Flexible data-driven security for Android

Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012

Volumn , Issue , 2012, Pages 41-50

  Feth, Denis ^a   Pretschner, Alexander ^b  

^a FRAUNHOFER IESE   (Germany)

^b KARLSRUHE INSTITUTE OF TECHNOLOGY   (Germany)

Author keywords

Access control; Android; Information flow; Security; Usage control

Indexed keywords

ACCESS RULES; ANDROID; CARDINALITIES; INFORMATION FLOWS; SECURITY; SECURITY AND PERFORMANCE; USAGE CONTROL;

ACCESS CONTROL; ROBOTS; SOFTWARE RELIABILITY;

DIGITAL STORAGE;

EID: 84866700087     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SERE.2012.14     Document Type: Conference Paper

References (31)

1. Adobe livecycle rights management es. http://www.adobe.com/products/ livecycle/rightsmanagement/indepth.html, Aug. 2010.
2. G. Bai, L. Gu, T. Feng, Y. Guo, and X. Chen. Context-aware usage control for android. In SecureComm, pages 326-343, 2010.
3. D. Barrera, H. Kayacik, P. van Oorschot, and A. Somayaji. A methodology for empirical analysis of permission-based security models and its application to android. In Proceedings of the 17th ACM conference on Computer and communications security, CCS '10, pages 73-84, New York, NY, USA, 2010. ACM.
4. A. Beresford, A. Rice, and N. Skehin. Mockdroid: trading privacy for application functionality on smartphones. In Proc. 12th Workshop on Mobile Computing Systems and Applications, 2011.
5. J. Clause, W. Li, and A. Orso. Dytan: a generic dynamic taint analysis framework. In Proceedings of the 2007 international symposium on Software testing and analysis, ISSTA '07, pages 196-206, 2007.
6. L. Desmet, W. Joosen, F. Massacci, K. Naliuka, P. Philippaerts, F. Piessens, and D. Vanoverberghe. The S3MS.NET Run Time Monitor: Tool Demonstration. ENTCS, 253(5):153-159, 2009.
7. W. Enck, P. Gilbert, B. Chun, L. Cox, J. Jung, P. McDaniel, and A. Sheth. Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proc. 9th USENIX Symposium on Operating Systems Design and Implementation, 2010. To appear.
8. W. Enck, M. Ongtang, and P. McDaniel. Understanding android security. Security Privacy, IEEE, 7(1):50-57, jan.-feb. 2009.
9. U. Erlingsson and F. Schneider. SASI enforcement of security policies: A retrospective. In Proc. New Security Paradigms Workshop, pages 87-95, 1999.
10. Gartner. http://www.gartner.com/it/page.jsp?id=1848514, November 2011.
11. C. Hammer and G. Snelting. Flow-sensitive, contextsensitive, and object-sensitive information flow control based on program dependence graphs. Int. J. Inf. Sec., 8(6):399-422, 2009.
12. M. Harvan and A. Pretschner. State-based Usage Control Enforcement with Data Flow Tracking using System Call Interposition. In Proc. 3rd Intl. Conf. on Network and System Security, pages 373-380, 2009.
13. K. Havelund and G. Rosu. Efficient monitoring of safety properties. Int. J. Softw. Tools Technol. Transf., 6, Aug 2004.
14. M. Hilty, A. Pretschner, D. Basin, C. Schaefer, and T. Walter. A policy language for distributed usage control. In Proc. ESORICS, pages 531-546, 2007.
15. I. Ion, B. Dragovic, and B. Crispo. Extending the Java Virtual Machine to Enforce Fine-Grained Security Policies in Mobile Devices. In Proc. Annual Computer Security Applications Conference, pages 233-242. IEEE Computer Society, 2007.
16. P. Kumari, A. Pretschner, J. Peschla, and J.-M. Kuhn. Distributed data usage control for web applications: a social network implementation. In Proceedings of the first ACM conference on Data and application security and privacy, CODASPY '11, pages 85-96, 2011.
17. MASTER consortium. MASTER Deliverable 5.1.1: Security Enforcement Language. http://www.master-fp7.eu/, Apr. 2010.
18. Microsoft. Windows Rights Management Services. http://www.microsoft.com/ windowsserver2008/en/us/ad-rms-overview.aspx, 2010.
19. M. Nauman and S. Khan. Design and implementation of a fine-grained resource usage model for the android platform. Int. Arab J. Inf. Technol., 8(4):440-448, 2011.
20. J. Newsome and D. X. Song. Dynamic taint analysis for automatic detection, analysis, and signaturegeneration of exploits on commodity software. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2005, San Diego, California, USA, 2005.
21. M. Ongtang, K. Butler, and P. McDaniel. Porscha: policy oriented secure content handling in android. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC '10, pages 221-230, New York, NY, USA, 2010. ACM.
22. M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel. Semantically rich application-centric security in android. In Computer Security Applications Conference, 2009. ACSAC '09. Annual, pages 340 -349, dec. 2009.
23. J. Park and R. Sandhu. The UCON ABC usage control model. ACM Trans. Inf. Syst. Secur., 7(1):128-174, 2004.
24. G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos. Paranoid android: versatile protection for smartphones. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC '10, pages 347-356, New York, NY, USA, 2010. ACM.
25. A. Pretschner, M. Buechler, M. Harvan, C. Schaefer, and T. Walter. Usage control enforcement with data flow tracking for x11. In Proc. 5th Intl. Workshop on Security and Trust Management, pages 124-137, 2009.
26. A. Pretschner, M. Hilty, and D. Basin. Distributed usage control. Commun. ACM, 49(9):39-44, 2006.
27. A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev, and C. Glezer. Google android: A comprehensive security assessment. Security Privacy, IEEE, 8(2):35-44, march-april 2010.
28. D. X. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. G. Kang, Z. Liang, J. Newsome, P. Poosankam, and P. Saxena. Bitblaze: A new approach to computer security via binary analysis. In ICISS, pages 1-25, 2008.
29. T. Vennon and D. Stroop. Threat analysis of the android market, 2010. http://www.globalthreatcenter.com/wp-content/uploads/2010/06/ Android-Market-Threat-Analysis-6-22-10-v1.pdf.
30. B. Yee, D. Sehr, G. Dardyk, J. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar. Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In Proc IEEE Symposium on Security and Privacy, pages 79-93, 2009.
31. Y. Zhou, X. Zhang, X. Jiang, and V. Freeh. Taming information-stealing smartphone applications (on android). In 4th International Conference on Trust and Trustworthy Computing, Pittsburgh, Pa., 2011.