Abstract
Bring-your-own-device (BYOD) is getting popular. Diverse personal devices are used to access enterprise resources, and deployment of the solutions with customized operating system (OS) dependency will thus be restricted. Moreover, device utilization for both business and personal purposes creates new threats involving leakage of sensitive data. As for functionalities, a BYOD solution should isolate an arbitrary number of entities, such as those relating to business and personal uses and provide fine-grained access control on multi-entity management. Existing BYOD solutions lack in these aspects; we propose a system, called AppShield, which supports multi-entity management and role-based access control with file-level granularity, apart from local data sharing/isolation. AppShield includes (1) application rewriting framework for Android apps, which builds Mobile Application Management (MAM) features into app automatically with complete mediation, (2) cross-platform proxy-based data access mechanism, which can enforce arbitrary access control policies. The fully functional controller with data proxy is implemented for both Android and iOS. AppShield allows for enterprise policy management without modifying device OS. The evaluation shows that AppShield is successful at policy enforcement and is reliable. It induces little impact on application’s performance and size, for example, our app rewriting introduces less than 5% code size increment in over 95% apps in our evaluation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Predictions: The year of BYOD management (2016). http://www.rcrwireless.com/20160129/opinion/2016-predictions-the-year-of-byod-management-tag10
AirWatch: Enterprise Mobility Management. http://www.air-watch.com/
Android-apktool: A tool for reengineering Android apk files. http://code.google.com/p/android-apktool/
Android application class. http://developer.android.com/reference/android/app/Application.html
Android binary XML file parser. https://github.com/xgouchet/AXML
Android bionic. https://android.googlesource.com/platform/bionic/
Android content provider. http://developer.android.com/guide/topics/providers/content-providers.html
Android fragmentation report august 2014 - opensignal. http://opensignal.com/reports/2014/android-fragmentation/
Android manifest permission. http://developer.android.com/reference/android/Manifest.permission.html
Android Uri. http://developer.android.com/reference/android/net/Uri.html
Bring Android to Work. http://www.android.com/it/preview/
Citrix. https://www.citrix.com/
Good Technology. https://www1.good.com/
iOS Open-in management. http://searchmobilecomputing.techtarget.com/tip/Open-in-management-helps-secure-iOS-data
Mocana - Strong and Usable Security. https://www.mocana.com/
Significant iPhone and iPad malware threats will emerge (2015). http://www.ibtimes.co.uk/significant-iphone-ipad-malware-threats-will-emerge-2015-1490577
Smali: An assembler/disassembler for Android’s dex format. http://code.google.com/p/smali/
UI/Application exerciser Monkey. http://developer.android.com/tools/help/monkey.html
What You Need to Know About iOS Malware XcodeGhost. http://www.macrumors.com/2015/09/20/xcodeghost-chinese-malware-faq/
Arp, D., Spreitzenbarth, M., HĂĽbner, M., Gascon, H., Rieck, K., Siemens, C.: Drebin: effective and explainable detection of android malware in your pocket. In: Proceedings of NDSS (2014)
Backes, M., Bugiel, S., Hammer, C., Schranz, O., Von Styp-Rekowsky, P.: Boxify: Full-fledged app sandboxing for stock android. In: Proceedings USENIX Security (2015)
Barr, K., Bungale, P., Deasy, S., Gyuris, V., Hung, P., Newell, C., Tuch, H., Zoppis, B.: The VMware mobile virtualization platform: is that a hypervisor in your pocket? ACM SIGOPS Operating Syst. Rev. 44(4), 124–135 (2010)
Davis, B., Chen, H.: Retroskeleton: Retrofitting android apps. In: ACM MobiSys (2013)
Davis, B., Sanders, B., Khodaverdian, A., Chen, H.: I-ARM-Droid: a rewriting framework for in-app reference monitors for android applications. In: IEEE MoST (2012)
Enck, W., Gilbert, P., Chun, B., Cox, L., Jung, J., McDaniel, P., Sheth, A.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: USENIX OSDI (2010)
Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day android malware detection. In: ACM MobiSys (2012)
Heuser, S., Nadkarni, A., Enck, W., Sadeghi, A.-R.: ASM: a programmable interface for extending android security. In: Proceedings USENIX Security (2014)
Kodeswaran, P., Nandakumar, V., Kapoor, S., Kamaraju, P., Joshi, A., Mukherjea, S.: Securing enterprise data on smartphones using run time information flow control. In: IEEE MDM (2012)
Lange, M., Liebergeld, S., Lackorzynski, A., Warg, A., Peter, M.: L4Android: a generic operating system framework for secure smartphones. In: ACM SPSM (2011)
Lever, C., Antonakakis, M., Reaves, B., Traynor, P., Lee, W.: The core of the matter: Analyzing malicious traffic in cellular carriers. In: NDSS (2013)
Nadkarni, A., Enck, W.: Preventing accidental data disclosure in modern operating systems. In: ACM CCS (2013)
Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission model and enforcement with user-defined runtime constraints. In: ACM ASIACCS (2010)
Ongtang, M., Butler, K., McDaniel, P.: Porscha: policy oriented secure content handling in android. In: ACM ACSAC (2010)
Poeplau, S., Fratantonio, Y., Bianchi, A., Kruegel, C., Vigna, G.: Execute this! analyzing unsafe and malicious dynamic code loading in android applications. In: NDSS (2014)
Rastogi, V., Chen, Y., Jiang, X.: Droidchameleon: evaluating android anti-malware against transformation attacks. In: ACM ASIACCS (2013)
Rohrer, F., Feleke, N., Zhang, Y., Nimley, K., Chitkushev, L., Zlateva, T.: Android security analysis and protection in finance and healthcare. Comput. Sci. Educ. Comput. Sci. 8(1), 80–89 (2012). Boston University MET
Rohrer, F., Zhang, Y., Chitkushev, L., Zlateva, T.: DR BACA: dynamic role based access control for android. In: ACM ACSAC (2013)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Comput. 29(2), 38–47 (1996)
Smalley, S., Craig, R.: Security enhanced (SE) android: Bringing flexible MAC to android. In: NDSS (2013)
Vaidya, J., Atluri, V., Warner, J.: RoleMiner: mining roles using subset enumeration. In: ACM CCS (2006)
Xu, R., Saïdi, H., Anderson, R.: Aurasium: practical policy enforcement for android applications. In: USENIX Security Symposium, pp. 539–552 (2012)
Xu, Y., Witchel, E.: Maxoid: transparently confining mobile applications with custom views of state. In: ACM EuroSys (2015)
Zhao, Z., Osono, F.C.C.: Trustdroid: preventing the use of smartphones for information leaking in corporate networks through the used of static analysis taint tracking. In: IEEE MALWARE (2012)
Acknowledgments
We thank our reviewers for their valuable comments. This paper was made possible by the National Natural Science Foundation of China under Grant No. 61472209, by the U.S. National Science Foundation under Grant CNS-1408790. The statements made herein are solely the responsibility of the authors.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Qu, Z. et al. (2017). AppShield: Enabling Multi-entity Access Control Cross Platforms for Mobile App Management. In: Deng, R., Weng, J., Ren, K., Yegneswaran, V. (eds) Security and Privacy in Communication Networks. SecureComm 2016. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 198. Springer, Cham. https://doi.org/10.1007/978-3-319-59608-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-59608-2_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59607-5
Online ISBN: 978-3-319-59608-2
eBook Packages: Computer ScienceComputer Science (R0)