Publication Type

Journal Article

Version

acceptedVersion

Publication Date

7-2017

Abstract

Android’s permission system offers an all-or-nothing choice when installing an app. To make it more flexible and fine-grained, users may choose a popular app tool, called permission manager, to selectively grant or revoke an app’s permissions at runtime. A fundamental requirement for such permission manager is that the granted or revoked permissions should be enforced faithfully. However, we discover that none of existing permission managers meet this requirement due to permission leaks, in which an unprivileged app can exercise certain permissions which are revoked or not-granted through communicating with a privileged app. To address this problem, we propose a secure, usable, and transparent OS-level middleware for any permission manager to defend against the permission leaks. The middleware is provably secure in a sense that it can effectively block all possible permission leaks. The middleware is designed to have a minimal impact on the usability of running apps. In addition, the middleware is transparent to users and app developers and it requires minor modifications on permission managers and Android OS. Finally, our evaluation shows that the middleware incurs relatively low performance overhead and power consumption.

Keywords

Androids, Humanoid robots, Middleware, Smart phones, Runtime, Read only memory, Power line communications

Discipline

Information Security

Research Areas

Cybersecurity

Publication

IEEE Transactions on Dependable and Secure Computing

Volume

14

Issue

4

First Page

350

Last Page

362

ISSN

1545-5971

Identifier

10.1109/TDSC.2015.2479613

Publisher

Institute of Electrical and Electronics Engineers (IEEE)

Comments

Available online 17 September 2015

Additional URL

http://doi.org/10.1109/TDSC.2015.2479613

Download

Share

COinS