Abstract
This paper proposes a framework for regulating data sharing on Android mobile devices. In our approach, the user downloads a copy of the data on his Android device, then the framework controls the data usage by enforcing the usage control policies which have been embedded in the data itself by the data producer. The usage control policy is based on the Usage Control model, whose main feature is to allow the usage of the downloaded data as long as conditions specified in the policy are satisfied. The proposed framework secures the data access procedure relying on both the Android security mechanisms and the introduction of Trusted Platform Module functions. The paper details the proposed framework, presents some preliminary results from the prototype that has been developed, and discusses the security of the prototype.
This work was supported by the EU FP7 project Confidential and Compliant Clouds (CoCoCloud), GA #610853.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Transactions on Information and System Security 7, 128–174 (2004)
Morrow, B.: BYOD security challenges: control and protect your most sensitive data. Network Security 2012(12), 5–8 (2012)
Costa, G., Martinelli, F., Mori, P., Schaefer, C., Walter, T.: Runtime monitoring for next generation java me platform. Computers & Security 29, 74–87 (2010)
Aktug, I., Naliuka, K.: ConSpec: A formal language for policy specification. In: Proceedings of the First International Workshop on Run Time Enforcement for Mobile and Distributed Systems (REM 2007), ESORICS, pp. 107–109 (2007)
Jia, L., Aljuraidan, J., Fragkaki, E., Bauer, L., Stroucken, M., Fukushima, K., Kiyomoto, S., Miyake, Y.: Run-time enforcement of information-flow properties on android. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 775–792. Springer, Heidelberg (2013)
Conti, M., Crispo, B., Fernandes, E., Zhauniarovich, Y.: Crêpe: A system for enforcing fine-grained context-related policies on android. IEEE Transactions on Information Forensics and Security 7(5), 1426–1438 (2012)
Conti, M., Nguyen, V.T.N., Crispo, B.: CRePE: Context-related policy enforcement for android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 331–345. Springer, Heidelberg (2011)
Enck, W., Ongtang, M., McDaniel, P.: On Lightweight Mobile Phone Application Certification. In: ACM (ed.) 16th ACM conference on Computer and Communications Security (CCS 2009), pp. 235–254 (2009)
Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: An information flow tracking system for real-time privacy monitoring on smartphones. Commun. ACM 57(3), 99–106 (2014)
Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming information-stealing smartphone applications (on android). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 93–107. Springer, Heidelberg (2011)
Bugiel, S., Davi, L., Dmitrienko, A., Heuser, S., Sadeghi, A.R., Shastry, B.: Practical and Lightweight Domain Isolation on Android. In: ACM (ed.) ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2011), pp. 51–61 (2011)
Cerbo, F.D., Trabelsi, S., Steingruber, T., Dodero, G., Bezzi, M.: Sticky policies for mobile devices. In: The 18th ACM Symposium on Acces Control Model and Technologies (SACMAT 2013), pp. 257–260 (2013)
Trabelsi, S., Sendor, J., Reinicke, S.: Ppl: Primelife privacy policy engine. In: 2011 IEEE International Symposium on Policies for Distributed Systems and Networks, pp. 184–185. IEEE Computer Society (2011)
Colombo, M., Lazouski, A., Martinelli, F., Mori, P.: A proposal on enhancing XACML with continuous usage control features. In: Proceedings of CoreGRID ERCIM Working Group Workshop on Grids, P2P and Services Computing, pp. 133–146. Springer US (2010)
Trusted Computing Group: Tpm 2.0 mobile reference architecture (draft) (April 2014)
Bente, I., Dreo, G., Hellmann, B., Heuser, S., Vieweg, J., von Helden, J., Westhuis, J.: Towards permission-based attestation for the android platform. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 108–115. Springer, Heidelberg (2011)
Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. ACM Transactions on Information and System Security 8(4), 351–387 (2005)
Zhang, X., Nakae, M., Covington, M.J., Sandhu, R.: Toward a usage-based security framework for collaborative computing systems. ACM Transactions on Information and System Security 11(11), 3:1–3:36 (2008)
Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: A survey. Computer Science Review 4(2), 81–99 (2010)
Lazouski, A., Mancini, G., Martinelli, F., Mori, P.: Architecture, worflows, and prototype for stateful data usage control in cloud. In: 2014 IEEE Security and Privacy Workshop, pp. 23–30. IEEE Computer Society (2014)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Lazouski, A., Martinelli, F., Mori, P., Saracino, A. (2014). Stateful Usage Control for Android Mobile Devices. In: Mauw, S., Jensen, C.D. (eds) Security and Trust Management. STM 2014. Lecture Notes in Computer Science, vol 8743. Springer, Cham. https://doi.org/10.1007/978-3-319-11851-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-11851-2_7
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11850-5
Online ISBN: 978-3-319-11851-2
eBook Packages: Computer ScienceComputer Science (R0)