SemaDroid: A privacy-aware sensor management framework for smartphones

Zhi Xu, Sencun Zhu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

25 Citations (Scopus)

Abstract

While mobile sensing applications are booming, the sensor man- agement mechanisms in current smartphone operating systems are left behind - they are incomprehensive and coarse-grained, expos- ing a huge attack surface for malicious or aggressive third party apps to steal user's private information through mobile sensors. In this paper, we propose a privacy-aware sensor management framework, called SemaDroid, which extends the existing sensor management framework on Android to provide comprehensive and fine-grained access control over onboard sensors. SemaDroid al- lows the user to monitor the sensor usage of installed apps, and to control the disclosure of sensing information while not affect- ing the app's usability. Furthermore, SemaDroid supports context- aware and quality-of-sensing based access control policies. The en- forcement and update of the policies are in real-time. Detailed de- sign and implementation of SemaDroid on Android are presented to show that SemaDroid works compatible with the existing An- droid security framework. Demonstrations are also given to show the capability of SemaDroid on sensor management and on defeat- ing emerging sensor-based attacks. Finally, we show the high effi- ciency and security of SemaDroid.

Original languageEnglish (US)
Title of host publicationCODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery, Inc
Pages61-72
Number of pages12
ISBN (Electronic)9781450331913
DOIs
StatePublished - Mar 2 2015
Event5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015 - San Antonio, United States
Duration: Mar 2 2015Mar 4 2015

Publication series

NameCODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

Other

Other5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015
CountryUnited States
CitySan Antonio
Period3/2/153/4/15

Fingerprint

Smartphones
Sensors
Application programs
Access control
Demonstrations

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Software
  • Computer Science Applications

Cite this

Xu, Z., & Zhu, S. (2015). SemaDroid: A privacy-aware sensor management framework for smartphones. In CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (pp. 61-72). (CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy). Association for Computing Machinery, Inc. https://doi.org/10.1145/2699026.2699114
Xu, Zhi ; Zhu, Sencun. / SemaDroid : A privacy-aware sensor management framework for smartphones. CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2015. pp. 61-72 (CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy).
@inproceedings{1f7c4a7104434f9f942a4b91a22fe6ab,
title = "SemaDroid: A privacy-aware sensor management framework for smartphones",
abstract = "While mobile sensing applications are booming, the sensor man- agement mechanisms in current smartphone operating systems are left behind - they are incomprehensive and coarse-grained, expos- ing a huge attack surface for malicious or aggressive third party apps to steal user's private information through mobile sensors. In this paper, we propose a privacy-aware sensor management framework, called SemaDroid, which extends the existing sensor management framework on Android to provide comprehensive and fine-grained access control over onboard sensors. SemaDroid al- lows the user to monitor the sensor usage of installed apps, and to control the disclosure of sensing information while not affect- ing the app's usability. Furthermore, SemaDroid supports context- aware and quality-of-sensing based access control policies. The en- forcement and update of the policies are in real-time. Detailed de- sign and implementation of SemaDroid on Android are presented to show that SemaDroid works compatible with the existing An- droid security framework. Demonstrations are also given to show the capability of SemaDroid on sensor management and on defeat- ing emerging sensor-based attacks. Finally, we show the high effi- ciency and security of SemaDroid.",
author = "Zhi Xu and Sencun Zhu",
year = "2015",
month = "3",
day = "2",
doi = "10.1145/2699026.2699114",
language = "English (US)",
series = "CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy",
publisher = "Association for Computing Machinery, Inc",
pages = "61--72",
booktitle = "CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy",

}

Xu, Z & Zhu, S 2015, SemaDroid: A privacy-aware sensor management framework for smartphones. in CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, Association for Computing Machinery, Inc, pp. 61-72, 5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015, San Antonio, United States, 3/2/15. https://doi.org/10.1145/2699026.2699114

SemaDroid : A privacy-aware sensor management framework for smartphones. / Xu, Zhi; Zhu, Sencun.

CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2015. p. 61-72 (CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - SemaDroid

T2 - A privacy-aware sensor management framework for smartphones

AU - Xu, Zhi

AU - Zhu, Sencun

PY - 2015/3/2

Y1 - 2015/3/2

N2 - While mobile sensing applications are booming, the sensor man- agement mechanisms in current smartphone operating systems are left behind - they are incomprehensive and coarse-grained, expos- ing a huge attack surface for malicious or aggressive third party apps to steal user's private information through mobile sensors. In this paper, we propose a privacy-aware sensor management framework, called SemaDroid, which extends the existing sensor management framework on Android to provide comprehensive and fine-grained access control over onboard sensors. SemaDroid al- lows the user to monitor the sensor usage of installed apps, and to control the disclosure of sensing information while not affect- ing the app's usability. Furthermore, SemaDroid supports context- aware and quality-of-sensing based access control policies. The en- forcement and update of the policies are in real-time. Detailed de- sign and implementation of SemaDroid on Android are presented to show that SemaDroid works compatible with the existing An- droid security framework. Demonstrations are also given to show the capability of SemaDroid on sensor management and on defeat- ing emerging sensor-based attacks. Finally, we show the high effi- ciency and security of SemaDroid.

AB - While mobile sensing applications are booming, the sensor man- agement mechanisms in current smartphone operating systems are left behind - they are incomprehensive and coarse-grained, expos- ing a huge attack surface for malicious or aggressive third party apps to steal user's private information through mobile sensors. In this paper, we propose a privacy-aware sensor management framework, called SemaDroid, which extends the existing sensor management framework on Android to provide comprehensive and fine-grained access control over onboard sensors. SemaDroid al- lows the user to monitor the sensor usage of installed apps, and to control the disclosure of sensing information while not affect- ing the app's usability. Furthermore, SemaDroid supports context- aware and quality-of-sensing based access control policies. The en- forcement and update of the policies are in real-time. Detailed de- sign and implementation of SemaDroid on Android are presented to show that SemaDroid works compatible with the existing An- droid security framework. Demonstrations are also given to show the capability of SemaDroid on sensor management and on defeat- ing emerging sensor-based attacks. Finally, we show the high effi- ciency and security of SemaDroid.

UR - http://www.scopus.com/inward/record.url?scp=84928103622&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84928103622&partnerID=8YFLogxK

U2 - 10.1145/2699026.2699114

DO - 10.1145/2699026.2699114

M3 - Conference contribution

AN - SCOPUS:84928103622

T3 - CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

SP - 61

EP - 72

BT - CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

PB - Association for Computing Machinery, Inc

ER -

Xu Z, Zhu S. SemaDroid: A privacy-aware sensor management framework for smartphones. In CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc. 2015. p. 61-72. (CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy). https://doi.org/10.1145/2699026.2699114