Context Aware Dynamic Permission Model: A Retrospect of Privacy and Security in Android System

Android security has been a topic of concern lately in both academic and industrial research because of various occurrence of privacy leaks and security breach on these devices. The security model of Android operating system is based on a permission based mechanism which limits the access of any third-party application to critical resources of the mobile device. This mechanism has been broadly condemned for its coarse-grained control over system resources and inappropriate authorization of permissions by application developers, advertisers and end users. This paper inspects the emerging issues in permission based security mechanisms and proposes the concept of context aware dynamic permissions model (CAPM) for Android systems. The proposed model deals with the dynamic enforcement of permissions to a particular application according to the defined context without user's intervention. Our model assign profiles to different applications based on their functional groups and these profiles contain a set of permissions with some associated context. The context can be based upon system or sensor sources. This way, if the data is private or confidential, the permissions set ought to be stricter than usual. Our concept is unique as it associates context with permissions as opposed to the existing model of assigning permissions according to applications functionality. This concept can be proved helpful in protecting user's private data from being leaked simply by modifying the existing resource access mechanism.

[1]  Seog Park,et al.  Context-Aware Role Based Access Control Using User Relationship , 2013 .

[2]  Jacques Klein,et al.  Automatically Exploiting Potential Component Leaks in Android Applications , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[3]  Xinwen Zhang,et al.  Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[4]  Tao Guo Enforcing Multiple Security Policies for Android System * , 2013 .

[5]  Michael Backes,et al.  Android Security Framework: Enabling Generic and Extensible Access Control on Android , 2014, ArXiv.

[6]  Lubomir T. Chitkushev,et al.  DR BACA: dynamic role based access control for Android , 2013, ACSAC.

[7]  Liang Gu,et al.  Context-Aware Usage Control for Android , 2010, SecureComm.

[8]  Bernd Freisleben,et al.  Why eve and mallory love android: an analysis of android SSL (in)security , 2012, CCS.

[9]  Patrick D. McDaniel,et al.  Understanding Android Security , 2009, IEEE Security & Privacy Magazine.

[10]  Ahmad-Reza Sadeghi,et al.  Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies , 2013, USENIX Security Symposium.

[11]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[12]  Todd D. Millstein,et al.  Dr. Android and Mr. Hide: fine-grained permissions in android applications , 2012, SPSM '12.

[13]  Michael Backes,et al.  AppGuard - Fine-Grained Policy Enforcement for Untrusted Android Applications , 2013, DPM/SETOP.

[14]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[15]  Yajin Zhou,et al.  Taming Information-Stealing Smartphone Applications (on Android) , 2011, TRUST.

[16]  Yuval Elovici,et al.  Google Android: A Comprehensive Security Assessment , 2010, IEEE Security & Privacy.

[17]  Zhemin Yang,et al.  LeakMiner: Detect Information Leakage on Android with Static Taint Analysis , 2012, 2012 Third World Congress on Software Engineering.

[18]  Paul C. van Oorschot,et al.  A methodology for empirical analysis of permission-based security models and its application to android , 2010, CCS '10.

[19]  Yingjiu Li,et al.  Permission based Android security: Issues and countermeasures , 2014, Comput. Secur..

[20]  Helen J. Wang,et al.  Permission Re-Delegation: Attacks and Defenses , 2011, USENIX Security Symposium.

[21]  Juraj Varga,et al.  Presenting Risks Introduced by Android Application Permissions in a User-Friendly Way , 2014 .

[22]  Alastair R. Beresford,et al.  MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.