Semantically rich application-centric security in Android

Machigar Ongtang, Stephen Mclaughlin, William Enck, Patrick Drew McDaniel

Research output: Contribution to journalArticle

89 Scopus citations

Abstract

Smartphones are now ubiquitous. However, the security requirements of these relatively new systems and the applications they support are still being understood. As a result, the security infrastructure available in current smartphone operating systems is largely underdeveloped. In this paper, we consider the security requirements of smartphone applications and augment the existing Android operating system with a framework to meet them. We present Secure Application INTeraction (Saint), a modified infrastructure that governs install-time permission assignment and their run-time use as dictated by application provider policy. An in-depth description of the semantics of application policy is presented. The architecture and technical detail of Saint are given, and areas for extension, optimization, and improvement are explored. We demonstrate through a concrete example and study of real-world applications that Saint provides necessary utility for applications to assert and control the security decisions on the platform.

Original languageEnglish (US)
Pages (from-to)658-673
Number of pages16
JournalSecurity and Communication Networks
Volume5
Issue number6
DOIs
StatePublished - Jan 1 2012

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Semantically rich application-centric security in Android'. Together they form a unique fingerprint.

  • Cite this