Full Program »
Semantically Rich Application-Centric Security in Android
PDF
0.5MB
Machigar Ongtang
Pennsylvania State University
United States
Stephen McLaughlin
Pennsylvania State University
United States
William Enck
Pennsylvania State University
United States
Patrick McDaniel
Pennsylvania State University
United States
Abstract:
Smartphones are now ubiquitous. However, the security requirements of these relatively new systems and the applications they support are still being understood. As a result, the security infrastructure available in current smartphone operating systems is largely underdeveloped. In this paper, we consider the security requirements of smartphone applications and augment the existing Android operating system with a framework to meet them. Named Secure Application INTeraction (Saint), this modiļ¬ed infrastructure governs install-time permission assignment and their run-time use as dictated by application provider policy. An in-depth description of the semantics of application policy is presented. The architecture and technical detail of Saint is given, and areas for extension, optimization, and improvement explored. The paper concludes by illustrating the usefulness of this framework via concrete example.