126 Hits in 5.3 sec

ASM: A Programmable Interface for Extending Android Security

Stephan Heuser, Adwait Nadkarni, William Enck, Ahmad-Reza Sadeghi
2014 USENIX Security Symposium  
We propose the Android Security Modules (ASM) framework, which provides a programmable interface for defining new reference monitors for Android.  ...  The Android OS in particular has seen over a dozen research proposals for security enhancements. This paper seeks to promote OS security extensibility in the Android OS.  ...  Conclusion This paper has presented the Android Security Modules framework as a programmable interface for extending Android's security.  ... 
dblp:conf/uss/HeuserNES14 fatcat:phxuzcdtandu3j64wpg5hondv4

CA-ARBAC: privacy preserving using context-aware role-based access control on Android permission system

J. Abdella, M. Özuysal, E. Tomur
2016 Security and Communication Networks  
As a proof of concept, we have developed a prototype application called context-aware Android role-based access control.  ...  Although our model can be used for all mobile platforms, we use Android platform to demonstrate our system.  ...  Acknowledgement Juhar Abdella has been supported by a YTB scholarship during his thesis studies.  ... 
doi:10.1002/sec.1750 fatcat:fonm5cnfqbfpppbharhgk6sapu

A Simple Face-based Mobile Security System Design for Android Phone Protection

Alabi A., Ogundoyin I.
2017 International Journal of Computer Applications  
etc. with a view to causing mayhem; a scenario that calls for a more secured mode of phone access for protection sake.  ...  The design was made in such a way that security info was sent to a designated Email for necessary action whenever an illegal attempt is noticed on the mobile phone.  ...  In [11] , a programmable Interface for extending Androids security which was based on a framework known as Android Security Modules (ASM) was developed by studying the authorization hook requirements  ... 
doi:10.5120/ijca2017913233 fatcat:do3vhrjnyvexvo2r64snoybwpi

Boxify: Full-fledged App Sandboxing for Stock Android

Michael Backes, Sven Bugiel, Christian Hammer, Oliver Schranz, Philipp von Styp-Rekowsky
2015 USENIX Security Symposium  
We present the first concept for full-fledged app sandboxing on stock Android.  ...  A systematic evaluation of Boxify demonstrates its capability to enforce established security policies without incurring a significant runtime performance overhead.  ...  We present further security models from related work on OS security extensions that we integrated at this layer in §5.4 and for future work we consider a programmable interface for extending Core Logic  ... 
dblp:conf/uss/0001B0SS15 fatcat:fmfok5azqnhsrkyoadmseu2rpy


Eran Tromer, Roei Schuster
2016 Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security - ASIA CCS '16  
We observe that the typical structure of Android apps offers an opportunity for a novel and effective application of IFC.  ...  In Android, an app consists of a collection of a few dozen "components", each in charge of some high-level functionality. Most components do not require access to most resources.  ...  To define a global object, a programmer has to define an interface for the remote object, the remote interface, and separately, an implementation.  ... 
doi:10.1145/2897845.2897888 dblp:conf/ccs/TromerS16 fatcat:6u5ypffusbdvrejrvuxzimxxsi

Practical, Formal Synthesis and Automatic Enforcement of Security Policies for Android

Hamid Bagheri, Alireza Sadeghi, Reyhaneh Jabbarvand, Sam Malek
2016 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)  
As the dominant mobile computing platform, Android has become a prime target for cyber-security attacks.  ...  It then uses a constraint solver to synthesize possible security exploits, from which fine-grained security policies are derived and automatically enforced to protect a given device.  ...  While this work is concerned with the design and implementation of a programmable interface for defining new reference monitors, it does not consider the problem that we address, the automation of synthesizing  ... 
doi:10.1109/dsn.2016.53 dblp:conf/dsn/BagheriSBM16 fatcat:q4rqzejtmva45lcpl3sk475jwu

DelDroid: An automated approach for determination and enforcement of least-privilege architecture in android

Mahmoud Hammad, Hamid Bagheri, Sam Malek
2019 Journal of Systems and Software  
Security of such systems is an increasingly important concern. Android relies on a permission model to secure the system's resources and apps.  ...  Android is widely used for the development and deployment of autonomous and smart systems, including software targeted for IoT and mobile devices.  ...  supported in part by awards CCF-1755890 , CCF-1618132 and CCF-1252644 from the National Science Foundation , W911NF-09-1-0273 from the Army Research Office , HSHQDC-14-C-B0040 from the Department of Homeland Security  ... 
doi:10.1016/j.jss.2018.11.049 fatcat:5toq3nkhefdz5eeobpulxt575a

Putting LTE Security Functions to the Test: A Framework to Evaluate Implementation Correctness

David Rupprecht, Kai Jansen, Christina Pöpper
2016 Workshop on Offensive Technologies  
It is todays communication technology for mobile Internet as well as considered for the use in critical infrastructure, making it an attractive target to a wide range of attacks.  ...  We outline several countermeasures to cope with these vulnerabilities and make proposals for a long-term solution.  ...  .P2 Android 5.1  ... 
dblp:conf/woot/RupprechtJP16 fatcat:73ua5ikz5zdadi7bzkzkl3jmom

A privacy-preserving authentication service using mobile devices

Mihai Togan, Bogdan Chifor, Ionut Florea, George Gugulea
2019 Zenodo  
The scope is to provide a secure device-to-service authentication once the human-to-device authorization is established.  ...  The paper proposes a privacy preserving attribute-based access control protocol to realize the authentication of the user to a restricted service using his mobile device.  ...  Acknowledgements This work has been partially funded by the European Commission in part of the ReCRED project (Horizon H2020 Framework Programme of the European Union under GA number 653417).  ... 
doi:10.5281/zenodo.2556605 fatcat:orqth5iqh5djhi2qo4ouvzcmri

Checking Intent-based Communication in Android with Intent Space Analysis

Yiming Jing, Gail-Joon Ahn, Adam Doupé, Jeong Hyun Yi
2016 Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security - ASIA CCS '16  
We evaluate our approach against customized Android OSs and commodity Android devices.  ...  Intent space analysis formulates the intent forwarding functionalities of security extensions as transformations on a geometric intent space.  ...  Acknowledgements This work was partially supported by the grants from Global Research Laboratory Project through National Research Foundation (NRF-2014K1A1A2043029) and the Center for Cybersecurity and  ... 
doi:10.1145/2897845.2897904 dblp:conf/ccs/JingADY16 fatcat:iddv2k7owjgd3hbwnj24wrxd3q

TrustICE: Hardware-Assisted Isolated Computing Environments on Mobile Devices

He Sun, Kun Sun, Yuewu Wang, Jiwu Jing, Haining Wang
2015 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks  
It is a challenge to protect secure code from a malicious mobile OS. ARM TrustZone technology can protect secure code in a secure domain from an untrusted normal domain.  ...  TrustICE securely isolates the secure code in an ICE from an untrusted Rich OS in the normal domain.  ...  Second, we implement a trusted user interface containing a touchscreen driver and a wireless communication driver for users to interact with the ICE.  ... 
doi:10.1109/dsn.2015.11 dblp:conf/dsn/SunSWJW15 fatcat:qharcdjt3rbdbe4ovnys2trd4u

AppShield: Enabling Multi-entity Access Control Cross Platforms for Mobile App Management [chapter]

Zhengyang Qu, Guanyu Guo, Zhengyue Shao, Vaibhav Rastogi, Yan Chen, Hao Chen, Wangjun Hong
2017 Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering  
The fully functional controller with data proxy is implemented for both Android and iOS. AppShield allows for enterprise policy management without modifying device OS.  ...  As for functionalities, a BYOD solution should isolate an arbitrary number of entities, such as those relating to business and personal uses and provide fine-grained access control on multi-entity management  ...  Similarly, ASM [27] provides a programmable interface for API hooking, which can also be leveraged to implement user-level access control. RBAC Vaidya et al.  ... 
doi:10.1007/978-3-319-59608-2_1 fatcat:tmlogodjhvd4dmhlf7dvwksisu

Bringing java's wild native world under control

Mengtao Sun, Gang Tan, Joseph Siefers, Bin Zeng, Greg Morrisett
2013 ACM Transactions on Privacy and Security  
We introduce a security framework that extends Java's security model and brings native code under control.  ...  In one implementation, the security framework is integrated into a Java Virtual Machine (JVM).  ...  ACKNOWLEDGMENTS We thank Mark Seaborn for explaining the NaCl implementation. We thank Martin Hirzel for suggesting the JVMTI approach for native-code sandboxing.  ... 
doi:10.1145/2535505 fatcat:w2hjxwbverdntar5d6wep2djtq

Stateful Data Usage Control for Android Mobile Devices

Aliaksandr Lazouski, Fabio Martinelli, Paolo Mori, Andrea Saracino
2016 International Journal of Information Security  
This paper details the proposed approach, defines the architecture and the workflow of the main functionalities of the proposed framework, describes the implementation of a working prototype for Android  ...  by proper security policies.  ...  The system has not been implemented on smartphones or tablet, but on a programmable board running the Android operative system.  ... 
doi:10.1007/s10207-016-0336-y fatcat:lh7hmundrjdulc3yafgmmebmhy

Towards cross-platform cross-language analysis with soot

Steven Arzt, Tobias Kussmaul, Eric Bodden
2016 Proceedings of the 5th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis - SOAP 2016  
Many tools have been created for Java and Android. In this paper, we present a first step toward re-using the existing Soot framework and its analyses for other platforms.  ...  A case study demonstrates the detection of real-world malware that uses CIL code inside an Android app to hide its behavior.  ...  Due to the great market share of Android (more than 80%), most mobile malware is developed for Android.  ... 
doi:10.1145/2931021.2931022 dblp:conf/pldi/ArztKB16 fatcat:vn65hcn2inesphvpsaefbk3fke
« Previous Showing results 1 — 15 out of 126 results