Professional Documents
Culture Documents
Abstract:
To protect sensitive resources from unauthorized use, modern mobile systems, such a Android and iOS,
design a permission-based access control model. However, current model could not enforce fine-grained control
over the dynamic permission use contexts, causing two severe security problems. First, any code package in an
application could use the granted permissions, inducing attackers to embed malicious payloads into benign apps.
Second, the permissions granted to a benign application may be utilized by an attacker through vulnerable
application interactions. Although ad hoc solutions have been proposed, none could systematically solve these
two issues within a unified framework. The first such framework to provide context-sensitive permission
enforcement that regular’s permission use policies according to system-wide application contexts, which cover
both intra-application context and inter-application context. We build a prototype system on Android , named
FineDroid, to track such context during the applicaton execution. To flexibly regulate the context-sensitive
permission rules, FineDroid features a policy framework that could express generic application contexts. We
demonstrate the benefits of FineDroid by instantiating several security extensions based on the policy
framework, for three potential users: end users, administrators and developers. Furthermore, FineDroid is
showed to introduce a minor overhead
FineDroid designs several techniques to The admin is the person who manages all the user
automatically track such contexts along with the application accounts as well as the information of the places is also
execution. To ease the administration of permission control
policies, FineDroid also features a policy framework which is updated by him.
general enough to express the rules for handling permission
requests in a context-sensitive manner. C. PERMISSION MANAGER:
ACKNOWLEDGMENT
4.2 PERMISSION MANAGER:
The author deeply indebted to honorable Shri
To handle a permission request, the Policy Manager A.SRINIVASAN(Founder Chairman), SHRI
module examines all the policies in the system, and then
Permission Manager could make a permission decision P.NEELRAJ(Secretary) Dhanalakshmi Srinivasan Group of
according to the action (e.g. allow or deny) specified in the Institutions, Perambalur for giving me opportunity to work
match policy. Besides, our policy language is extensible for
introducing new permission handling actions. and avail the facilities of the College Campus. The author
heartfelt and sincere thanks to Principal Dr.ARUNA
4.3 POLICY MANAGER:
DINAKARAN, Vice Principal Prof.S.H.AFROZE, HoD
Permission Manager first queries Policy Manager to
Mrs.V.VANEESWARI, (Dept. of CS & IT) Project Guide
select a policy which best matches the current application
context. If no policy matches, Permission Manager would fall Ms.R.ARUNADEVI, (Dept. of CS & IT) of Dhanalakshmi
back to the original permission enforcement mode.
Srinivasan College of Arts & Science for Women,Perambalur.
To test whether a policy could match a permission The author also thanks to parents, Family Members, Friends,
request, Policy Manager first checks the requested permission
and the requestor application. When both attributes match, Relatives for their support, freedom and motivation.
Policy Manager further compares the application context. The
application context matching is relatively slow, so we use a REFERENCES
cache to remember the context matching results. If multiple 1. Android Remains the Leader in the Smartphone Operating System
policies are found to match, Policy Manager would select the Market, Jun. 2015, [online] Available:
http://www.idc.com/getdoc.jsp?containerId=prUS24108913.
one that express the most fine-grained application context.
Policy Manager also supports adding and removing policies 2. Security Threat Report 2013, Jun. 2015, [online] Available:
to/from the system, as well as registering new action types to http://www.sophos.com/en-us/security-news-trends/reports/security-
extend the policy language. The next sect ion will show how threat-report/android-malware.aspx.
these policies can be used to refine current permission model.
3. Smalley, R. Craig, "Security enhanced (SE) Android: Bringing
flexible MAC to Android", Proc. NDSS, pp. 20-38, 2013.
4.4 PERMISSION RECORD:
In the original mode, permission requests are 4. S. Bugiel, S. Heuser, A.-R. Sadeghi, "Flexible and fine-grained
mandatory access control on Android for diverse security and privacy
handled by querying the Permission Record to grant all the policies", Proc. USENIX Secur., pp. 131-146, 2013.
permissions declared in the application manifest file. When a
5. W. Enck, M. Ongtang, P. McDaniel, "Understanding Android
matched policy is selected for the current permission request, security", IEEE Security Privacy, vol. 7, no. 1, pp. 50-57, Jan./Feb.
Permission Manager just needs to follow the action (e.g. 2009.
allow or deny) specified in the policy.
6. A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, E. Chin, "Permission
re-delegation: Attacks and defenses", Proc. USENIX Secur., pp. 22,
V. CONCLUSION 2011.
This paper presents FineDroid, which brings 7. “Sophos security threat report 2013,” http://www.sophos.com/en-us/se
curity-news-trends/reports/security-threat-report/android-
context-sensitive permission enforcement to Android. By malware.aspx.
associating each permission quest with its application context,
FineDroid provides a fine-grained permission control. The a 8. M. Grace, Y. Zhou, Z. Wang, and X. Jiang, “Systematic detection of
capability leaks in stock android smartphones,” in Proc. of NDSS ’12.
pplication context in Fine-Droid covers not only intra-
application context , but also inter-application context. To
\BIOGRAPHICAL NOTES