Loading...
| Friend's email | |
| Your name | |
| Your email | |
| enter code | |
This page was sent successfuly
Fine-grained access control for hybrid mobile applications in Android using restricted paths
Pooryousef, S ; Sharif University of Technology
617
Viewed
- Type of Document: Article
- DOI: 10.1109/ISCISC.2016.7736456
- Publisher: Institute of Electrical and Electronics Engineers Inc
- Abstract:
- Hybrid Mobile Applications are a new generation of mobile applications that have recently introduced new security challenges. In these applications, untrusted web content, such as an advertisement inside an embedded browser, has the same privileges as the entire application and can directly access the device resources. Unfortunately, existing access control mechanisms are very coarse-grained and do not provide adequate facilities for fine-grained access rule definition and enforcement in hybrid mobile applications. In this paper, we propose a fine-grained access control mechanism for privilege separation in hybrid mobile applications. Our proposed access control mechanism, called RestrictedPath, enables developers to define separate paths inside the application in which each path has restricted permissions. For preparing a fine-grained access control at the Android framework layer, RestrictedPath enforces access control at two different levels; browser level and Android access control system level. We have developed a proof-of-concept prototype of RestrictedPath for the Android open source project version 4.4.3 to illustrate its feasibility and to evaluate its overhead on the system. Our experiments show that RestrictedPath is practical, easy to use for developers, and has low performance overhead (in average 10 percent) on the device
- Keywords:
- Android (operating system) ; Cryptography ; Mobile computing ; Mobile telecommunication systems ; Open systems ; Security of data ; Access control mechanism ; Coarse-grained ; Device resources ; Embedded browser ; Mobile applications ; Open source projects ; Proof of concept ; Security challenges ; Access control
- Source: 13th International ISC Conference on Information Security and Cryptology, 7 September 2016 through 8 September 2016 ; 2016 , Pages 85-90 ; 9781509039494 (ISBN)
- URL: http://ieeexplore.ieee.org/document/7736456