Loading...

A Fine Grained Access Control Mechanism for Hybrid Mobile Applications in Android

Pooryousef, Shahrooz | 2015

1401 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: Farsi
  3. Document No: 47602 (19)
  4. University: Sharif University of Technology
  5. Department: Computer Engineering
  6. Advisor(s): Kharrazi, Mehdi; Rabiee, HamidReza
  7. Abstract:
  8. Hybrid mobile applications combine the features of Web technologies and native mobile apps. Like Web applications, they are implemented in portable, platform independent languages such as HTML and JavaScript. Like native apps, they have direct access to local device resources. In these programs, web contents are loaded into a web component, called WebView, which can render HTML5 pages and execute JavaScript code. In order for the web content to access the system resources, which are isolated from the content inside Web-View due to its sandbox, bridges need to be built between JavaScript and the native code. developers usually use third party plug-ins for native side of application. hybrid application usually includes JavaScript from third party sources with different trust also. Privilege separation is critical in this applications. In this dissertation, we systematically analyze the complete access control requirements for mobile hybrid application and identify the fundamental lack of complete and fine-grained access control mechanisms in previous researches.Specifically, existing solutions only providing access control for web content in web side of application. As our solution, we propose an access control model called SecurePath that enables privilege separation and fine grained access control fot mobile hybrid applications. We have developed a proof-of-concept prototype of SecurePath for Android operation system 4.4.3 version. evaluation with sampled attacks indicates that SecurePath effectively provide fine grained access control with low performance overhead
  9. Keywords:
  10. Hybrid Mobile Applications ; Fine Grained Access Control ; Untrusted Content ; Privilege Separation

 Digital Object List

 Bookmark

...see more