The Community for Technology Leaders
Green Image
Issue No. 04 - July-Aug. (2017 vol. 14)
ISSN: 1545-5971
pp: 350-362
Daibin Wang , Services Computing Technology and System Lab, Cluster and Grid Computing Lab, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, China
Haixia Yao , School of Information Systems, Singapore Management University, Singapore
Yingjiu Li , School of Information Systems, Singapore Management University, Singapore
Hai Jin , Services Computing Technology and System Lab, Cluster and Grid Computing Lab, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, China
Deqing Zou , Services Computing Technology and System Lab, Cluster and Grid Computing Lab, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, China
Robert H. Deng , School of Information Systems, Singapore Management University, Singapore
ABSTRACT
Android’s permission system offers an all-or-nothing choice when installing an app. To make it more flexible and fine-grained, users may choose a popular app tool, called permission manager, to selectively grant or revoke an app’s permissions at runtime. A fundamental requirement for such permission manager is that the granted or revoked permissions should be enforced faithfully. However, we discover that none of existing permission managers meet this requirement due to permission leaks, in which an unprivileged app can exercise certain permissions which are revoked or not-granted through communicating with a privileged app.To address this problem, we propose a secure, usable, and transparent OS-level middleware for any permission manager to defend against the permission leaks. The middleware is provably secure in a sense that it can effectively block all possible permission leaks.The middleware is designed to have a minimal impact on the usability of running apps. In addition, the middleware is transparent to users and app developers and it requires minor modifications on permission managers and Android OS. Finally, our evaluation shows that the middleware incurs relatively low performance overhead and power consumption.
INDEX TERMS
Androids, Humanoid robots, Middleware, Smart phones, Runtime, Read only memory, Power line communications
CITATION

D. Wang, H. Yao, Y. Li, H. Jin, D. Zou and R. H. Deng, "A Secure, Usable, and Transparent Middleware for Permission Managers on Android," in IEEE Transactions on Dependable and Secure Computing, vol. 14, no. 4, pp. 350-362, 2017.
doi:10.1109/TDSC.2015.2479613
177 ms
(Ver 3.3 (11022016))