Mobile app security by fragmentation "MASF"

Mobile cloud computing (MCC) appears as a new computing paradigm which offers computer applications and services with high performance. MCC combines mobile computing and cloud computing, has become one of the main threads of discussion in the IT world since 2010. Smartphones are considered as the representative for the several mobile devices as they have been connected to the Internet with the rapidly growing of wireless network technology or mobile generation network (3G, 4G or 5G). Furthermore, the security presents the important challenge not just in the MCC architecture but also in the smartphone. In this paper, we focus our study in mobile application security because it considered as standard terminal used in MCC. Especially, we present the global architecture and the security of android as popular operating system for mobile phone. In our proposal design, we investigate the possibility to use the fragmentation technique with security policy strategies as access security mechanism to protect data from installed application. The paper concludes by strongly suggesting that can be as future research.

[1]  Ahmad-Reza Sadeghi,et al.  Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies , 2013, USENIX Security Symposium.

[2]  Mauro Conti,et al.  MOSES: Supporting and Enforcing Security Profiles on Smartphones , 2014, IEEE Transactions on Dependable and Secure Computing.

[3]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[4]  Nikolay Elenkov Android Security Internals: An In-Depth Guide to Android's Security Architecture , 2014 .

[5]  Mustaque Ahamad,et al.  Protecting health information on mobile devices , 2012, CODASPY '12.

[6]  J. Wenny Rahayu,et al.  Mobile cloud computing: A survey , 2013, Future Gener. Comput. Syst..

[7]  Liang Gu,et al.  Context-Aware Usage Control for Android , 2010, SecureComm.

[8]  Bruno Crispo,et al.  YAASE: Yet Another Android Security Extension , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.

[9]  Xinwen Zhang,et al.  Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[10]  Christian Jung,et al.  Context-Aware, Data-Driven Policy Enforcement for Smart Mobile Devices in Business Environments , 2012, MobiSec.

[11]  B. E. Ouahidi,et al.  MOBILE SECURITY : SECURITY MECHANISMS AND PROTECTION OF MOBILE APPLICATIONS , 2014 .

[12]  Sougata Mukherjea,et al.  Securing Enterprise Data on Smartphones Using Run Time Information Flow Control , 2012, 2012 IEEE 13th International Conference on Mobile Data Management.

[13]  Michael Backes,et al.  AppGuard — Real-time policy en- forcement for third-party applications , 2012 .

[14]  Mauro Conti,et al.  CRePE: Context-Related Policy Enforcement for Android , 2010, ISC.

[15]  Patrick D. McDaniel,et al.  Semantically Rich Application-Centric Security in Android , 2009, 2009 Annual Computer Security Applications Conference.

[16]  Brian Randell,et al.  A Framework for the Design of Secure and Reliable Applications by Fragmentation-Redundancy-Scattering , 1993 .

[17]  Mauro Conti,et al.  CRêPE: A System for Enforcing Fine-Grained Context-Related Policies on Android , 2012, IEEE Transactions on Information Forensics and Security.

[18]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[19]  Najim Ammari,et al.  Firewall Anti-Leak of Sensitive Data , 2016, ANT/SEIT.

[20]  Ahmad-Reza Sadeghi,et al.  Practical and lightweight domain isolation on Android , 2011, SPSM '11.

[21]  Alastair R. Beresford,et al.  MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.