Acta Informatica Pragensia 2015, 4(3), 310-317 | DOI: 10.18267/j.aip.773092

Android Access Control Extension

Anton Balá¾, Branislav Mado¹, Michal Ambróz
Department of Computers and Informatics, Faculty of Electrical Engineering and Informatics, Technical University of Ko¹ice, Letná 9, 042 00 Ko¹ice, Slovak Republic

The main objective of this work is to analyze and extend security model of mobile devices running on Android OS. Provided security extension is a Linux kernel security module that allows the system administrator to restrict program's capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. Module supplements the traditional Android capability access control model by providing mandatory access control (MAC) based on path. This extension increases security of access to system objects in a device and allows creating security sandboxes per application.

Keywords: Android, Security, Sandbox, Policy, Profile, Access control, MAC

Received: November 1, 2015; Revised: December 20, 2015; Accepted: December 24, 2015; Published: December 31, 2015  Show citation

ACS AIP APA ASA Harvard Chicago Chicago Notes IEEE ISO690 MLA NLM Turabian Vancouver
Balá¾, A., Mado¹, B., & Ambróz, M. (2015). Android Access Control Extension. Acta Informatica Pragensia4(3), 310-317. doi: 10.18267/j.aip.77
Download citation
  • BibTeX (.bib)
  • Bookends (.ris)
  • EasyBib (.ris)
  • EndNote (.enw)
  • EndNote 8 (.xml)
  • ISI WoS (.isi)
  • Medlars (.medlars)
  • Mendeley (.ris)
  • MODS (.xml)
  • Papers (.ris)
  • RefWorks (.txt)
  • RefManager (.ris)
  • RIS (.ris)
  • MS Word (.xml)
  • Zotero (.ris)
    • Open full article

    References

    1. Barrera, D., Kayacik, H. G., van Oorschot, P. C., & Somayaji, A. (2010). A methodology for empirical analysis of permission-based security models and its application to android. In Proceedings of the 17th ACM conference on Computer and communications security (pp. 73-84). New York: ACM. doi: 10.1145/1866307.1866317 Go to original source...
    2. Bousquet, A., Briffaut, J., Clévy, L., Toinard, C., & Venelle, B. (2013). Mandatory Access Control for the Android Dalvik Virtual Machine. ESOS: Workshop on Embedded Self-Organizing Systems. Retrieved from https://www.usenix.org/conference/esos13/workshop-program/presentation/bousquet
    3. Danková, E., Ádám, N. & Jakubèo, P. (2011). An anomaly-based intrusion detection system. In Proceeding of the Electrical Engineering and Informatics II (pp. 260-264). Ko¹ice: FEI TU.
    4. Hoopes, J. (2009). Virtualization for security: including sandboxing, disaster recovery, high availability, forensic analysis, and honeypotting. New York: Elsevier.
    5. Novák, D., Ádám, N. (2012). Route planner for mobile devices. In Kollár, J. (ed.) Computer Science and Technology Research Survey. Ko¹ice: FEI TU.
    6. Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E., & Wagner, D. (2012). Android permissions: User attention, comprehension, and behavior. In Proceedings of the Eighth Symposium on Usable Privacy and Security (no. 3). New York: ACM. doi: 10.1145/2335356.2335360 Go to original source...
    7. Shan, Z., Wang, X., Chiueh, T. C., & Meng, X. (2012). Facilitating inter-application interactions for os-level virtualization. In Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments (pp. 75-86). New York: ACM. doi: 10.1145/2151024.2151036 Go to original source...
    8. Smalley, S., & Craig, R. (2013). Security Enhanced (SE) Android: Bringing Flexible MAC to Android. Retrieved from http://www.internetsociety.org/doc/security-enhanced-se-android-bringing-flexible-mac-android
    9. Spreitzenbarth, M., Freiling, F., Echtler, F., Schreck, T., & Hoffmann, J. (2013). Mobile-sandbox: having a deeper look into android applications. In Proceedings of the 28th Annual ACM Symposium on Applied Computing (pp. 1808-1815). New York: ACM. doi: 10.1145/2480362.2480701 Go to original source...
    10. Vargas, R. J. G., Huerta, R. G., Anaya, E. A., & Hernandez, A. F. M. (2012). Security controls for Android. In Proceedings of the 4th International Conference on Computational Aspects of Social Networks (pp. 212-216). New York: IEEE. doi: 10.1109/CASoN.2012.6412404 Go to original source...
    11. Vokorokos, L., Balá¾, A., & Ádám, N. (2015). Secure Web Server System Resources Utilization. Acta Polytechnica Hungarica, 12(2), 5-19. doi: 10.12700/APH.12.2.2015.2.1 Go to original source...
    12. Wagner, D., Goldberg, I., & Thomas, R. (1996). A secure environment for untrusted helper applications. In Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography. Berkeley: USENIX Association
    13. Wei, X., Gomez, L., Neamtiu, I., & Faloutsos, M. (2012). Permission evolution in the android ecosystem. In Proceedings of the 28th Annual Computer Security Applications Conference (pp. 31-40). New York: ACM. doi: 10.1145/2420950.2420956 Go to original source...
    14. Wu, L., Du, X., & Zhang, H. (2015). An effective access control scheme for preventing permission leak in Android. In Proceedings of the International Conference on Computing, Networking and Communications (pp. 57-61). IEEE. doi: 10.1109/ICCNC.2015.7069315 Go to original source...

    This is an open access article distributed under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits use, distribution, and reproduction in any medium, provided the original publication is properly cited. No use, distribution or reproduction is permitted which does not comply with these terms.


    Return to the content