2012 | OriginalPaper | Buchkapitel
Modeling and Enhancing Android’s Permission System
verfasst von : Elli Fragkaki, Lujo Bauer, Limin Jia, David Swasey
Erschienen in: Computer Security – ESORICS 2012
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Several works have recently shown that Android’s security architecture cannot prevent many undesired behaviors that compromise the integrity of applications and the privacy of their data. This paper makes two main contributions to the body of research on Android security: first, it develops a formal framework for analyzing Android-style security mechanisms; and, second, it describes the design and implementation of
Sorbet
, an enforcement system that enables developers to use permissions to specify secrecy and integrity policies. Our formal framework is composed of an abstract model with several specific instantiations. The model enables us to formally define some desired security properties, which we can prove hold on
Sorbet
but not on Android. We implement
Sorbet
on top of Android 2.3.7, test it on a Nexus S phone, and demonstrate its usefulness through a case study.