Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints
Android is the first mass-produced consumer-market open source mobile platform that allows developers to easily cre ate applications and users to readily install them. However, giving users the ability to install third-party applications poses serious security concerns. While the existing security mechanism in Android allows a mobile phone user to see which resources an application requires, she has no choice but to allow access to all the requested permissions if she wishes to use the applications. There is no way of granting some permissions and denying others. Moreover, there is no way of restricting the usage of resources based on runtime constraints such as the location of the device or the number of times a resource has been previously used. In this paper, we present Apex - a policy enforcement framework for An droid that allows a user to selectively grant permissions to applications as well as impose constraints on the usage of re sources. We also describe an extended package installer that allows the user to set these constraints through an easy-to use interface. Our enforcement framework is implemented through a minimal change to the existing Android code base and is backward compatible with the current security mech anism.
Mobile platforms Android Policy Framework Constraints
Mohammad Nauman Sohail Khan Xinwen Zhang
Institute of Management Sciences, Pakistan School of Electrical Engineering and Computer Science, NUST Pakistan Samsung Information Systems America, USA
国际会议
北京
英文
328-332
2010-04-13(万方平台首次上网日期,不代表论文的发表时间)