Abstract
Due to the third-party applications that provide Smartphone users with functional extensions, more and more privacy leak events occur. While the existing security mechanism informs the user of the resources the application requires, it does not involve the usage of sensitive privacies. This paper presents Android Security Framework (ASF): a security framework for Android that guarantees the security of user privacy. In the framework layer, ASF is integrated for monitoring the operations that third-party applications perform on user privacies, and in the application layer, detectors inspect the safety of these operations based on ASF. Our security framework is implemented through layered structure, with minimal change to the existing Android code. A case study is presented as a preliminary validation of the security framework that helps users protect privacies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Apple App Store Approval Process (March 5, 2007), http://en.wikipedia.org/wiki/App.Store#Approvalprocess
Banuri, H., Alam, M., Khan, S., Manzoor, J., Ali, B., Khan, Y., Yaseen, M., Tahir, M.N., Ali, T., Alam, Q., Zhang, X.: An Android runtime security policy enforcement framework. Journal of Personal and Ubiquitous Computing (July 2011), doi:10.1007/s00779-011-0437-6
Shin, W., Kiyomoto, S., Fukushima, K., Tanaka, T.: A Formal Model to Analyze the Permission Authorization and Enforcement in the Android Framework. In: International Symposium on Secure Computing, SecureCom 2010 (2010) (to appear)
Shabtai, A., Fledel, Y., Elovici, Y.: Securing Android-Powered Mobile Devices Using SELinux. IEEE Security and Privacy 8(3), 36–44 (2010)
Nauman, M., Khan, S., Zhang, X.: Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints. In: ASIACCS 2010, pp. 328–332. ACM (2010)
Shin, W., Kwak, S., Kiyomoto, S., Tanaka, K.F.A.T.: A Small but Non-negligible Flaw in the Android Permission Scheme. In: Proceedings of the 2010 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2010, pp. 107–110. IEEE Computer Society, Washington, DC (2010)
Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically Rich Application-Centric Security in Android. In: Proceedings of the Annual Computer Security Applications Conference. IEEE (2009)
Enck, W., Ongtang, M., McDaniel, P.: On Lightweight Mobile Phone Application Certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 235–245. ACM, New York (2009)
Fuchs, A.P., Chaudhuri, A., Foster, J.S.: “SCanDroid: Automated Security Certification of Android Applications”, Android Applications. In: Submitted to IEEE S&P 2010: Proceedings of the 31st IEEE Symposium on Security and Privacy (2010)
Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, Vancouver, BC, Canada, October 04-06, pp. 1–6 (2010)
Enck, W., Ongtang, M., McDaniel, P.: Mitigating Android Software Misuse Before It Happens, Technical Report NAS-TR-0094-2008, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA (November 2008)
Stanford Research, Xerox Palo Alto, A fast string searching algorithm. Communications of the ACM 20, 762–772 (1977)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, Q., Li, X., Yu, X., Feng, Z. (2012). ASF: Improving Android Security with Layered Structure Instrumentation. In: Khachidze, V., Wang, T., Siddiqui, S., Liu, V., Cappuccio, S., Lim, A. (eds) Contemporary Research on E-business Technology and Strategy. iCETS 2012. Communications in Computer and Information Science, vol 332. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34447-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-34447-3_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34446-6
Online ISBN: 978-3-642-34447-3
eBook Packages: Computer ScienceComputer Science (R0)