Enforcing Multiple Security Policies for Android System - Embedded.com

Enforcing Multiple Security Policies for Android System

As an open source operating system and associated software stack for smartphones, Google’s Android gains increasing popularity recent years. Mcafee’s report showed that Android is being targeted by hackers more than any other platform.

Android accounts for nearly all mobile malware and more than 14,000 threats have been discovered in the first three months of 2013 alone. Mobile malware is expected to increase in 2013, with some calling it “the year of mobile malware” for Android users. Targeted marwares that steal personal information and make malicious chargeback made up a majority of these attacks.

Android security depends heavily on discretionary access control(DAC) protection for Linux file system and Java APIs permissions check in Android framework layer. DAC can be easily compromised by malwares.

Android uses its permission model to protect sensitive resources and functions. However, it has the following shortcomings: there is no way of granting some permissions and denying others[4]; the permission assignment can only happen during the installation of applications; the permissions cannot be changed or restricted after installation. Moreover, malwares can exploit the vulnerabilities of Android system or call Linux APIs to bypass Android’s permissions checking.

To address these problems, we propose an security framework for Android which consists of both mandatory access control (MAC) in the kernel layer and role-based access control (RBAC) in the framework layer.

It allows users to define their own security policy and provides fine-grained access control to (untrusted) applications. MAC mechanism allows administrators enforcing fine-grained access control to confine applications or process to a tight environment in which they can perform only specific actions according the security policy. Thus, untrusted applications are limited and cannot damage the system.

This security framework for Android includes of both mandatory access control in the kernel layer and role-based access control in the framework layer. It allows users to define their own security policy and provides fine-grained access control to (untrusted) applications.

We implemented a prototype system MPdroid for Android 4.0 platform. Experiments show that we can apply this solution to really help users control applications, block malicious software without significant performance overhead.

To read more of this external content, download the complete paper from the author archives at Atlantis. 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.