Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2011.18C.3.151

Design and Implementation of a Flexible Application Permission Management Scheme on Android Platform  

Kim, Ik-Hwan (서울시립대학교 기계정보공학과)
Kim, Tae-Hyoun (서울시립대학교 기계정보공학과)
Publication Information
The KIPS Transactions:PartC / v.18C, no.3, 2011 , pp. 151-156 More about this Journal
Abstract
Google Android, which is one of the popular smart phone platforms, employs a security model based on application permissions. This model intends to reduce security threats by protecting inappropriate accesses to system resources from applications, but this model has a few problems. First, permission requested by an application cannot be granted selectively. Second, once the permission has been granted it is maintained until the application is uninstalled. Third, applications may acquire powerful permissions through user ID sharing without any notice to users. In order to overcome these limitations, we designed and implemented a flexible application permission management scheme. The goal of our scheme is to enhance security and user convenience while keeping compatibility to original platform. We also verified the operation of our scheme with real applications on Android emulator.
Keywords
Android; Security Model; Flexible Permission Management; Permission Promotion;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Android SDK 2.2 Full Source, "Android Application Framework: PackageManagerService", /frameworks/base/services/java/com/android/server/PackageManagerService.java, March, 2010.
2 Google Android Developers Guide, "Security and Permissions", http://developer.android.com/guide/topics/security/security.html, Aug., 2010.
3 W. Enck, M. Ongtang, and P. McDaniel, "Understanding Android Security", IEEE Security and Privacy, Vol.7, issue 1, pp.50-57, 2009.   DOI   ScienceOn
4 A. Fuchs, A. Chaudhuri, and J. Foster, "SCanDroid: Automated Security Certification of Android Applications", In Proc. of the 31st IEEE Symposium on Security and Privacy, 2010.
5 M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel, "Semantically Rich Application-Centric Security in Android", In Proc. of the Annual Computer Security Applications Conference, pp.340-349, 2009.   DOI
6 M. Nauman and S Kahn, "Apex: Extending Android Permission Model and Enforcement with User-Defined Runtime Constraints", In Proc. of the 5th ACM Symposium on Information, Computer and Communication Security, pp. 328-332, 2010.   DOI
7 A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovii, and S. Dolev, "Google Android: A State-of-the-Art Review of Security Mechanisms", IEEE Security and Privacy, Vol.8, issue2, pp. 35-44, 2010.   DOI   ScienceOn