(2013) Flexible and Fine-Grained Mandatory Access Control on Android for Diverse Security and Privacy Policies.
|
Text
bugiel13-usenix.pdf - Published Version Download (1MB) | Preview |
Abstract
In this paper we tackle the challenge of providing a generic security architecture for the Android OS that can serve as a flexible and effective ecosystem to instantiate different security solutions. In contrast to prior work our security architecture, termed FlaskDroid, provides mandatory access control simultaneously on both Android’s middleware and kernel layers. The alignment of policy enforcement on these two layers is non-trivial due to their completely different semantics. We present an efficient policy language (inspired by SELinux) tailored to the specifics of Android’s middleware semantics. We show the flexibility of our architecture by policy-driven instantiations of selected security models such as the existing work Saint as well as a new privacy-protecting, user-defined and fine-grained per-app access control model. Other possible instantiations include phone booth mode, or dual persona phone. Finally we evaluate our implementation on SE Android 4.0.4 illustrating its efficiency and effectiveness.
| Item Type: | Conference or Workshop Item (A Paper) (Paper) |
|---|---|
| Additional Information: | pub_id: 182 Bibtex: bugiel13:usenix URL date: None |
| Conference: | USENIX-Security Usenix Security Symposium |
| Depositing User: | Sebastian Weisgerber |
| Date Deposited: | 26 Jul 2017 10:29 |
| Last Modified: | 18 Jul 2019 12:11 |
| Primary Research Area: | NRA4: Secure Mobile and Autonomous Systems |
| URI: | https://publications.cispa.saarland/id/eprint/425 |
Actions
Actions (login required)
 |
View Item |