Leveraging access control mechanism of Android smartphone using context-related role-based access control model

The revolution of mobile phones era has brought the innovative smartphones technology. As a result, research addressing information access in smartphones environment has proliferated. The important feature of smartphones is to restrict the behavior of users using applications and services to a certain level and the existing access control mechanism on smartphones mostly holds a coarsegrained. To enhance this into fine-grained manner, it is practical to use context-related information to specify what resources and services an application should be authorized access to. This paper proposes a finer access control mechanism which is context-related role based access control (CtRBAC). CtRBAC is based on traditional role based access control by incorporating with the contextual information of user and system environment. CtRBAC categorizes the mobile phone users according to their access rights of device's resources and services. By using simple policy and context, the system fulfills necessity of existing access control mechanism.

[1]  Patrick McDaniel,et al.  Existing Applications Interactions in Android Semantically Rich Application-Centric Security in Android , 2009 .

[2]  Liang Gu,et al.  Context-Aware Usage Control for Android , 2010, SecureComm.

[3]  Yuval Elovici,et al.  Google Android: A State-of-the-Art Review of Security Mechanisms , 2009, ArXiv.

[4]  Patrick D. McDaniel,et al.  Semantically Rich Application-Centric Security in Android , 2009, 2009 Annual Computer Security Applications Conference.

[5]  Avik Chaudhuri,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[6]  Henri E. Bal,et al.  ContextDroid: an Expression-Based Context Framework for Android , 2010 .

[7]  Xinwen Zhang,et al.  Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[8]  Dong Xuan,et al.  DiffUser: Differentiated user access control on smartphones , 2009, 2009 IEEE 6th International Conference on Mobile Adhoc and Sensor Systems.

[9]  J. Foster,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[10]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[11]  Patrick D. McDaniel,et al.  Understanding Android Security , 2009, IEEE Security & Privacy Magazine.

[12]  Herbert Bos,et al.  Paranoid Android : Zero-Day Protection for Smartphones Using the Cloud , 2010 .

[13]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.