An extension to the Android access control framework

Huang, Qing

January 2011

Several nice hardware functionalities located at the low level of operating system on mobile phones could be utilized in a better way if they are available to application developers. With their help, developers are able to bring overall user experience to a new level in terms of developing novel applications. For instance, one of those hardware functionalities, SIM-card authentication is able to offer stronger and more convenient way of authentication when compared to the traditional approach. Replacing the username-password combination with the SIM-card authentication, users are freed from memorizing passwords. However, since normally those kinds of functionalities are locked up at the low level, they are only accessible by a few users who have been given privileged access rights. To let the normal applications be benefiting as well, they need to be made accessible at the application level. On the one hand, as we see the benefit it will bring to us, there is a clear intention to open it up, however, on the other hand, there is also a limitation resulting from their security-critical nature that needs to be placed when accessing which is restricting the access to trusted third parties. Our investigation is based on the Android platform. The problem that we have discovered is the existing security mechanism in Android is not able to satisfy every regards of requirements we mentioned above when exposing SIM-card authentication functionality. Hence, our requirement on enhancing the access control model of Android comes naturally. In order to better suit the needs, we proposed a solution White lists & Domains (WITDOM) to improve its current situation in the thesis. The proposed solution is an extension to the existing access control model in Android that allows alternative ways to specify access controls therefore complementing the existing Android security mechanisms. We have both designed and implemented the solution and the result shows that with the service that we provided, critical functionalities, such as APIs for the low-level hardware functionality can retain the same level of protection however in the meanwhile, with more flexible protection mechanism. / Social Wireless Network Secure Identification

Android

access controls

security

Computer and Information Sciences

Data- och informationsvetenskap

On the Coordinated Use of a Sleep Mode in Wireless Sensor Networks: Ripple Rendezvous

van Coppenhagen, Robert Lindenberg, robert.vancoppenhagen@dsto.defence.gov.au

January 2006

It is widely accepted that low energy consumption is the most important requirement when designing components and systems for a wireless sensor network (WSN). The greatest energy consumer of each node within a WSN is the radio transceiver and as such, it is important that this component be used in an extremely energy e±cient manner. One method of reducing the amount of energy consumed by the radio transceiver is to turn it off and allow nodes to enter a sleep mode. The algorithms that directly control the radio transceiver are traditionally grouped into the Medium Access Control (MAC) layer of a communication protocol stack. This thesis introduces the emerging field of wireless sensor networks and outlines the requirements of a MAC protocol for such a network. Current MAC protocols are reviewed in detail with a focus on how they utilize this energy saving sleep mode as well as performance problems that they suffer from. A proposed new method of coordinating the use of this sleep mode between nodes in the network is specifed and described. The proposed new protocol is analytically compared with existing protocols as well as with some fundamental performance limits. The thesis concludes with an analysis of the results as well as some recommendations for future work.

wireless sensor networks

low energy

low latency

medium access controls (MAC) protocols

sleep mode

Vers un cloud de confiance : modèles et algorithmes pour une provenance basée sur les contrôles d'accès / Towards a trusted Cloud : models and algorithms for a provenance based on access controls

Lacroix, Julien

07 December 2015

Ce document constitue l'aboutissement de trois années de thèse. Après avoir introduit et dégagé la problématique générale se rapportant à mon sujet de thèse, à savoir « comment utiliser les données de provenance pour favoriser un Cloud de confiance ? », je présente une description des concepts, modèles et langages se rapportant à ma thèse et l'état de l'art qui peut répondre en partie à cette problématique. En second lieu, je présente la solution basée sur la provenance que j'apporte aux contrôles d'accès, dans les systèmes distribués comme le Cloud : PBAC². Elle repose sur un système combinant à la fois des modèles de provenance (PROV-DM) et de contrôles d'accès (règles génériques de type RBAC avec des politiques d'embrigadement ou de réglementation). Ce système utilise un moteur d'exécution central appelé le médiateur pour renforcer la sécurité et favoriser la confiance dans le Cloud, via la vérification de règles sur une partie du graphe de provenance rétrospective qu'il a reçue. Par ailleurs, je décris l'étude que j'ai faite de trois extensions de PBAC² : (1) l'intégration de l'ontologie PROV-O et ses avantages et inconvénients quant à la taille du (sous-)graphe de provenance reçu par le médiateur ; (2) la construction de l'adaptation de PBAC² avec l'approche de sécurité qu'est la réglementation; (3) la traduction des règles PBAC² en contraintes PROV-CONSTRAINTS. De plus, PBAC² est appliqué sur un exemple réaliste propre au secteur médical. Un prototype de PBAC² et une démonstration sur des exemples concrets avec une machine locale et un système de Cloud réel illustrent la portée de ce travail. En conclusion de la thèse, je propose quatre perspectives de ce travail. / This document is the culmination of three years of thesis. Having introduced and cleared the general issue related to my thesis subject, i.e. « how to use provenance data to enforce trust in the Cloud? », I present a description of the concepts, models and languages related to my thesis and the state of the art that can partially address this issue. Secondly, I present the solution based on provenance that I bring to access controls, in distributed systems such as the Cloud: PBAC². It is based on a system combining both provenance models (PROV-DM) and access controls (generic rules of RBAC type with regimentation and regulation policies). This system uses a central execution engine denoted the mediator to enforce security and foster trust in the Cloud, via rule checking over a part of the retrospective provenance graph it received. Furthermore, I describe the study I made of three PBAC² extensions: (1) the integration of the PROV-O ontology and its pros and cons regarding the size of the (sub)graph received by the mediator; (2) the construction of the PBAC² adaptation with the regulation security approach; (3) the translation of PBAC² rules into PROV CONSTRAINTS constraints. Moreover, PBAC² is applied to a realistic example that belongs to the healthcare sector. A PBAC² prototype and a demonstration on some practical examples with a local machine and a real Cloud system illustrate the scope of this work. In conclusion of the thesis, I propose four perspectives of this work.

Cloud

Provenance

Prov

Rétrospective

Confiance

Contrôles d'accès

Rbac

Embrigadement vs réglementation

Cloud

Provenance

Prov

Retrospective

Trust

Access controls

Rbac

Regimentation vs regulation

AspectKE*: Security aspects with program analysis for distributed systems

Fan, Yang, Masuhara, Hidehiko, Aotani, Tomoyuki, Nielson, Flemming, Nielson, Hanne Riis

January 2010

Enforcing security policies to distributed systems is difficult, in particular, when a system contains untrusted components. We designed AspectKE*, a distributed AOP language based on a tuple space, to tackle this issue. In AspectKE*, aspects can enforce access control policies that depend on future behavior of running processes. One of the key language features is the predicates and functions that extract results of static program analysis, which are useful for defining security aspects that have to know about future behavior of a program. AspectKE* also provides a novel variable binding mechanism for pointcuts, so that pointcuts can uniformly specify join points based on both static and dynamic information about the program. Our implementation strategy performs fundamental static analysis at load-time, so as to retain runtime overheads minimal. We implemented a compiler for AspectKE*, and demonstrate usefulness of AspectKE* through a security aspect for a distributed chat system.

aspect oriented programming

program analysis

security policies

distributed systems

tuple spaces

Data processing Computer science

Language Constructs and Features (E.2)

Abstract data types

Classes and objects (NEW)

Concurrent programming structures

Constraints (NEW)

Control structures

Coroutines

Data types and structures

Dynamic storage management

Frameworks (NEW)

Inheritance (NEW)

Input/output

Modules, packages

Patterns (NEW)

Polymorphism (NEW)

Procedures, functions, and subroutines

Recursion

Security and Protection (K.6.5)

Access controls

Authentication

Cryptographic controls

Information flow controls

Security kernels**

Verification**

Algebraic approaches to semantics

Denotational semantics

Operational semantics

Partial evaluation (NEW)

Process models (NEW)

Program analysis (NEW)