Permission based Android security: Issues and countermeasures

Permission based Android security: Issues and countermeasures

Android security has been a hot spot recently in both academic research and public concerns due to numerous instances of security attacks and privacy leakage on Android platform. Android security has been built upon a permission based mechanism which restricts accesses of third-party Android applica...

وصف كامل

محفوظ في:
التفاصيل البيبلوغرافية
المؤلفون الرئيسيون: FANG, Zheran, HAN, Weili, LI, Yingjiu
التنسيق: text
اللغة:English
منشور في: Institutional Knowledge at Singapore Management University 2014
الموضوعات:
Android security
Permission based security
Access control
Granularity of access control
Policy administration
Over-claim of permission
Permission escalation attack
Computer Sciences
Information Security
الوصول للمادة أونلاين:https://ink.library.smu.edu.sg/sis_research/2531
https://ink.library.smu.edu.sg/context/sis_research/article/3531/viewcontent/PermissionBasedAndroidSecurity_2014.pdf
الوسوم: إضافة وسم
لا توجد وسوم, كن أول من يضع وسما على هذه التسجيلة!
المؤسسة: Singapore Management University
اللغة: English
الوصف
الملخص:Android security has been a hot spot recently in both academic research and public concerns due to numerous instances of security attacks and privacy leakage on Android platform. Android security has been built upon a permission based mechanism which restricts accesses of third-party Android applications to critical resources on an Android device. Such permission based mechanism is widely criticized for its coarse-grained control of application permissions and difficult management of permissions by developers, marketers, and end-users. In this paper, we investigate the arising issues in Android security, including coarse granularity of permissions, incompetent permission administration, insufficient permission documentation, over-claim of permissions, permission escalation attack, and TOCTOU (Time of Check to Time of Use) attack. We illustrate the relationships among these issues, and investigate the existing countermeasures to address these issues. In particular, we provide a systematic review on the development of these countermeasures, and compare them according to their technical features. Finally, we propose several methods to further mitigate the risk in Android security.

مواد مشابهة