Abstract
We present the conceptual system design of self-aware access control system that enhance the security of Android platform. The objective of the self-awareness is to achieve optimal security through learning of application behaviors and then optimizing the access control policies accordingly. The self-configure, learn and optimize components of the self-aware agent are responsible for the autonomy of itself and the access control system. The cooperation of self-aware access control system with Android’s permission model and user subsystem leads to better understanding of application activities and recognition of dynamic threat patterns. The access control system is customized to perform the monitoring tasks for the learning process. The mobile device activities are classified and two different context approaches, environment and attribute, are employed to achieve finer granular and diversified policies. The access control system is designed to enforce static and dynamic restriction on request calls to secure protected and open resources. The presented design is a preliminary abstraction that allows to realize self-aware access control system in Android.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ericsson: Ericsson Mobility Report, November 2016. https://www.ericsson.com/assets/local/mobility-report/documents/2016/ericsson-mobility-report-november-2016.pdf
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R.: XManDroid: a new android evolution to mitigate privilege escalation attacks. Technical report TR-2011-04, Technische Universität Darmstadt (2011)
Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 1–29 (2014). Article No.5
Heuser, S., Nadkarni, A., Enck, W., Sadeghi, A.-R.: ASM: a programmable interface for extending android security. In: Proceedings of 23rd USENIX Security Symposium (2014)
Wang, X., Sun, K., Wang, Y., Jing, J.: DeepDroid: dynamically enforcing enterprise policy on android devices. In: Proceedings of 22nd Annual Network and Distributed System Security Symposium, NDSS 2015. The Internet Society (2015)
Conti, M., Crispo, B., Fernandes, E., Zhauniarovich, Y.: CRêPE: a system for enforcing fine-grained context-related policies on android. IEEE Trans. Inf. Forensics Secur. 7(5), 1426–1438 (2012)
Nieminen, J., Savolainen, T., Isomaki, M., Patil, B., Shelby, Z., Gomez, C.: RFC 7668 - IPv6 over BLUETOOTH® low energy. In: IETF (2015)
Wang, H., Xi, M., Liu, J., Chen, C.: Transmitting IPv6 packets over Bluetooth low energy based on BlueZ. In: 2013 15th International Conference on Advanced Communications Technology (ICACT), PyeongChang, pp. 72–77 (2013)
Andersen, M.P., Fierro, G., Culler, D.E.: System design for a synergistic, low power Mote/BLE embedded platform. In: 2016 15th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN), Vienna, pp. 1–12 (2016)
Angelopoulos, C.M., Evangelatos, O., Nikoletseas, S., Raptis, T.P., Rolim, J.D.P., Veroutis, K.: A user-enabled testbed architecture with mobile crowdsensing support for smart, green buildings. In: 2015 IEEE International Conference on Communications (ICC), London, pp. 573–578 (2015)
Zhao, D., Ma, H., Liu, L.: Frugal online incentive mechanisms for mobile crowd sensing. IEEE Trans. Veh. Technol. 64(4), 3319–3330 (2017)
Shu, L., Chen, Y., Huo, Z., Bergmann, N., Wang L.: When mobile crowd sensing meets traditional industry. IEEE Access (2017)
Han, J., Owusu, E., Nguyen, L.T., Perrig, A., Zhang, J.: Accomplice: location inference using accelerometers on smartphones. In: 2012 Fourth International Conference on Communication Systems and Networks (COMSNETS), pp. 1–9. IEEE (2012)
Narain, S., Vo-Huu, T.D., Block, K., Noubir, G.: Inferring user routes and locations using zero-permission mobile sensors. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 397–413. IEEE (2016)
Nawaz, S., Mascolo, C.: Mining users’ significant driving routes with low-power sensors. In: 2014 Proceedings of the 12th ACM Conference on Embedded Network Sensor Systems, pp. 236–250. ACM (2014)
Zhou, X., Demetriou, S., He, D., Naveed, M., Pan, X., Wang, X., Gunter, C.A., Nahrstedt, K.: Identity, location, disease and more: inferring your secrets from android public resources. In: 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 1017–1028. ACM (2013)
Wang, A., Chen, G., Yang, J., Zhao, S., Chang, C.-Y.: A comparative study on human activity recognition using inertial sensors in a smartphone. IEEE Sens. J. 16(11), 4566–4578 (2016)
Kwapisz, J.R., Weiss, G.M., Moore, S.A.: Activity recognition using cell phone accelerometers. ACM SigKDD Explor. Newsl. 12(2), 74–82 (2011)
Xu, Z., Bai, K., Zhu, S.: TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 2012, pp. 113–124. ACM (2012)
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 95–109. IEEE (2012)
Sarma, B.P., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Android permissions: a perspective combining risks and benefits. In: Proceedings of the 17th ACM symposium on Access Control Models and Technologies, pp. 13–22. ACM (2012)
Android Developers: Requesting permissions - Android Developers. http://developer.android.com/reference/android/Manifest.permission.html
Android Developers: Android developers-mainfest.permission. https://developer.android.com/guide/topics/permissions/requesting.html
Android Developers: Permission - Android Developers. https://developer.android.com/guide/topics/manifest/permission-element.html
Google Developers: The Google maps Geolocation API – Google Developers. https://developers.google.com/maps/documentation/geolocation/intro
Android Developers: Context - Android Developers. https://developer.android.com/reference/android/content/Context.html
Android Developers: Activity|Android Developers. https://developer.android.com/reference/android/app/Activity.html
Guang, L., Nigussie, E., Rantala, P., Isoaho, J., Tenhunen, H.: Hierarchical agent monitoring design approach towards self-aware parallel systems-on-chip. ACM Trans. Embed. Comput. Syst. (TECS) 9(2), 1–26 (2010)
Isoaho, J., Virtanen, S., Tenhunen, H.: Current challenges in embedded communication systems. In: Innovations in Embedded and Real-Time Systems Engineering for Communication, pp. 1–21. IGI Global (2012)
Weyns, D., Malek, S., Andersson, J.: FORMS: unifying reference model for formal specification of distributed self-adaptive systems. ACM Trans. Autonom. Adapt. Syst. 7(1), 61 p. (2012). Article 8
Chiti, F., Fantacci, R., Loreti, M., Pugliese, R.: Context-aware wireless mobile autonomic computing and communications: research trends and emerging applications. IEEE Wirel. Commun. 23(2), 86–92 (2016)
Covington, M.J., Moyer, M.J., Ahamad, M.: Generalized role-based access control for securing future applications (2000)
Wang, L., Wijesekera, D., Jajodia, S.: A logic-based framework for attribute based access control. In: Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, FMSE 2004, pp. 45–55. ACM (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Thanigaivelan, N.K., Nigussie, E., Virtanen, S., Isoaho, J. (2018). Self-aware Access Control System for Android. In: Barolli, L., Enokido, T. (eds) Innovative Mobile and Internet Services in Ubiquitous Computing . IMIS 2017. Advances in Intelligent Systems and Computing, vol 612. Springer, Cham. https://doi.org/10.1007/978-3-319-61542-4_42
Download citation
DOI: https://doi.org/10.1007/978-3-319-61542-4_42
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-61541-7
Online ISBN: 978-3-319-61542-4
eBook Packages: EngineeringEngineering (R0)