Dynamic mandatory access control for multiple stakeholders

Rao, Vikhyath; Jaeger, Trent

doi:10.1145/1542207.1542217

Cited by 12 publications

(8 citation statements)

References 5 publications

(5 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Muthukumaran et al [15] applied SELinux security policies to Openmoko to ensure the integrity of the phone and trusted applications. In a related work, Rao et al [16] developed a mandatory access control (MAC) system for smartphones which uses input from multiple stakeholders to dynamically create the policies run-time permission assignment. The Windows Mobile .NET compact framework uses security-by-contract [17] that binds each application to a behavioral profile enforced at runtime.…”

Section: Related Workmentioning

confidence: 99%

Semantically Rich Application-Centric Security in Android

Ongtang

McLaughlin

Enck

et al. 2009

2009 Annual Computer Security Applications Conference

283

198

View full text Add to dashboard Cite

Abstract-Smartphones are now ubiquitous. However, the security requirements of these relatively new systems and the applications they support are still being understood. As a result, the security infrastructure available in current smartphone operating systems is largely underdeveloped. In this paper, we consider the security requirements of smartphone applications and augment the existing Android operating system with a framework to meet them. We present Secure Application INTeraction (Saint), a modified infrastructure that governs install-time permission assignment and their run-time use as dictated by application provider policy. An in-depth description of the semantics of application policy is presented. The architecture and technical detail of Saint is given, and areas for extension, optimization, and improvement explored. As we show through concrete example, Saint provides necessary utility for applications to assert and control the security decisions on the platform.

show abstract

Section: Related Workmentioning

confidence: 99%

Semantically Rich Application-Centric Security in Android

Ongtang

McLaughlin

Enck

et al. 2009

2009 Annual Computer Security Applications Conference

283

198

View full text Add to dashboard Cite

show abstract

“…The work further shows how unique features of mobile devices can be leveraged to identify the borderline between trusted/untrusted domains and to simplify the policy specification, while maintaining a high level of platform integrity. The authors of [35] show how policies in the context of multiple mobile platform stakeholders can be created dynamically and present a prototype based on SELinux. Low-level mandatory access control is an essential building block in our design (see Section 4).…”

Section: Kernel-level Mandatory Access Controlmentioning

confidence: 99%

Practical and lightweight domain isolation on Android

Bugiel

Davi

Dmitrienko

et al. 2011

Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices

139

View full text Add to dashboard Cite

In this paper, we introduce a security framework for practical and lightweight domain isolation on Android to mitigate unauthorized data access and communication among applications of different trust levels (e.g., private and corporate). We present the design and implementation of our framework, TrustDroid , which in contrast to existing solutions enables isolation at different layers of the Android software stack:(1) at the middleware layer to prevent inter-domain application communication and data access, (2) at the kernel layer to enforce mandatory access control on the file system and on Inter-Process Communication (IPC) channels, and (3) at the network layer to mediate network traffic. For instance, (3) allows network data to be only read by a particular domain, or enables basic context-based policies such as preventing Internet access by untrusted applications while an employee is connected to the company's network.Our approach accurately addresses the demands of the business world, namely to isolate data and applications of different trust levels in a practical and lightweight way. Moreover, our solution is the first leveraging mandatory access control with TOMOYO Linux on a real Android device (Nexus One). Our evaluation demonstrates that TrustDroid only adds a negligible overhead, and in contrast to contemporary full virtualization, only minimally affects the battery's life-time.

show abstract

“…Android, for instance, implements currently a quadruplepolicy approach consisting of Permissions, SE Android type enforcement, AppOps, and Linux capabilities-each being responsible for a different aspect of the overall access control strategy. Multiple policies will naturally conflict and thus require the security framework to support different policy composition and reconciliation strategies (e.g., consensus or priority based) [32,27]. However, supporting fully generic policy composition is quite a challenge and has been shown to be intractable [18].…”

Section: Stackable and Dynamic Loadable Modulesmentioning

confidence: 99%

Android security framework

Backes

Bugiel

Gerling

et al. 2014

Proceedings of the 30th Annual Computer Security Applications Conference

View full text Add to dashboard Cite

We introduce the Android Security Framework (ASF), a generic, extensible security framework for Android that enables the development and integration of a wide spectrum of security models in form of code-based security modules. The design of ASF reflects lessons learned from the literature on established security frameworks (such as Linux Security Modules or the BSD MAC Framework) and intertwines them with the particular requirements and challenges from the design of Android's software stack. ASF provides a novel security API that supports authors of Android security extensions in developing their modules. This overcomes the current unsatisfactory situation to provide security solutions as separate patches to the Android software stack or to embed them into Android's mainline codebase. This system security extensibility is of particular benefit for enterprise or government solutions that require deployment of advanced security models, not supported by vanilla Android. We present a prototypical implementation of ASF and demonstrate its effectiveness and efficiency by modularizing different security models from related work, such as dynamic permissions, inlined reference monitoring, and type enforcement.

show abstract

Dynamic mandatory access control for multiple stakeholders

Cited by 12 publications

References 5 publications

Semantically Rich Application-Centric Security in Android

Semantically Rich Application-Centric Security in Android

Practical and lightweight domain isolation on Android

Android security framework

Contact Info

Product

Resources

About