An effective access control scheme for preventing permission leak in Android

Longfei Wu, Xiaojiang Du, Hongli Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

13 Scopus citations

Abstract

In the Android system, each application runs in its own sandbox, and the permission mechanism is used to enforce access control to the system APIs and applications. However, permission leak could happen when an application without certain permission illegally gain access to protected resources through other privileged applications. We propose SPAC, a component-level system permission based access control scheme that can help developers better secure the public components of their applications. In the SPAC scheme, obscure custom permissions are replaced by explicit system permissions. We extend current permission checking mechanism so that multiple permissions are supported on component level. SPAC has been implemented on a Nexus 4 smartphone, and our evaluation demonstrates its effectiveness in mitigating permission leak vulnerabilities.

Original languageEnglish
Title of host publication2015 International Conference on Computing, Networking and Communications, ICNC 2015
Pages57-61
Number of pages5
ISBN (Electronic)9781479969593
DOIs
StatePublished - 26 Mar 2015
Event2015 International Conference on Computing, Networking and Communications, ICNC 2015 - Garden Grove, United States
Duration: 16 Feb 201519 Feb 2015

Publication series

Name2015 International Conference on Computing, Networking and Communications, ICNC 2015

Conference

Conference2015 International Conference on Computing, Networking and Communications, ICNC 2015
Country/TerritoryUnited States
CityGarden Grove
Period16/02/1519/02/15

Keywords

  • Permission leak
  • access control
  • smartphone security

Fingerprint

Dive into the research topics of 'An effective access control scheme for preventing permission leak in Android'. Together they form a unique fingerprint.

Cite this