Towards a multilayered permission-based access control for extending Android security

摘要

This paper discusses security issues on the user equipment, which is the “last mile” of socialrnnetworks. One of the main Achilles' heel of social networks is not the organization of networksrnthemselves, but the user devices, typically Android ones. The existing system of privilegesrnmakes it easy to infiltrate the network via applications installed on users' devices. Conventionalrnsignature-based and static analysis methods are vulnerable. Access to privacy- andrnsecurity-relevant parts of the application programming interface is controlled by the correspondingrnpermission in a manifest file.While requesting access to permissions, it may offer opportunitiesrnto malicious codes, which will cause security issues. Few works among permission analysis,rnhowever, pay attention to the prevention of permission leakage on both hardware and softwarernframeworks. In this paperwe tackle the challenge of providing our multilayered permission-basedrnsecurity extension scheme on Android platforms.We propose a usage and access control modelrnand an effective method of preventing permission leakage based on ARM TrustZone securityrnextension mechanism. In contrast to previous work, the proposed security architecture provides arnpermission-based mandatory access control on Androidmiddleware, Linux kernel, and hardwarernlayers.The evaluation results demonstrate the effectiveness of the proposed scheme in mitigatingrnpermission leakage vulnerabilities.