks (such as Linux Security Modules or the BSD MAC Framework) and intertwines them with the particular requirements and challenges from the design of Android’s software stack. ASF provides a novel security API that supports authors of Android security extensions in developing their modules. This overcomes the current unsatisfactory situation to provide security solutions as separate patches to the Android software stack or to embed them into Android’s mainline codebase. As a result, ASF provides different practical benefits such as a higher degree of acceptance, adaptation, and maintenance of security solutions than previously possible on Android. We present a prototypical implementation of ASF and demonstrate its effectiveness and efficiency by modularizing different security models from related work, such as context-aware access control, inlined reference monitoring, and type enforcement.

Item Type: Conference or Workshop Item (A Paper) (Paper)
Additional Information: pub_id: 143 Bibtex: BaBuGe_14:ASF URL date: None
Uncontrolled Keywords: %rp_group_m2ci_group_01,%rp_group_m2ci_group_02,cispa,group:infsec
Divisions: Michael Backes (InfSec)
Andreas Zeller (Software Engineering, ST)
Conference: ACSAC Annual Computer Security Applications Conference
Depositing User: Sebastian Weisgerber
Date Deposited: 26 Jul 2017 10:28
Last Modified: 18 Jul 2019 12:11
Primary Research Area: NRA4: Secure Mobile and Autonomous Systems
URI: https://publications.cispa.saarland/id/eprint/117

Actions

Actions (login required)

View Item View Item
CISPA is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.