Semantically rich application-centric security in android

Machigar Ongtang, Stephen McLaughlin, William Enck, Patrick Drew McDaniel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

240 Scopus citations

Abstract

Smartphones are now ubiquitous. However, the security requirements of these relatively new systems and the applications they support are still being understood. As a result, the security infrastructure available in current smartphone operating systems is largely underdeveloped. In this paper, we consider the security requirements of smartphone applications and augment the existing Android operating system with a framework to meet them. We present Secure Application INTeraction (Saint), a modi ed infrastructure that governs install-time permission assignment and their run-time use as dictated by application provider policy. An in-depth description of the semantics of application policy is presented. The architecture and technical detail of Saint is given, and areas for extension, optimization, and improvement explored. As we show through concrete example, Saint provides necessary utility for applications to assert and control the security decisions on the platform.

Original languageEnglish (US)
Title of host publication25th Annual Computer Conference Security Applications, ACSAC 2009
Pages340-349
Number of pages10
DOIs
StatePublished - Dec 1 2009
Event25th Annual Computer Conference Security Applications, ACSAC 2009 - Honolulu, HI, United States
Duration: Dec 7 2009Dec 11 2009

Publication series

NameProceedings - Annual Computer Security Applications Conference, ACSAC
ISSN (Print)1063-9527

Other

Other25th Annual Computer Conference Security Applications, ACSAC 2009
CountryUnited States
CityHonolulu, HI
Period12/7/0912/11/09

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Semantically rich application-centric security in android'. Together they form a unique fingerprint.

  • Cite this

    Ongtang, M., McLaughlin, S., Enck, W., & McDaniel, P. D. (2009). Semantically rich application-centric security in android. In 25th Annual Computer Conference Security Applications, ACSAC 2009 (pp. 340-349). [5380692] (Proceedings - Annual Computer Security Applications Conference, ACSAC). https://doi.org/10.1109/ACSAC.2009.39