Abstract
As mobile devices tend to become more and more essential part of everyday life the significance of security of applications designed for the use on such devices is constantly growing. Most of the mobile platform providers assure sophisticated security mechanisms which aim to prevent threatening applications to be published as well as they make certain security features available to use. Nevertheless, the design and implementation of these features leaves a vast area where potential enhancements can be brought to life and mistakes avoided. In order to address this field of mobile application development MABAC, an access control model was introduced which aims to characterize the access control flow specific for mobile systems. The paper describes the crucial processes connected with the MABAC model and brings closer the details of the control flow in the mobile application designed according to the rules of the model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Porter Felt A., Finifter M., Chin E., Hanna S., Wagner D.: A survey of mobile malware in the wild. In: Proceedings of 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 3–14 (2011)
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: Proceedings of 33rd IEEE Symposium on Security and Privacy (2012)
Michalska, A., Poniszewska-Maranda, A.: Security risks and their prevention capabilities in mobile application development. Inf. Syst. Manage. 4(2), 123–134 (2015)
Apple, iOS Security. http://images.apple.com/ipad/business/docs/iOS_Security_Feb14.pdf (2014)
Benedict, C.: Under the Hood: Reversing Android Applications (2001). Infosec Institute (2012)
Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A Study of android application security. In: Proceedings of 20th USENIX Security Symposium (2011)
Souppaya M. P., Scarfone K. A.: Guidelines for Managing the Security of Mobile Devices in the Enterprise. NIST (2013)
Fitzgerald, W.M., Neville, U., Foley, S.N.: MASON: mobile autonomic security for network access controls. Inf. Secur. Appl. 18(1), 14–29 (2013)
Michalska, A., Poniszewska-Maranda, A.: Secure development model for mobile applications. Bull. Polish Acad. Sci. Tech. Sci. 64(3), 495–503 (2016)
Poniszewska-Maranda, A., Majchrzycka, A.: Access control approach in development of mobile applications. In: Younas, M., et al. (eds.) Mobile Web and Intelligent Information Systems, LNCS 9847, pp. 149–162 (2016)
Ferraiolo, D., Sandhu, R.S., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST Role-Based Access Control. ACM TISSEC (2001)
Ahn, G.-J., Sandhu, R.S.: Role-based authorization constraints specification. ACM Trans. Inf. Syst. Secur. (2000)
Alhamed, M., Amir, K., Omari, M., Le, W.: Comparing privacy control methods for smartphone platforms. Eng. Mobile-Enabled Syst. (2013)
Castaro S., Fugini M., Martella G., Samarati P.: Database Security. Addison-Wesley (1994)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)
Bertino E., Bettini C., Samarati P.: Temporal access control mechanism for database systems. IEEE Trans. Knowl. Data Eng. 8 (1996)
Bertino, E., Bonatti, P., Ferrari, E.: A temporal role-based access control model. ACM Trans. Inf. Syst. Secur. 4(3), 191–233 (2001)
Gal, V., Atluri, V.: An authorization model for temporal data. ACM Trans. Inf. Syst. Secur. 5(1) (2002)
James, B., Joshi, E., Bertino, U., Latif, A., Ghafoo, A.: A generalized temporal role-based access control model. IEEE Trans. Knowl. Eng. 17(1), 4–23 (2005)
Park, J., Sandhu, R.S.: The UCONABC usage control model. ACM Trans. Inf. Syst. Security 7(1), 128–174 (2004)
Poniszewska-Maranda, A.: Modeling and design of role engineering in development of access control for dynamic information systems. Bull. Polish Acad. Sci. Tech. Sci. 61(3), 569–580 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Majchrzycka, A., Poniszewska-Maranda, A. (2018). Control Operation Flow for Mobile Access Control with the Use of MABAC Model. In: Kosiuczenko, P., Madeyski, L. (eds) Towards a Synergistic Combination of Research and Practice in Software Engineering. Studies in Computational Intelligence, vol 733. Springer, Cham. https://doi.org/10.1007/978-3-319-65208-5_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-65208-5_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-65207-8
Online ISBN: 978-3-319-65208-5
eBook Packages: EngineeringEngineering (R0)