Annual Computer Security Applications Conference (ACSAC) 2013

Full Program »

DR BACA: Dynamic Role Based Access Control for Android

Android as an open platform dominates the booming mobile market. However its permission mechanism is inflexible and often results in over-privileged applications. This in turn creates severe security issues. Aiming to support the Principle of Least Privilege, we propose and implement a Dynamic Role Based Access Control for Android (DR BACA) model to enhance Android security, particularly in corporate environment. Our system offers multi-user management on Android mobile devices comparable to traditional workstations, and provides fine-grained Role Based Access Control (RBAC) to enhance Android security at both the application and permission level. Moreover, by leveraging context-aware capabilities of mobile devices and Near Field communication (NFC) technology, our solution supports dynamic RBAC to provide more flexible access control while still being able to mitigate some of the most serious security risks on mobile devices. The DR BACA system can easily be managed, even in large business environments with many mobile devices. We show that our
DR BACA system can be deployed and used with ease. With a proper security policy, our evaluation shows that DR BACA can effectively mitigate the security risks posed by both malicious and vulnerable non-malicious applications while incurring only a small overall system overhead.

Author(s):

Felix Rohrer    
Boston University
United States

Yuting Zhang    
Boston University
United States

Lou Chitkushev    
Boston University
United States

Tanya Zlateva    
Boston University
United States

 

Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC