KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Permission Management System for Secure IoT Devices in Android-Based IoT Environment

안드로이드 기반 IoT 환경에서 안전한 IoT 디바이스를 위한 권한 관리 시스템

  • 박인규 (아주대학교 컴퓨터공학과) ;
  • 곽진 (아주대학교 사이버보안학과)
  • Received : 2017.11.21
  • Accepted : 2018.01.14
  • Published : 2018.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

Android Things is an Android-based platform running in Google's IoT environment. Android smartphones require permissions from application users to use certain features, but in the case of Android Things, there is no display to send request notifications to users. Therefore Does not make a request to use the permissions and automatically accepts the permissions from the system. If the privilege is used indiscriminately, malicious behavior such as system failure or leakage of personal information can be performed by a function which is not related to the function originally. Therefore, By monitoring the privileges that a device uses in an Android-based IoT system, users can proactively respond to security threats that can arise through unauthorized use of the IoT system. This paper proposes a system that manages the rights currently being used by IoT devices in the Android Things based IoT environment, so that Android-based IoT devices can cope with irrelevant use of rights.

Android Things는 구글에서 발표한 IoT 환경에서 동작하는 안드로이드 기반 플랫폼이다. 이전 버전과는 다르게 자바 언어, 안드로이드 API, 구글 서비스 등 기존 서비스를 제공하며 더욱 쉽게 접근할 수 있도록 하였다. 안드로이드 스마트폰의 경우 특정 기능을 사용하기 위해 애플리케이션 사용자에게 권한을 요청하지만 Android Things의 경우 사용자에게 요청 알림을 보낼 수 있는 디스플레이가 존재하지 않은 경우도 있어 애플리케이션 개발시 특정 권한을 애플리케이션 내에 선언하지만 사용자에게 권한 사용에 대한 요청을 하지 않으며 시스템에서 권한을 자동 수락한다. 권한이 무분별하게 사용될 경우 본래 기능과 상관없는 기능으로 시스템 장애나 개인정보 유출 등의 악성행위를 수행할 수 있다. 따라서 안드로이드 기반 IoT 시스템에서 디바이스가 사용하는 권한을 사용자가 모니터링함으로써 IoT 시스템에서 무분별한 권한 사용을 통해 발생할 수 있는 보안위협에 대해 사전에 대응할 수 있다. 본 논문에서는 Android Things 기반 IoT 환경에서 IoT 디바이스가 현재 사용 중인 권한을 관리하는 시스템을 제안하여 안드로이드 기반 IoT 디바이스가 무분별한 권한 사용에 대해 대응할 수 있도록 한다.

Keywords

References

  1. Htaejoo Cho, Hyunki Kim, and Jeong Hyun Yi, "Security Assessment of Code Obfuscation Based on Dynamic Monitoring in Android Things," Special Section: Security and Privacy in Applications and Services for Future Internet of Things, IEEE Acess, 2017.
  2. Mahdi Amiri-Kordestani and Hadi Bourdoucen, "A Survey on Embedded Open Source System Software for the Internet of Things," Free and Open Source Software Conference 2017 (FOSSC'17), 2017.
  3. W. J. Okello, Q. Liu, F. A. Siddiqui, and C. Zhang, "A survey of the current state of lightweight cryptography for the Internet of things," In Computer, Information and Telecommunication Systems (CITS), 2017 International Conference on. IEEE, pp.292-296, 2017.
  4. H. Wang, Y. Guo, Z. Tang, G. Bai, and X. Chen, "Reevaluating Android Permission Gaps with Static and Dynamic Analysis," in Global Communications Conference (GLOBECOM), 2015 IEEE, pp.1-6, 2015.
  5. B. P. Sarma, N. Li, C. Gates, R. Potharaju, C. Nita-Rotaru, and I. Molloy, "Android Permissions: A Perspective Combining Risks and Benefits," in SACMAT '12 Proceedings of the 17th ACM symposium on Access Control Models and Technologies, pp.13-22. 2015.
  6. A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner, "Android permission: user attention, comprehension, and behavior," in SOUPS '12 Proceedings of the Eighth Symposium on Usable Privacy and Security, Article No. 3, 2012.
  7. Jiaojiao Fu, Yangfan Zhou, Huan Liu, Yu Kang, Xin Wang, "Perman: Fine-grained Permission Management for Android Applications", in Software Reliability Engineering (ISSRE), 2017 IEEE 28th International Symposium on, 2017.
  8. Ajay Kumar Jha, Seungmin Lee, Woo Jin Lee, "Permission-ba sed Security in Android Application - From Policy Expert to End User", in RACS Proceedings of the 2015 Conference on Research in Adaptive and Convergent Systems, 2015.
  9. K. Tam, A. Feizollah, N. B. Anuar, R. Salleh, and L. Cavallaro, "The Evolution of Android Malware and Android Analysis Techniques," in Computing Survey, Vol.49, No.4, Issue 4, 2017.
  10. C. Da, Z. Hongmei, and Z. Xiangli, "Detection of Android malware security on system calls," in CAdvanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC), pp.974-978, 2016.
  11. J. Wu, S. Liu, S. Ji, M. Yang, T. Luo, Y. Wu, and Y. Wang, "Exception Beyond Exception: Crashing Android System by Trapping in "uncaughtException"," in Software Engineering: Software Engineering in Practice Track (ICSE-SEIP), 2017 IEEE/ACM 39th International Conference on, pp.283-292, 2017.
  12. D. Wang, H. Yao, Y. Li, H. Jin, D. Zou, and R. H. Deng, "A Secure, Usable, and Transparent Middleware for Permission Managers on Android," in IEEE Transactions on Dependable and Secure Computing, 2017 IEEE 28th International Symposium on, Vol.14, No.4, 2017.
  13. A. Jain and Prachi, "Android Security : Permission Based Attacks," in Computing for Sustainable Global Development (INDIACom), 2016 3rd International Conference on, pp. 2754-2759, 2016.
  14. Android Things [Internet], https://developer.android.com/things/.