CICC: A Fine-grained, Semantic-aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers
Android's permission system offers an all-or-nothing installation choice for users. To make it more flexible, users may choose a popular app tool, called permission manager, to selectively grant or revoke an app's permissions at runtime. A fundamental requirement for such permission manage...
Saved in:
Main Authors: | , , , , , |
---|---|
Format: | text |
Language: | English |
Published: |
Institutional Knowledge at Singapore Management University
2015
|
Subjects: | |
Online Access: | https://ink.library.smu.edu.sg/sis_research/2881 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Singapore Management University |
Language: | English |
id |
sg-smu-ink.sis_research-3881 |
---|---|
record_format |
dspace |
spelling |
sg-smu-ink.sis_research-38812016-01-08T07:42:07Z CICC: A Fine-grained, Semantic-aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers WANG, Daibin YAO, Haixia Yingjiu LI, JIN, Hai ZOU, Deqing DENG, Robert H., Android's permission system offers an all-or-nothing installation choice for users. To make it more flexible, users may choose a popular app tool, called permission manager, to selectively grant or revoke an app's permissions at runtime. A fundamental requirement for such permission manager is that the granted or revoked permissions should be enforced faithfully. However, we discover that none of existing permission managers meet this requirement due to permission leaks. To address this problem, we propose CICC, a fine-grained, semantic-aware, and transparent approach for any permission managers to defend against the permission leaks. Compared to existing solutions, CICC is fine-grained because it detects the permission leaks using call-chain information at the component instance level, instead of at the app level or component level. The fine-grained feature enables it to generate a minimal impact on the usability of running apps. CICC is semantic-aware in a sense that it manages call-chains in the whole lifecycle of each component instance. CICC is transparent to users and app developers, and it requires minor modification to permission managers. Our evaluation shows that CICC incurs relatively low performance overhead and power consumption. 2015-06-26T07:00:00Z text https://ink.library.smu.edu.sg/sis_research/2881 info:doi/10.1145/2766498.2766518 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University permission manager permission leaks Android call-chain Computer Sciences Information Security |
institution |
Singapore Management University |
building |
SMU Libraries |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
SMU Libraries |
collection |
InK@SMU |
language |
English |
topic |
permission manager permission leaks Android call-chain Computer Sciences Information Security |
spellingShingle |
permission manager permission leaks Android call-chain Computer Sciences Information Security WANG, Daibin YAO, Haixia Yingjiu LI, JIN, Hai ZOU, Deqing DENG, Robert H., CICC: A Fine-grained, Semantic-aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers |
description |
Android's permission system offers an all-or-nothing installation choice for users. To make it more flexible, users may choose a popular app tool, called permission manager, to selectively grant or revoke an app's permissions at runtime. A fundamental requirement for such permission manager is that the granted or revoked permissions should be enforced faithfully. However, we discover that none of existing permission managers meet this requirement due to permission leaks. To address this problem, we propose CICC, a fine-grained, semantic-aware, and transparent approach for any permission managers to defend against the permission leaks. Compared to existing solutions, CICC is fine-grained because it detects the permission leaks using call-chain information at the component instance level, instead of at the app level or component level. The fine-grained feature enables it to generate a minimal impact on the usability of running apps. CICC is semantic-aware in a sense that it manages call-chains in the whole lifecycle of each component instance. CICC is transparent to users and app developers, and it requires minor modification to permission managers. Our evaluation shows that CICC incurs relatively low performance overhead and power consumption. |
format |
text |
author |
WANG, Daibin YAO, Haixia Yingjiu LI, JIN, Hai ZOU, Deqing DENG, Robert H., |
author_facet |
WANG, Daibin YAO, Haixia Yingjiu LI, JIN, Hai ZOU, Deqing DENG, Robert H., |
author_sort |
WANG, Daibin |
title |
CICC: A Fine-grained, Semantic-aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers |
title_short |
CICC: A Fine-grained, Semantic-aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers |
title_full |
CICC: A Fine-grained, Semantic-aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers |
title_fullStr |
CICC: A Fine-grained, Semantic-aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers |
title_full_unstemmed |
CICC: A Fine-grained, Semantic-aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers |
title_sort |
cicc: a fine-grained, semantic-aware, and transparent approach to preventing permission leaks for android permission managers |
publisher |
Institutional Knowledge at Singapore Management University |
publishDate |
2015 |
url |
https://ink.library.smu.edu.sg/sis_research/2881 |
_version_ |
1770572663071178752 |