Decentralized dynamic security enforcement for mobile applications with CliSeAuDroid

Hamann, Tobias; Mantel, Heiko

Decentralized dynamic security enforcement for mobile applications with CliSeAuDroid

Publikationstyp

Conference Paper

Date Issued

2018-11-13

Sprache

English

Author(s)

Hamann, Tobias

Mantel, Heiko

TORE-URI

http://hdl.handle.net/11420/13800

First published in

Lecture notes in computer science

Number in series

11358 LNCS

Start Page

29

End Page

45

Citation

Lecture Notes in Computer Science 11358 LNCS: 29-45 (2019)

Contribution to Conference

11th International Symposium on Foundations and Practice of Security, FPS 2018

Publisher DOI

10.1007/978-3-030-18419-3_3

Scopus ID

2-s2.0-85066026608

Publisher

Springer

To date, Android is by far the most prevalent operating system for mobile devices. With Android devices taking a vital role in the everyday life of users, applications on these devices are handling vast amounts of private and potentially sensitive information, as well as sensitive sensor data like the device location. The built-in security mechanisms of the Android platform offer only limited protection for this data and device resources, and are not sufficient to enforce fine-grained policies on how data is used by applications. We present CliSeAuDroid, a runtime enforcement mechanism for Android applications that can enforce fine-grained security policies, either locally within a single application, across multiple applications, or even across multiple devices. We show that CliSeAuDroid can effectively ensure user-defined security requirements that protect sensitive data and resources on Android devices and adds only little runtime overhead to protected applications.

DDC Class

004: Informatik

Options

Decentralized dynamic security enforcement for mobile applications with CliSeAuDroid