Date of Award
Dr. Vassil Roussev
Dr. Golden Richard III
Dr. Christopher Summa
Dr. Irfan Ahmed
Mobile computing devices have become an essential part of everyday life and are becoming the primary means for collecting and storing sensitive personal and corporate data. Android is, by far, the dominant mobile platform, which makes its permissions model responsible for securing the vast majority of this sensitive data.
The current model falls well short of actual user needs, as permission assignments are made statically at installation time. Therefore, it is impossible to implement dynamic security policies that could be applied selectively depending on context. Users are forced to unconditionally trust installed apps without means to isolate them from sensitive data.
We describe a new approach, app sanitization, which automatically instruments apps at installation time, such that users can dynamically grant and revoke individual permissions. The main advantage of our technique is that it runs in userspace and utilizes standard aspect-oriented methods to incorporate custom security controls into the app.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 License.
Stelly, Christopher D., "Dynamic User Defined Permissions for Android Devices" (2013). University of New Orleans Theses and Dissertations. 1775.