A trusted ecosystem for Android applications based on context-aware access control
Data(s) |
01/10/2012
|
---|---|
Resumo |
Private data stored on smartphones is a precious target for malware attacks. A constantly changing environment, e.g. switching network connections, can cause unpredictable threats, and require an adaptive approach to access control. Context-based access control is using dynamic environmental information, including it into access decisions. We propose an "ecosystem-in-an-ecosystem" which acts as a secure container for trusted software aiming at enterprise scenarios where users are allowed to use private devices. We have implemented a proof-of-concept prototype for an access control framework that processes changes to low-level sensors and semantically enriches them, adapting access control policies to the current context. This allows the user or the administrator to maintain fine-grained control over resource usage by compliant applications. Hence, resources local to the trusted container remain under control of the enterprise policy. Our results show that context-based access control can be done on smartphones without major performance impact. |
Identificador | |
Publicador |
IEEE Conference Publications |
Relação |
DOI:10.1109/MALWARE.2012.6461011 Herpich, Markus, Batyuk, Leonid, Camtepe, Seyit A., & Albayrak, Sahin (2012) A trusted ecosystem for Android applications based on context-aware access control. In Proceedings of the 7th International Conference on Malicious and Unwanted Software (MALWARE 2012), IEEE Conference Publications, Fajardo, Puerto Rico, USA, pp. 73-78. |
Direitos |
Copyright 2012 IEEE |
Fonte |
School of Electrical Engineering & Computer Science; Information Security Institute; Science & Engineering Faculty |
Palavras-Chave | #080303 Computer System Security #authorisation #smart phones #trusted computing #context-aware access control #fine-grained control #malware attacks #trusted ecosystem |
Tipo |
Conference Paper |