Permission based Android security: Issues and countermeasures
Android security has been a hot spot recently in both academic research and public concerns due to numerous instances of security attacks and privacy leakage on Android platform. Android security has been built upon a permission based mechanism which restricts accesses of third-party Android applica...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2014
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/2531 https://ink.library.smu.edu.sg/context/sis_research/article/3531/viewcontent/PermissionBasedAndroidSecurity_2014.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-3531 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-35312017-02-23T05:14:41Z Permission based Android security: Issues and countermeasures FANG, Zheran HAN, Weili LI, Yingjiu Android security has been a hot spot recently in both academic research and public concerns due to numerous instances of security attacks and privacy leakage on Android platform. Android security has been built upon a permission based mechanism which restricts accesses of third-party Android applications to critical resources on an Android device. Such permission based mechanism is widely criticized for its coarse-grained control of application permissions and difficult management of permissions by developers, marketers, and end-users. In this paper, we investigate the arising issues in Android security, including coarse granularity of permissions, incompetent permission administration, insufficient permission documentation, over-claim of permissions, permission escalation attack, and TOCTOU (Time of Check to Time of Use) attack. We illustrate the relationships among these issues, and investigate the existing countermeasures to address these issues. In particular, we provide a systematic review on the development of these countermeasures, and compare them according to their technical features. Finally, we propose several methods to further mitigate the risk in Android security. 2014-06-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/2531 info:doi/10.1016/j.cose.2014.02.007 https://ink.library.smu.edu.sg/context/sis_research/article/3531/viewcontent/PermissionBasedAndroidSecurity_2014.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Android security Permission based security Access control Granularity of access control Policy administration Over-claim of permission Permission escalation attack Computer Sciences Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Android security Permission based security Access control Granularity of access control Policy administration Over-claim of permission Permission escalation attack Computer Sciences Information Security |
| spellingShingle |
Android security Permission based security Access control Granularity of access control Policy administration Over-claim of permission Permission escalation attack Computer Sciences Information Security FANG, Zheran HAN, Weili LI, Yingjiu Permission based Android security: Issues and countermeasures |
| description |
Android security has been a hot spot recently in both academic research and public concerns due to numerous instances of security attacks and privacy leakage on Android platform. Android security has been built upon a permission based mechanism which restricts accesses of third-party Android applications to critical resources on an Android device. Such permission based mechanism is widely criticized for its coarse-grained control of application permissions and difficult management of permissions by developers, marketers, and end-users. In this paper, we investigate the arising issues in Android security, including coarse granularity of permissions, incompetent permission administration, insufficient permission documentation, over-claim of permissions, permission escalation attack, and TOCTOU (Time of Check to Time of Use) attack. We illustrate the relationships among these issues, and investigate the existing countermeasures to address these issues. In particular, we provide a systematic review on the development of these countermeasures, and compare them according to their technical features. Finally, we propose several methods to further mitigate the risk in Android security. |
| format |
text |
| author |
FANG, Zheran HAN, Weili LI, Yingjiu |
| author_facet |
FANG, Zheran HAN, Weili LI, Yingjiu |
| author_sort |
FANG, Zheran |
| title |
Permission based Android security: Issues and countermeasures |
| title_short |
Permission based Android security: Issues and countermeasures |
| title_full |
Permission based Android security: Issues and countermeasures |
| title_fullStr |
Permission based Android security: Issues and countermeasures |
| title_full_unstemmed |
Permission based Android security: Issues and countermeasures |
| title_sort |
permission based android security: issues and countermeasures |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2014 |
| url |
https://ink.library.smu.edu.sg/sis_research/2531 https://ink.library.smu.edu.sg/context/sis_research/article/3531/viewcontent/PermissionBasedAndroidSecurity_2014.pdf |
| _version_ |
1770572516385882112 |