文章基本信息

标题：Fine-grained access control method for private data in android system
本地全文：下载
作者：Gang Liu ; Guofang Zhang ; Quan Wang 等
期刊名称：International Journal of Distributed Sensor Networks
印刷版ISSN：1550-1329
电子版ISSN：1550-1477
出版年度：2019
卷号：15
期号：3
页码：1
DOI：10.1177/1550147719840232
出版社：Hindawi Publishing Corporation
摘要：In Android systems, sensitive information associated with system permission is exposed to the application completely once it gains the permission. To solve this problem, this article presents a fine-grained access control framework for sensitive information based on eXtensible Access Control Markup Language data flow model. In this framework, a user can define access policies for each application and resource and the application’s access request to sensitive information is evaluated by these policies. Therefore, all access requests must comply with the security policy irrespective of whether they have gained the permission associated with the information. This helps to protect sensitive data outside the Android permission mechanism. In order to facilitate users to manage policies, the proposed framework implements automatic policy generation and policy conflict detection functions. The framework is implemented in TaintDroid and experiments indicate that the improvement is effective in achieving fine-grained access control to sensitive information and does not adversely affect the system overhead costs.
关键词：Permission mechanism; security policy; Android; fine-grained access control; policy conflict detection