skip to main content
10.1145/2914642.2914645acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
research-article

An Application Restriction System for Bring-Your-Own-Device Scenarios

Published: 06 June 2016 Publication History

Abstract

Different containerization techniques have been developed to ensure the separation of enterprise content and personal data on an end-user's device. Although the enterprise manages the environment in which work-related activities are conducted, referred to as a work persona, third-party applications installed on the mobile devices may make the enterprise content vulnerable to misuse or exfiltration. It is thus critical that enterprises be given the ability to restrict the capabilities of third-party applications that reside in the work persona. In mobile systems, applications typically request to use a list of capabilities on the device prior to being installed on the device, and alll capabilities must be granted in order for the applications to be installed. Our approach, that we refer to as DroidARM, focuses on post-installation application restriction policies. Such policies dynamically restrict the capabilities of mobile applications at run-time. An application restriction policy is configured through our Application Restriction Manager (ARM) Policy Manager that allows one to set different restrictions for each installed application. Adhering to the policy, our ARM system limits the capabilities of an application by restricting access to data and system resources contained within the work persona. Data shadowing is a data and system resource protection technique we have chosen to leverage. We have implemented DroidARM and integrated it into the Android operating system. Our experimental results show that our approach is efficient and effective.

References

[1]
Enterprise mobility management smackdown. http://www.pqr.com/enterprise-mobility-management-smackdown.
[2]
K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie. Pscout: analyzing the android permission specification. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 217--228. ACM, 2012.
[3]
G. Bai, L. Gu, T. Feng, Y. Guo, and X. Chen. Context-aware usage control for android. In S. Jajodia and J. Zhou, editors, Security and Privacy in Communication Networks, volume 50 of Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, pages 326--343. Springer Berlin Heidelberg, 2010.
[4]
A. R. Beresford, A. Rice, N. Skehin, and R. Sohan. Mockdroid: trading privacy for application functionality on smartphones. In Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, HotMobile '11, pages 49--54, New York, NY, USA, 2011. ACM.
[5]
B. Choudhary and J. Risikko. Mobile device security element. Key Findings from Technical Analysis, 1:1--8, 2005.
[6]
L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy. Privilege escalation attacks on android. In M. Burmester, G. Tsudik, S. Magliveras, and I. Ili?, editors, Information Security, volume 6531 of Lecture Notes in Computer Science, pages 346--360. Springer Berlin Heidelberg, 2011.
[7]
N. Elenkov. Android Security Internals: An In-depth Guide to Android's Security Architecture. No Starch Press, 2014.
[8]
W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS), 32(2):5, 2014.
[9]
S. Furnell, A. Jusoh, and D. Katsabas. The challenges of understanding and using security: A survey of end-users. Computers and Security, 25(1):27--35, 2006.
[10]
P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall. These aren't the droids you're looking for: retrofitting android to protect data from imperious applications. In Proceedings of the 18th ACM conference on Computer and communications security, CCS '11, NY, USA, 2011.
[11]
B. Morrow. Byod security challenges: control and protect your most sensitive data. Network Security, 2012(12):5--8, 2012.
[12]
M. Nauman, S. Khan, and X. Zhang. Apex: extending android permission model and enforcement with user-defined runtime constraints. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS '10, pages 328--332, New York, NY, USA, 2010. ACM.
[13]
O. Oluwatimi, D. Midi, and E. Bertino. Overview of mobile containerization approaches and open research directions. Under submission, 2016.
[14]
M. Reveilhac and M. Pasquet. Promising secure element alternatives for nfc technology. In Near Field Communication, 2009. NFC'09. First International Workshop on, pages 75--80. IEEE, 2009.
[15]
H. Romer. Best practices for byod security. Computer Fraud & Security, 2014(1):13--15, 2014.
[16]
G. Russello, M. Conti, B. Crispo, and E. Fernandes. Moses: supporting operation modes on smartphones. In Proceedings of the 17th ACM symposium on Access Control Models and Technologies, pages 3--12. ACM, 2012.
[17]
G. Russello, B. Crispo, E. Fernandes, and Y. Zhauniarovich. Yaase: Yet another android security extension. In Privacy, Security, Risk and Trust (PASSAT) and 2011 IEEE Third Inernational Conference on Social Computing (SocialCom), 2011 IEEE Third International Conference on, pages 1033--1040. IEEE, 2011.
[18]
B. Shebaro, O. Oluwatimi, and E. Bertino. Context-based access control systems for mobile devices. Dependable and Secure Computing, IEEE Transactions on, 12(2):150--163, 2015.
[19]
B. Shebaro, O. Oluwatimi, D. Midi, and E. Bertino. Identidroid: Android can finally wear its anonymous suit. Trans. Data Privacy, 7(1):27--50, Apr. 2014.
[20]
C. Stach and B. Mitschang. Privacy management for mobile platforms--a review of concepts and approaches. In Mobile Data Management (MDM), 2013 IEEE 14th International Conference on, volume 1, pages 305--313. IEEE, 2013.
[21]
T. Vidas, D. Votipka, and N. Christin. All your droid are belong to us: A survey of current android attacks. In Proceedings of the 5th USENIX Conference on Offensive Technologies, WOOT'11, pages 10--10, Berkeley, CA, USA, 2011. USENIX Association.
[22]
Y. Zhou, X. Zhang, X. Jiang, and V. W. Freeh. Taming information-stealing smartphone applications (on android). In Proceedings of the 4th international conference on Trust and trustworthy computing, TRUST'11, pages 93--107, Berlin, Heidelberg, 2011. Springer-Verlag.

Cited By

View all
  • (2020)Bring Your Own Device (BYOD) Based Flipped Classroom in Primary School2020 IEEE International Conference on Smart Cloud (SmartCloud)10.1109/SmartCloud49737.2020.00036(154-158)Online publication date: Nov-2020
  • (2020)Design and Adoption of Bring Your Own Device (BYOD) in Smart Classroom2020 IEEE 2nd International Conference on Computer Science and Educational Informatization (CSEI)10.1109/CSEI50228.2020.9142474(99-103)Online publication date: Jun-2020
  • (2018)A Multi-Enterprise Containerization Approach with an Interoperable Position-Based SystemProceedings of the Eighth ACM Conference on Data and Application Security and Privacy10.1145/3176258.3176311(256-266)Online publication date: 13-Mar-2018

Index Terms

  1. An Application Restriction System for Bring-Your-Own-Device Scenarios

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      SACMAT '16: Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies
      June 2016
      248 pages
      ISBN:9781450338028
      DOI:10.1145/2914642
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 06 June 2016

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. access control
      2. android
      3. byod
      4. containerization
      5. emm

      Qualifiers

      • Research-article

      Conference

      SACMAT 2016
      Sponsor:

      Acceptance Rates

      SACMAT '16 Paper Acceptance Rate 18 of 55 submissions, 33%;
      Overall Acceptance Rate 177 of 597 submissions, 30%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)3
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 26 Jan 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2020)Bring Your Own Device (BYOD) Based Flipped Classroom in Primary School2020 IEEE International Conference on Smart Cloud (SmartCloud)10.1109/SmartCloud49737.2020.00036(154-158)Online publication date: Nov-2020
      • (2020)Design and Adoption of Bring Your Own Device (BYOD) in Smart Classroom2020 IEEE 2nd International Conference on Computer Science and Educational Informatization (CSEI)10.1109/CSEI50228.2020.9142474(99-103)Online publication date: Jun-2020
      • (2018)A Multi-Enterprise Containerization Approach with an Interoperable Position-Based SystemProceedings of the Eighth ACM Conference on Data and Application Security and Privacy10.1145/3176258.3176311(256-266)Online publication date: 13-Mar-2018

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media