Mobile computing devices have become an essential part of everyday life and are becoming the primary means for collecting and storing sensitive personal and corporate data. Android is, by far, the dominant mobile platform, which makes its permissions model responsible for securing the vast majority of this sensitive data.
The current model falls well short of actual user needs, as permission assignments are made statically at installation time. Therefore, it is impossible to implement dynamic security policies that could be applied selectively depending on context. Users are forced to unconditionally trust installed apps without means to isolate them from sensitive data.
We describe a new approach, app sanitization, which automatically instruments apps at installation time, such that users can dynamically grant and revoke individual permissions. The main advantage of our technique is that it runs in userspace and utilizes standard aspect-oriented methods to incorporate custom security controls into the app.
| Identifer | oai:union.ndltd.org:uno.edu/oai:scholarworks.uno.edu:td-2812 |
| Date | 20 December 2013 |
| Creators | Stelly, Christopher D |
| Publisher | ScholarWorks@UNO |
| Source Sets | University of New Orleans |
| Detected Language | English |
| Type | text |
| Format | application/pdf |
| Source | University of New Orleans Theses and Dissertations |
| Rights | http://creativecommons.org/licenses/by-nc-sa/3.0/ |
Page generated in 0.149 seconds