Skip to main content

Context-Aware Usage Control for Android

  • Conference paper

Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST,volume 50)

Abstract

The security of smart phones is increasingly important due to their rapid popularity. Mobile computing on smart phones introduces many new characteristics such as personalization, mobility, pay-for-service and limited resources. These features require additional privacy protection and resource usage constraints in addition to the security and privacy concerns on traditional computers. As one of the leading open source mobile platform, Android is also facing security challenges from the mobile environment. Although many security measures have been applied in Android, the existing security mechanism is coarse-grained and does not take into account the context information, which is of particular interest because of the mobility and personality of a smart phone device.

To address these challenges, we propose a context-aware usage control model ConUCON, which leverages the context information to enhance data protection and resource usage control on a mobile platform. We also extend the existing security mechanism to implement a policy enforcement framework on the Android platform based on ConUCON. With ConUCON, users are able to employ fine-grained and flexible security mechanism to enhance privacy protection and resource usage control. The extended security framework on Android enables mobile applications to run with better user experiences. The implementation of ConUCON and its evaluation study demonstrate that it can be practically adapted for other types of mobile platform.

Keywords

  • security
  • access control
  • mobile platform
  • context-aware
  • Android

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-642-16161-2_19
  • Chapter length: 18 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   109.00
Price excludes VAT (USA)
  • ISBN: 978-3-642-16161-2
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   149.00
Price excludes VAT (USA)

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aich, S., Sural, S., Majumdar, A.K.: STARBAC: Spatio temporal role based access control. In: Meersman, R., Tari, Z. (eds.) OTM 2007, Part II. LNCS, vol. 4804, pp. 1567–1582. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  2. Al-Muhtadi, J., Ranganathan, A., Campbell, R.H., Mickunas, M.D.: Cerberus: A context-aware security scheme for smart spaces. In: PerCom, p. 489 (2003)

    Google Scholar 

  3. Bandinelli, M., Paganelli, F., Vannuccini, G., Giuli, D.: A contextaware security framework for next generation mobile networks. In: MobiSec. Springer, Heidelberg (2009)

    Google Scholar 

  4. Bell, D., LaPadula, L.: Secure computer systems: Mathematical foundations. Technical Report ESD-TR-73-278, MITRE Corporation (1973)

    Google Scholar 

  5. Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An access control model supporting periodicity constraints and temporal reasoning. ACM Trans. Database Syst. 23(3), 231–285 (1998)

    CrossRef  Google Scholar 

  6. Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A temporal role-based access control model. In: RBAC 2000, July 26-27, pp. 21–30. ACM Press, New York (2000)

    Google Scholar 

  7. Biba, K.J.: Integrity considerations for secure computer systems. MTR-3153, Rev. 1, The Mitre Corporation (1977)

    Google Scholar 

  8. Bose, A., Hu, X., Shin, K.G., Park, T.: Behavioral detection of malware on mobile handsets. In: MobiSys 2008, pp. 225–238. ACM, New York (2008)

    Google Scholar 

  9. Cheng, J., Wong, S.H.Y., Yang, H., Lu, S.: Smartsiren: virus detection and alert for smartphones. In: MobiSys 2007, pp. 258–271. ACM, New York (2007)

    Google Scholar 

  10. Covington, M.J., Fogla, P., Zhan, Z., Ahamad, M.: A contextaware security architecture for emerging applications. In: ACSAC, pp. 249–260 (2002)

    Google Scholar 

  11. Covington, M.J., Moyer, M.J., Ahamad, M.: Generalized role-based access control for securing future applications (November 03, 2000)

    Google Scholar 

  12. Dagon, D., Martin, T., Starner, T.: Mobile phones as computing devices: the viruses are coming! IEEE Pervasive Computing 3(4), 11–15 (2004)

    CrossRef  Google Scholar 

  13. Damiani, M.L., Bertino, E., Catania, B., Perlasca, P.: Geo-rbac: A spatially aware RBAC. ACM Trans. Inf. Syst. Secur. 10(1), 2 (2007)

    CrossRef  Google Scholar 

  14. Enck, W., Ongtang, M., McDaniel, P.D.: On lightweight mobile phone application certification. In: Proceedings of CCS 2009, pp. 235–245. ACM, New York (2009)

    Google Scholar 

  15. F-Secure. Cabir, http://www.f-secure.com/v-descs/cabir.shtml

  16. F-Secure. Pbstealer. A., http://www.f-secure.com/v-descs/pbstealer_a.shtml

  17. Fuchs, A.P., Chaudhuri, A., Foster, J.S.: Scandroid: Automated security certification of android applications

    Google Scholar 

  18. Google. Android, http://www.android.com

  19. Hypponen, M.: Mobile Malware. In: USENIX Security Symposium (August 2007), http://www.usenix.org/events/sec07/tech/hypponen.pdf (Invited Talk)

  20. Moyer, M.J., Abamad, M.: Generalized role-based access control. In: 21st International Conference on Distributed Computing Systems, pp. 391–398 (April 2001)

    Google Scholar 

  21. Mulliner, C.: Security of Smart Phones. Master’s thesis, Department of Computer Science, University of California Santa Barbara (June 2006)

    Google Scholar 

  22. Nauman, M., Khan, S., Alam, M., Zhang, X.: Apex: Extending android permission model and enforcement with user-defined runtime constraints. In: ASIACCS 2010, Beijing, China, April 13-16. ACM, New York (2010)

    Google Scholar 

  23. Park, J., Sandhu, R.: The UCONABC usage control model. ACM Transactions on Information and System Security 7(1), 128–174 (2004)

    CrossRef  Google Scholar 

  24. Park, J., Sandhu, R.S.: Towards usage control models: beyond traditional access control. In: SACMAT, pp. 57–64 (2002)

    Google Scholar 

  25. Ray, I., Kumar, M., Yu, L.: LRBAC: A location-aware role-based access control model. In: Bagchi, A., Atluri, V. (eds.) ICISS 2006. LNCS, vol. 4332, pp. 147–161. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  26. Android reference. Develope Guide, http://developer.android.com/guide/index.html

  27. Sandhu, R.S., Park, J.: Usage control: A vision for next generation access control. In: MMMACNS (2003)

    Google Scholar 

  28. Sandhu, R.S.: Role-based access control. Advances in Computers 46, 238–287 (1998)

    Google Scholar 

  29. Schmidt, A.-D., Peters, F., Lamour, F., Albayrak, S.: Monitoring smartphones for anomaly detection. In: MOBILWARE 2008. ICST (2007)

    Google Scholar 

  30. Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google android: A comprehensive security assessment. IEEE Security & Privacy (2010)

    Google Scholar 

  31. Stevenne, J., Niezette, M.: An efficient symbolic representation of periodic time. In: Finin, T.W., Yesha, Y., Nicholas, C. (eds.) CIKM 1992. LNCS, vol. 752. Springer, Heidelberg (1993)

    Google Scholar 

  32. Xie, L., Zhang, X., Chaugule, A., Jaeger, T., Zhu, S.: Designing system-level defenses against ellphone malware. In: SRDS 2009, pp. 83 –90 (September 2009)

    Google Scholar 

  33. Zhang, X., Aciiçmez, O., Seifert, J.-P.: A trusted mobile phone reference architecture via secure kernel. In: STC, pp. 7–14. ACM, New York (2007)

    CrossRef  Google Scholar 

  34. Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. TISSEC 8(4), 351–387 (2005)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Bai, G., Gu, L., Feng, T., Guo, Y., Chen, X. (2010). Context-Aware Usage Control for Android. In: Jajodia, S., Zhou, J. (eds) Security and Privacy in Communication Networks. SecureComm 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 50. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16161-2_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16161-2_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16160-5

  • Online ISBN: 978-3-642-16161-2

  • eBook Packages: Computer ScienceComputer Science (R0)