A secure, usable, and transparent middleware for permission managers on Android
Android’s permission system offers an all-or-nothing choice when installing an app. To make it more flexible and fine-grained, users may choose a popular app tool, called permission manager, to selectively grant or revoke an app’s permissions at runtime. A fundamental requirement for such permission...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2017
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/3379 https://ink.library.smu.edu.sg/context/sis_research/article/4380/viewcontent/Asecure_usable_andtransparentmiddlewareforpermissionmanagersonAndroid.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-4380 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-43802020-01-21T06:58:13Z A secure, usable, and transparent middleware for permission managers on Android WANG, Daibin YAO, Haixia Yingjiu LI, JIN, Hai ZOU, Deqing DENG, Robert H. Android’s permission system offers an all-or-nothing choice when installing an app. To make it more flexible and fine-grained, users may choose a popular app tool, called permission manager, to selectively grant or revoke an app’s permissions at runtime. A fundamental requirement for such permission manager is that the granted or revoked permissions should be enforced faithfully. However, we discover that none of existing permission managers meet this requirement due to permission leaks, in which an unprivileged app can exercise certain permissions which are revoked or not-granted through communicating with a privileged app. To address this problem, we propose a secure, usable, and transparent OS-level middleware for any permission manager to defend against the permission leaks. The middleware is provably secure in a sense that it can effectively block all possible permission leaks. The middleware is designed to have a minimal impact on the usability of running apps. In addition, the middleware is transparent to users and app developers and it requires minor modifications on permission managers and Android OS. Finally, our evaluation shows that the middleware incurs relatively low performance overhead and power consumption. 2017-07-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/3379 info:doi/10.1109/TDSC.2015.2479613 https://ink.library.smu.edu.sg/context/sis_research/article/4380/viewcontent/Asecure_usable_andtransparentmiddlewareforpermissionmanagersonAndroid.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Androids Humanoid robots Middleware Smart phones Runtime Read only memory Power line communications Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Androids Humanoid robots Middleware Smart phones Runtime Read only memory Power line communications Information Security |
| spellingShingle |
Androids Humanoid robots Middleware Smart phones Runtime Read only memory Power line communications Information Security WANG, Daibin YAO, Haixia Yingjiu LI, JIN, Hai ZOU, Deqing DENG, Robert H. A secure, usable, and transparent middleware for permission managers on Android |
| description |
Android’s permission system offers an all-or-nothing choice when installing an app. To make it more flexible and fine-grained, users may choose a popular app tool, called permission manager, to selectively grant or revoke an app’s permissions at runtime. A fundamental requirement for such permission manager is that the granted or revoked permissions should be enforced faithfully. However, we discover that none of existing permission managers meet this requirement due to permission leaks, in which an unprivileged app can exercise certain permissions which are revoked or not-granted through communicating with a privileged app. To address this problem, we propose a secure, usable, and transparent OS-level middleware for any permission manager to defend against the permission leaks. The middleware is provably secure in a sense that it can effectively block all possible permission leaks. The middleware is designed to have a minimal impact on the usability of running apps. In addition, the middleware is transparent to users and app developers and it requires minor modifications on permission managers and Android OS. Finally, our evaluation shows that the middleware incurs relatively low performance overhead and power consumption. |
| format |
text |
| author |
WANG, Daibin YAO, Haixia Yingjiu LI, JIN, Hai ZOU, Deqing DENG, Robert H. |
| author_facet |
WANG, Daibin YAO, Haixia Yingjiu LI, JIN, Hai ZOU, Deqing DENG, Robert H. |
| author_sort |
WANG, Daibin |
| title |
A secure, usable, and transparent middleware for permission managers on Android |
| title_short |
A secure, usable, and transparent middleware for permission managers on Android |
| title_full |
A secure, usable, and transparent middleware for permission managers on Android |
| title_fullStr |
A secure, usable, and transparent middleware for permission managers on Android |
| title_full_unstemmed |
A secure, usable, and transparent middleware for permission managers on Android |
| title_sort |
secure, usable, and transparent middleware for permission managers on android |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2017 |
| url |
https://ink.library.smu.edu.sg/sis_research/3379 https://ink.library.smu.edu.sg/context/sis_research/article/4380/viewcontent/Asecure_usable_andtransparentmiddlewareforpermissionmanagersonAndroid.pdf |
| _version_ |
1770573151207424000 |