Skip to main content
SpringerLink
Log in

Context-Aware Usage Control for Android

  • Conference paper
Security and Privacy in Communication Networks (SecureComm 2010)

Abstract

The security of smart phones is increasingly important due to their rapid popularity. Mobile computing on smart phones introduces many new characteristics such as personalization, mobility, pay-for-service and limited resources. These features require additional privacy protection and resource usage constraints in addition to the security and privacy concerns on traditional computers. As one of the leading open source mobile platform, Android is also facing security challenges from the mobile environment. Although many security measures have been applied in Android, the existing security mechanism is coarse-grained and does not take into account the context information, which is of particular interest because of the mobility and personality of a smart phone device.

To address these challenges, we propose a context-aware usage control model ConUCON, which leverages the context information to enhance data protection and resource usage control on a mobile platform. We also extend the existing security mechanism to implement a policy enforcement framework on the Android platform based on ConUCON. With ConUCON, users are able to employ fine-grained and flexible security mechanism to enhance privacy protection and resource usage control. The extended security framework on Android enables mobile applications to run with better user experiences. The implementation of ConUCON and its evaluation study demonstrate that it can be practically adapted for other types of mobile platform.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aich, S., Sural, S., Majumdar, A.K.: STARBAC: Spatio temporal role based access control. In: Meersman, R., Tari, Z. (eds.) OTM 2007, Part II. LNCS, vol. 4804, pp. 1567–1582. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  2. Al-Muhtadi, J., Ranganathan, A., Campbell, R.H., Mickunas, M.D.: Cerberus: A context-aware security scheme for smart spaces. In: PerCom, p. 489 (2003)

    Google Scholar 

  3. Bandinelli, M., Paganelli, F., Vannuccini, G., Giuli, D.: A contextaware security framework for next generation mobile networks. In: MobiSec. Springer, Heidelberg (2009)

    Google Scholar 

  4. Bell, D., LaPadula, L.: Secure computer systems: Mathematical foundations. Technical Report ESD-TR-73-278, MITRE Corporation (1973)

    Google Scholar 

  5. Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An access control model supporting periodicity constraints and temporal reasoning. ACM Trans. Database Syst. 23(3), 231–285 (1998)

    Article  Google Scholar 

  6. Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A temporal role-based access control model. In: RBAC 2000, July 26-27, pp. 21–30. ACM Press, New York (2000)

    Google Scholar 

  7. Biba, K.J.: Integrity considerations for secure computer systems. MTR-3153, Rev. 1, The Mitre Corporation (1977)

    Google Scholar 

  8. Bose, A., Hu, X., Shin, K.G., Park, T.: Behavioral detection of malware on mobile handsets. In: MobiSys 2008, pp. 225–238. ACM, New York (2008)

    Google Scholar 

  9. Cheng, J., Wong, S.H.Y., Yang, H., Lu, S.: Smartsiren: virus detection and alert for smartphones. In: MobiSys 2007, pp. 258–271. ACM, New York (2007)

    Google Scholar 

  10. Covington, M.J., Fogla, P., Zhan, Z., Ahamad, M.: A contextaware security architecture for emerging applications. In: ACSAC, pp. 249–260 (2002)

    Google Scholar 

  11. Covington, M.J., Moyer, M.J., Ahamad, M.: Generalized role-based access control for securing future applications (November 03, 2000)

    Google Scholar 

  12. Dagon, D., Martin, T., Starner, T.: Mobile phones as computing devices: the viruses are coming! IEEE Pervasive Computing 3(4), 11–15 (2004)

    Article  Google Scholar 

  13. Damiani, M.L., Bertino, E., Catania, B., Perlasca, P.: Geo-rbac: A spatially aware RBAC. ACM Trans. Inf. Syst. Secur. 10(1), 2 (2007)

    Article  Google Scholar 

  14. Enck, W., Ongtang, M., McDaniel, P.D.: On lightweight mobile phone application certification. In: Proceedings of CCS 2009, pp. 235–245. ACM, New York (2009)

    Google Scholar 

  15. F-Secure. Cabir, http://www.f-secure.com/v-descs/cabir.shtml

  16. F-Secure. Pbstealer. A., http://www.f-secure.com/v-descs/pbstealer_a.shtml

  17. Fuchs, A.P., Chaudhuri, A., Foster, J.S.: Scandroid: Automated security certification of android applications

    Google Scholar 

  18. Google. Android, http://www.android.com

  19. Hypponen, M.: Mobile Malware. In: USENIX Security Symposium (August 2007), http://www.usenix.org/events/sec07/tech/hypponen.pdf (Invited Talk)

  20. Moyer, M.J., Abamad, M.: Generalized role-based access control. In: 21st International Conference on Distributed Computing Systems, pp. 391–398 (April 2001)

    Google Scholar 

  21. Mulliner, C.: Security of Smart Phones. Master’s thesis, Department of Computer Science, University of California Santa Barbara (June 2006)

    Google Scholar 

  22. Nauman, M., Khan, S., Alam, M., Zhang, X.: Apex: Extending android permission model and enforcement with user-defined runtime constraints. In: ASIACCS 2010, Beijing, China, April 13-16. ACM, New York (2010)

    Google Scholar 

  23. Park, J., Sandhu, R.: The UCONABC usage control model. ACM Transactions on Information and System Security 7(1), 128–174 (2004)

    Article  Google Scholar 

  24. Park, J., Sandhu, R.S.: Towards usage control models: beyond traditional access control. In: SACMAT, pp. 57–64 (2002)

    Google Scholar 

  25. Ray, I., Kumar, M., Yu, L.: LRBAC: A location-aware role-based access control model. In: Bagchi, A., Atluri, V. (eds.) ICISS 2006. LNCS, vol. 4332, pp. 147–161. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  26. Android reference. Develope Guide, http://developer.android.com/guide/index.html

  27. Sandhu, R.S., Park, J.: Usage control: A vision for next generation access control. In: MMMACNS (2003)

    Google Scholar 

  28. Sandhu, R.S.: Role-based access control. Advances in Computers 46, 238–287 (1998)

    Google Scholar 

  29. Schmidt, A.-D., Peters, F., Lamour, F., Albayrak, S.: Monitoring smartphones for anomaly detection. In: MOBILWARE 2008. ICST (2007)

    Google Scholar 

  30. Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google android: A comprehensive security assessment. IEEE Security & Privacy (2010)

    Google Scholar 

  31. Stevenne, J., Niezette, M.: An efficient symbolic representation of periodic time. In: Finin, T.W., Yesha, Y., Nicholas, C. (eds.) CIKM 1992. LNCS, vol. 752. Springer, Heidelberg (1993)

    Google Scholar 

  32. Xie, L., Zhang, X., Chaugule, A., Jaeger, T., Zhu, S.: Designing system-level defenses against ellphone malware. In: SRDS 2009, pp. 83 –90 (September 2009)

    Google Scholar 

  33. Zhang, X., Aciiçmez, O., Seifert, J.-P.: A trusted mobile phone reference architecture via secure kernel. In: STC, pp. 7–14. ACM, New York (2007)

    Chapter  Google Scholar 

  34. Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. TISSEC 8(4), 351–387 (2005)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Key Laboratory of High Confidence Software Technologies (Ministry of Education), Institute of Software, School of EECS, Peking University, Beijing, China

    Guangdong Bai, Liang Gu, Tao Feng, Yao Guo & Xiangqun Chen

Authors
  1. Guangdong Bai
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Liang Gu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tao Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yao Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xiangqun Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, George Mason University, 4400 University Drive, 22030-4422, Fairfax, VA, USA

    Sushil Jajodia

  2. Institute for Infocomm Research, 1 Fusionopolis Way, 21-01 Connexis, 138632, South Tower, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Bai, G., Gu, L., Feng, T., Guo, Y., Chen, X. (2010). Context-Aware Usage Control for Android. In: Jajodia, S., Zhou, J. (eds) Security and Privacy in Communication Networks. SecureComm 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 50. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16161-2_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16161-2_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16160-5

  • Online ISBN: 978-3-642-16161-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation