Publication Details

Dynamic Security Policy Enforcement on Android

VANČO, M.; ARON, L. Dynamic Security Policy Enforcement on Android. International Journal of Security and Its Applications, 2016, vol. 2016, no. 10, p. 141-148. ISSN: 1738-9976.

Czech title

Dynamické vynucování práv na systému Android

Type

journal article

Language

English

Authors

Vančo Matúš, Ing., MSc
Aron Lukáš, Ing., Ph.D.

URL

http://www.sersc.org/journals/IJSIA/vol10_no9_2016/15.pdf

Keywords

private data, Aurasium framework, operating system, system call, binderdriver, Android security, policy enforcement, security policy

Abstract

This work presents the system for dynamic enforcement of access rights on Android.Each application will be repackaged by this system, so that the access to selected privatedata is restricted for the outer world. The system intercepts the system calls usingAurasium framework and adds an innovative approach of tracking the information flowsfrom the privacy-sensitive sources using tainting mechanism without need ofadministrator rights. There has been designed file-level and data-level taint propagationand policy enforcement based on Android binder.

Published

2016

Pages

141–148

Journal

International Journal of Security and Its Applications, vol. 2016, no. 10, ISSN 1738-9976

Book

International Journal of Security and Its Applications

Place

Daejeon

DOI

10.14257/ijsia.2016.10.9.15

UT WoS

000384818200016

EID Scopus

2-s2.0-84992091010

BibTeX

@article{BUT131023,
  author="Matúš {Vančo} and Lukáš {Aron}",
  title="Dynamic Security Policy Enforcement on Android",
  journal="International Journal of Security and Its Applications",
  year="2016",
  volume="2016",
  number="10",
  pages="141--148",
  doi="10.14257/ijsia.2016.10.9.15",
  issn="1738-9976",
  url="http://www.sersc.org/journals/IJSIA/vol10_no9_2016/15.pdf"
}