CICC: A Fine-grained, Semantic-aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers

Android's permission system offers an all-or-nothing installation choice for users. To make it more flexible, users may choose a popular app tool, called permission manager, to selectively grant or revoke an app's permissions at runtime. A fundamental requirement for such permission manage...

Full description

Saved in:
Bibliographic Details
Main Authors: WANG, Daibin, YAO, Haixia, Yingjiu LI, JIN, Hai, ZOU, Deqing, DENG, Robert H.
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2015
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/2881
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-3881
record_format dspace
spelling sg-smu-ink.sis_research-38812016-01-08T07:42:07Z CICC: A Fine-grained, Semantic-aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers WANG, Daibin YAO, Haixia Yingjiu LI, JIN, Hai ZOU, Deqing DENG, Robert H., Android's permission system offers an all-or-nothing installation choice for users. To make it more flexible, users may choose a popular app tool, called permission manager, to selectively grant or revoke an app's permissions at runtime. A fundamental requirement for such permission manager is that the granted or revoked permissions should be enforced faithfully. However, we discover that none of existing permission managers meet this requirement due to permission leaks. To address this problem, we propose CICC, a fine-grained, semantic-aware, and transparent approach for any permission managers to defend against the permission leaks. Compared to existing solutions, CICC is fine-grained because it detects the permission leaks using call-chain information at the component instance level, instead of at the app level or component level. The fine-grained feature enables it to generate a minimal impact on the usability of running apps. CICC is semantic-aware in a sense that it manages call-chains in the whole lifecycle of each component instance. CICC is transparent to users and app developers, and it requires minor modification to permission managers. Our evaluation shows that CICC incurs relatively low performance overhead and power consumption. 2015-06-26T07:00:00Z text https://ink.library.smu.edu.sg/sis_research/2881 info:doi/10.1145/2766498.2766518 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University permission manager permission leaks Android call-chain Computer Sciences Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic permission manager
permission leaks
Android
call-chain
Computer Sciences
Information Security
spellingShingle permission manager
permission leaks
Android
call-chain
Computer Sciences
Information Security
WANG, Daibin
YAO, Haixia
Yingjiu LI,
JIN, Hai
ZOU, Deqing
DENG, Robert H.,
CICC: A Fine-grained, Semantic-aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers
description Android's permission system offers an all-or-nothing installation choice for users. To make it more flexible, users may choose a popular app tool, called permission manager, to selectively grant or revoke an app's permissions at runtime. A fundamental requirement for such permission manager is that the granted or revoked permissions should be enforced faithfully. However, we discover that none of existing permission managers meet this requirement due to permission leaks. To address this problem, we propose CICC, a fine-grained, semantic-aware, and transparent approach for any permission managers to defend against the permission leaks. Compared to existing solutions, CICC is fine-grained because it detects the permission leaks using call-chain information at the component instance level, instead of at the app level or component level. The fine-grained feature enables it to generate a minimal impact on the usability of running apps. CICC is semantic-aware in a sense that it manages call-chains in the whole lifecycle of each component instance. CICC is transparent to users and app developers, and it requires minor modification to permission managers. Our evaluation shows that CICC incurs relatively low performance overhead and power consumption.
format text
author WANG, Daibin
YAO, Haixia
Yingjiu LI,
JIN, Hai
ZOU, Deqing
DENG, Robert H.,
author_facet WANG, Daibin
YAO, Haixia
Yingjiu LI,
JIN, Hai
ZOU, Deqing
DENG, Robert H.,
author_sort WANG, Daibin
title CICC: A Fine-grained, Semantic-aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers
title_short CICC: A Fine-grained, Semantic-aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers
title_full CICC: A Fine-grained, Semantic-aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers
title_fullStr CICC: A Fine-grained, Semantic-aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers
title_full_unstemmed CICC: A Fine-grained, Semantic-aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers
title_sort cicc: a fine-grained, semantic-aware, and transparent approach to preventing permission leaks for android permission managers
publisher Institutional Knowledge at Singapore Management University
publishDate 2015
url https://ink.library.smu.edu.sg/sis_research/2881
_version_ 1770572663071178752