Change search
ReferencesLink to record
Permanent link

Direct link
An extension to the Android access control framework
RISE, Swedish ICT, SICS. Department of Computer and Information Science.
Number of Authors: 1
2011 (English)Independent thesis Advanced level (degree of Master (Two Years))Student thesis
Abstract [en]

Several nice hardware functionalities located at the low level of operating system on mobile phones could be utilized in a better way if they are available to application developers. With their help, developers are able to bring overall user experience to a new level in terms of developing novel applications. For instance, one of those hardware functionalities, SIM-card authentication is able to offer stronger and more convenient way of authentication when compared to the traditional approach. Replacing the username-password combination with the SIM-card authentication, users are freed from memorizing passwords. However, since normally those kinds of functionalities are locked up at the low level, they are only accessible by a few users who have been given privileged access rights. To let the normal applications be benefiting as well, they need to be made accessible at the application level. On the one hand, as we see the benefit it will bring to us, there is a clear intention to open it up, however, on the other hand, there is also a limitation resulting from their security-critical nature that needs to be placed when accessing which is restricting the access to trusted third parties. Our investigation is based on the Android platform. The problem that we have discovered is the existing security mechanism in Android is not able to satisfy every regards of requirements we mentioned above when exposing SIM-card authentication functionality. Hence, our requirement on enhancing the access control model of Android comes naturally. In order to better suit the needs, we proposed a solution White lists & Domains (WITDOM) to improve its current situation in the thesis. The proposed solution is an extension to the existing access control model in Android that allows alternative ways to specify access controls therefore complementing the existing Android security mechanisms. We have both designed and implemented the solution and the result shows that with the service that we provided, critical functionalities, such as APIs for the low-level hardware functionality can retain the same level of protection however in the meanwhile, with more flexible protection mechanism.

Place, publisher, year, edition, pages
2011, 10. , 58 p.
Keyword [en]
Android, access controls, security
National Category
Computer and Information Science
Identifiers
URN: urn:nbn:se:ri:diva-23892OAI: oai:DiVA.org:ri-23892DiVA: diva2:1042970
Projects
Social Wireless Network Secure Identification
Available from: 2016-10-31 Created: 2016-10-31

Open Access in DiVA

fulltext(3911 kB)2 downloads
File information
File name FULLTEXT01.pdfFile size 3911 kBChecksum SHA-512
0883e933ec82884b90b8cdcbc70820de28aae743c05d9384ef7c7ffe7dd64f41bda8148886a86c1bdc498937b0049260b1794d8c1923b0051ddc0af65e4de375
Type fulltextMimetype application/pdf

By organisation
SICS
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 2 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

ReferencesLink to record
Permanent link

Direct link