论文信息 - Fine-Grained Access Control on Android Through Behavior Monitoring

Fine-Grained Access Control on Android Through Behavior Monitoring

Google’s Android platform includes a permission system that protects privileged resources from applications’ abuse, such as Internet, Location, and Telephony. The permission system has great importance to the privacy security for users, but it is coarse grained that applications will have broader access than they actually require. In our paper, we design and implement a system with fine-grained access control of the privileged resources on Android. The system will contain two main modules: Behavior Monitor Module and Behavior Decision Module. The former will closely monitor the applications’ behavior such as attempting to access a user’s private data, send SMS, and access network. The latter will notify the user to make the decision for the application’s behavior and store the user’s decision. Experiments show that the system has a fine-grained access control through behavior monitoring.

Kun Wang | Tao Song | Alei Liang | Ximing Tang

[1] Ross J. Anderson,et al. Aurasium: Practical Policy Enforcement for Android Applications , 2012, USENIX Security Symposium.

[2] Todd D. Millstein,et al. Dr. Android and Mr. Hide: fine-grained permissions in android applications , 2012, SPSM '12.

[3] Todd Millstein,et al. Dr. Android and Mr. Hide: Fine-grained security policies on unmodified Android , 2011 .

[4] Jacques Klein,et al. Improving Privacy on Android Smartphones Through In-Vivo Bytecode Instrumentation , 2012, ArXiv.

[5] Wenliang Du,et al. On the effectiveness of API-level access control using bytecode rewriting in Android , 2013, ASIA CCS '13.

[6] Seungyeop Han,et al. These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[7] Todd Millstein,et al. Application-centric security policies on unmodified Android , 2011 .

[8] Xinwen Zhang,et al. Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.