Context Based Security Model to Enhance the Privacy of Smartphone
International Journal of Computer Science (IJCS) Published by SK Research Group of Companies (SKRGC)
Download this PDF format
Abstract
Smartphones are rapidly becoming the computing and communication platform used by people to perform many activities besides placing and receiving phone calls. However, the protection and security models provided by such platforms do not address many security and privacy concerns of their users. It is aimed at extending the security models and mechanisms of existing smart-phone platforms to support context-aware application with the security and the privacy of their users. Particularly challenging in this domain is to find solutions that can increase the security and the privacy of users and at the same time, they are easy to understand and to use. MOSES can also be improved in several aspects. For instance, to make the policy specification process easier, a solution could be to embed into the system policy templates that can be simply selected and associated to an application. It should be mentioned that currently MOSES does not separate system data (e.g., system configuration files) and information on SD cards. In the future it is planned to add this functionality to the system. Moreover, performance overheads are also planned to be reduced considerably in the future versions.
References
[1] Gartner Says Smartphone Sales Accounted for 55 Percent of Overall Mobile Phone Sales in Third Quarter of 2013,https://www.gartner.com/newsroom/id/2623415,2014.
[2] Are Your Sales Reps Missing Important Sales Opportunities? https://m.sybase.com/files/White_Papers/Solutions_SAP_Reps.pdf, 2014.
[3] Unisys Establishes a Bring Your Own Device (BYOD)Policy,https://www.insecureaboutsecurity.com/2011/03/14/unisys_establishes_a_bring_your_own_device_byod_policy/, 2014.
[4] W. Enck, P. Gilbert, B.-G. Chun, L.P. Cox, J. Jung, P. McDaniel,and A.N. Sheth, “Taintdroid:An Information-Flow Tracking System for Real time Privacy Monitoring on Smartphones,” Proc.Ninth USENIX Conf. Operating Systems Design and Implementation(OSDI ’10), pp. 1-6, 2010.
[5] C. Gibler, J. Crussell, J. Erickson, and H. Chen, “AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale,”Proc. Fifth Int’l Conf. Trust and Trustworthy Computing (TRUST ’12), pp. 291-307, 2012.
[6] Y. Xu, F. Bruns, E. Gonzalez, S. Traboulsi, K. Mott, and A. Bilgic,“Performance Evaluation of Para-Virtualization on Modern Mobile Phone Platform,”Proc. Int’l Conf. Computer, Electrical, and Systems Science and Eng. (ICCESSE ’10), 2010.
[7] M. Lange, S. Liebergeld, A. Lackorzynski, A. Warg, and M. Peter, “L4Android: A Generic Operating System Framework for Secure Smartphones,”Proc. First ACM Workshop Security and Privacy in Smartphones and Mobile Devices (SPSM ’11), pp. 39-50, 2011.
[8] T.U. Dresden, and U. of Technology Berlin, “L4Android,” https://l4android.org/ 2014.
[9] J. Andrus, C. Dall, A.V. Hof, O. Laadan, and J. Nieh, “Cells: A Virtual Mobile Smartphone Architecture,”Proc. 23rd ACM Symp. Operating Systems Principles (SOSP ’11), pp. 173-187, 2011.
[10] Android, https://www.android.com/ 2014.
[11] W. Enck, M. Ongtang, and P. McDaniel, “Understanding Android Security,”IEEE Security and Privacy, vol. 7, no. 1, pp. 50-57, Jan./Feb. 2009.
[12] A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev, and C.Glezer, “Google Android: A Comprehensive Security Assessment,”IEEE Security and Privacy, vol. 8, no. 2, pp. 35-44, Mar./Apr. 2010.
[13] M. Nauman, S. Khan, and X. Zhang, “Apex: Extending Android Permission Model and Enforcement with User-Defined Runtime Constraints,”Proc. Fifth ACM Symp. Information, Computer and Comm. Security (ASIACCS ’10), pp. 328-332, 2010.
[14] M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel, “Semantically Rich Application-Centric Security in Android,” Proc. Ann. Computer Security Applications Conf. (ACSAC ’09),pp. 73-82, 2009.
[15] M. Conti, B. Crispo, E. Fernandes, and Y. Zhauniarovich, “CR^ePE: A System for Enforcing Fine-Grained Context- Related Policies on Android,”IEEE Trans. Information Forensics and Security, vol. 7, no. 5, pp. 1426-1438, Oct. 2012.
[16] A.R. Beresford, A. Rice, and N. Skehin, “MockDroid: Trading Privacy for Application Functionality on Smartphones,”Proc. 12th Workshop Mobile Computing Systems and Applications (HotMobile’11), pp. 49-54, 2011.
[17] Y. Zhou, X. Zhang, X. Jiang, and V. Freeh, “Taming Information Stealing Smartphone Applications (on Android),” Proc. Fourth Int’l Conf. Trust and Trustworthy Computing (TRUST ’11), pp. 93-107, 2011.
[18] P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall, “These Aren’t the Droids You’re Looking for’: Retroffiting Android to Protect Data from Imperious Applications,” Proc. 18th ACM Conf. Computer and Comm. Security (CCS ’11), pp. 639-652, 2011.
[19] G. Russello, B. Crispo, E. Fernandes, and Y. Zhauniarovich, “YAASE: Yet Another Android Security Extension,”Proc. IEEE Third Int’l Conf. Social Computing and Privacy, Security, Risk and Trust (SocialCom/PASSAT), pp. 1033-1040, 2011.
[20] D. Feth and A. Pretschner, “Flexible Data-Driven Security for Android,”Proc. IEEE Sixth Int’l Conf. Software Security and Reliability (SERE ’12), pp. 41-50, 2012.
[21] D. Feth and C. Jung, “Context-Aware, Data-Driven Policy Enforcement for Smart Mobile Devices in Business Environments,”Proc. Int’l Conf. Security and Privacy in Mobile Information and Comm. Systems (MobiSec ’12), pp. 69-80, 2012.
[22] P.B. Kodeswaran, V. Nandakumar, S. Kapoor, P. Kamaraju, A.Joshi, and S. Mukherjea, “Securing Enterprise Data on Smartphones Using Run Time Information Flow Control,”Proc. IEEE 13th Int’l Conf. Mobile Data Management (MDM ’12), pp. 300-305,2012.
[23] M. Ahmed and M. Ahamad, “Protecting Health Information on Mobile Devices,”Proc. Second ACM Conf. Data and Application Security and Privacy (CODASPY ’12), pp. 229-240, 2012.
[24] G. Bai, L. Gu, T. Feng, Y. Guo, and X. Chen, “Context-Aware Usage Control for Android,”Proc. Int’l Conf. Security and Privacy in Comm. Networks (SecureComm ’10), pp. 326-343, 2010.
[25] S. Bugiel,S. Heuser, and A.-R. Sadeghi, “Flexible and FineGrained Mandatory Access Control on Android for Diverse Security and Privacy Policies,”Proc. 22nd USENIX Conf. Security (Security ’13), 2013.
[26] S. Smalley and R. Craig, “Security Enhanced (SE) Android: Bringing flexible MAC to Android,”Proc. 20th Ann. Network and Distributed System Security Symp. (NDSS ’13), 2013.
[27] Dual Persona Definition, https://searchconsumerization. techtarget.com/definition/Dual-persona, 2014.
[28] M. Backes, S. Gerling, C. Hammer, M. Maffei, and P. von StypRekowsky, “AppGuard—Real-Time Policy Enforcement for Third-Party Applications,” Technical Report A/02/2012, Saarland Univ., 2012.
[29] J. Jeon, K.K. Micinski, J.A. Vaughan, A. Fogel, N. Reddy, J.S.Foster, and T. Millstein, “Dr. Android and Mr. Hide: Fine Grained Permissions in Android Applications,”Proc. Second ACM Workshop Security and Privacy in Smartphones and Mobile Devices (SPSM ’12), pp. 3-14, 2012.
[30] R. Xu, H. Sa€?di, and R. Anderson, “Aurasium: Practical Policy Enforcement for Android Applications,”Proc. USENIX 21st USENIX Conf. Security Symp. (Security ’12), p. 27, 2012.
[31] NitroDesk TouchDown, https://www.nitrodesk.com/ TouchDown.aspx, 2014.
[32] Good BYOD Solutions, https://www1.good.com/mobility-management-solutions/bring-your-own-device, 2014.
[33] Fixmo SafeZone: Corporate Data Protection, https://fixmo.com/products/safezone, 2014.
[34] Divide Webpage, https://www.divide.com/, 2014.
Keywords
Android, MOSES, Privacy, Context based security model.
