Dynamic Security Policy Enforcement on Android

Dynamic Security Policy Enforcement on Android

WoS Article

This work presents the system for dynamic enforcement of access rights on Android.Each application will be repackaged by this system, so that the access to selected privatedata is restricted for the outer world. The system intercepts the system calls usingAurasium framework and adds an innovative approach of tracking the information flowsfrom the privacy-sensitive sources using tainting mechanism without need ofadministrator rights. There has been designed file-level and data-level taint propagationand policy enforcement based on Android binder. 

This work presents the system for dynamic enforcement of access rights on Android.Each application will be repackaged by this system, so that the access to selected privatedata is restricted for the outer world. The system intercepts the system calls usingAurasium framework and adds an innovative approach of tracking the information flowsfrom the privacy-sensitive sources using tainting mechanism without need ofadministrator rights. There has been designed file-level and data-level taint propagationand policy enforcement based on Android binder. 

private data, Aurasium framework, operating system, system call, binderdriver, Android security, policy enforcement, security policy 

private data, Aurasium framework, operating system, system call, binderdriver, Android security, policy enforcement, security policy 

VANČO, M.; ARON, L.

2017

04.10.2016

Daejeon

International Journal of Security and Its Applications

1738-9976

International Journal of Security and Its Applications

2016

10

Republic of Korea

141

148

8

http://www.sersc.org/journals/IJSIA/vol10_no9_2016/15.pdf