Abstract
With the rapid popularization of Android system around the world, of the increase in Android malwares post serious threats to the security of users’ Android device and the privacy stored in it. At the same time, many trusted third party institutions (such as military, government institutions) need to customize the security policy of their Android devices according to their regulations, but most of them do not have this capability. This paper proposed an environment adaptive security mechanism for Android platform called EAdroid, which providing a simple way for trusted third party institutions to customize the security policy of their Android devices. EAdroid reforms the framework layer of Android system and synthetically applies Smack security module of Linux. At the same time, the security rules of framework layer and kernel layer in EAdroid can adapt to the current environment context. Series of tests show that EAdroid can efficiently protect the security of user’s devices and privacy with negligible overhead of performance.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gartner. Market Share Analysis: Mobile Phones, Worldwide (2013)
Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege escalation attacks on android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 346–360. Springer, Heidelberg (2011)
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R.: Xmandroid: a new android evolution to mitigate privilege escalation attacks. Technical report, Technische Univercity at Darmstadt (2011)
Schaufler, C.: The Smack project home page. http://schaufler-ca.com/
Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., Mcdaniel, P., Andsheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smart-phones. In: 9th USENIX Conference on Operating Systems Design and Implementation, pp. 1–6. USENIX Association (2010)
Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., Wallach, D.S.: Quire: lightweight provenance for smart phone operating systems. In: 20th USENIX Conference on Security, pp. 23–23. USENIX Association (2011)
Conti, M., Nguyen, V.T.N., Crispo, B.: CRePE: context-related policy enforcement for android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 331–345. Springer, Heidelberg (2011)
Nauman, M., Khan, S., Zhang, X.: Apex: extending Android permission model and enforcement with user-defined runtime constraints. In: 5th ACM Symposium on Information, Computer and Communications Security, pp. 328–332. ACM, New York (2010)
Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting Android to protect data from imperious applications. In: 18th ACM Conference on Computer and Communications Security, pp. 639–652. ACM, New York (2011)
Smally, S., Craig, R.: Security Enhanced (SE) Android: bringing flexible MAC to Android. In: NDSS. The Internet Society (2013)
Chien, E.: Motivations of Recent Android Malware. Symantec Corporation. http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/motivations_of_recent_android_malware.pdf
Virustotal. Virus report of HippoSMS. https://www.virustotal.com/
Jiang, X.: Security Alert: New Android Malware-HippoSMS-Found in Alternative Android Markets. http://www.cs.ncsu.edu/faculty/jiang/HippoSMS/
CVE-2011-1823. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1823
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: 16th ACM Conference on Computer and Communications Security, pp. 235–245. ACM, New York (2009)
Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in android. In: 25th Annual Computer Security Applications Conference, pp. 340–349. IEEE Computer Society Washington (2009)
Ongtang, M., Butler, K., McDaniel, P.: Porscha: policy oriented secure content handling in Android. In: 26th Annual Computer Security Applications Conference, pp. 221–230. ACM New York (2010)
Felt, A.P., Wang, H.J., Moshchuk, A., Hanna, S., Chin, E.: Permission re-delegation: attacks and defenses. In: 20th USENIX Security Symposium, p. 22. USENIX Association Berkeley (2011)
AnTuTu Benchmark. http://www.antutu.net/index.shtml
Softweg Benchmark. https://play.google.com/store/apps/details?id=softweg.hw.performance
Pandiyan, D., Paranjape, S.: Android Architecture and Binder. http://rts.lab.asu.edu/web_438/project_final/Talk%208%20AndroidArc_Binder.pdf
Backes, M., Gerling, S., Hammer, C., Maffei, M., von Styp-Rekowsky, P.: AppGuard – enforcing user requirements on android apps. In: Piterman, N., Smolka, S. (eds.) TACAS 2013 (ETAPS 2013). LNCS, vol. 7795, pp. 543–548. Springer, Heidelberg (2013)
XPrivacy home page. https://github.com/M66B/XPrivacy
Elish, K.O., Yao, D., Ryder, B.G.: User-centric dependence analysis for identifying malicious mobile apps. In: Workshop on Mobile Security Technologies (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Liang, H., Dong, Y., Wang, B., Liu, S. (2014). EAdroid: Providing Environment Adaptive Security for Android System. In: Lin, D., Xu, S., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2013. Lecture Notes in Computer Science(), vol 8567. Springer, Cham. https://doi.org/10.1007/978-3-319-12087-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-12087-4_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-12086-7
Online ISBN: 978-3-319-12087-4
eBook Packages: Computer ScienceComputer Science (R0)