Role-based Privilege Isolation: A Novel Authorization Model for Android Smart Devices

摘要

Data ex-filtration is a major security concern in smart devices as they often store private and confidential data. Data ex-filtration can potentially lead to identity theft, financial and non-financial risks, and reputation damage for individuals and organizations. In Android smart devices, sandbox mechanism is not flexible enough to allow an application, such as webbrowser, to protect its own data against attacks such as cross-site request forgery, session or cookie hijacking that exploit application or platform vulnerabilities. These attacks in turn can lead to severe sensitive, private and confidential data ex-filtration. In this paper, we propose a novel authorization model for Android smart devices called Role Based Privilege Isolation (RBPI) which intends to mitigate data ex-filtration. This model achieves fine-grained privilege separation by creating roles based on application usage categories. By using roles, different instances of an application can be made to run with different data access privileges. Thus, the model protects sensitive data even in case where other instances of the same application are compromised. RBPI acts as an additional data security layer on top of the existing Android's security model without any performance overhead. Our proposed model is also applicable on any end-user computing system.