The Bring Your Own Device (BYOD) paradigm, where the employees of a company install an application on their mobile devices to access company privileged information, is becoming very popular in the business environment. In order to perform their tasks, BYOD applications typically require a large set of rights which, in Android mobile devices, must be statically granted in order to have the application installed. However, this access control model is too coarse grained for the BYOD scenario, because employees would like to have a finer control on the rights granted to such applications, for instance to protect their privacy when they are not on duty. To address this issue, we propose to enhance the Android permission system through a Usage Controlbased framework enabling employees to write policies which are continuously enforced while BYOD applications are running. This framework acts as a dynamic permission manager, where usage control policies grants, revokes and restores permissions to running applications on the base of mutable attributes describing the current context. Context is observed by using Android device standard APIs to monitor attributes such as mobile device location, WiFi status, battery level, current date and time, and so on. External trusted attribute providers can also be exploited.
Enhancing Android permission through Usage control: A BYOD use-case
Martinelli F;Mori P;Saracino A
2016
Abstract
The Bring Your Own Device (BYOD) paradigm, where the employees of a company install an application on their mobile devices to access company privileged information, is becoming very popular in the business environment. In order to perform their tasks, BYOD applications typically require a large set of rights which, in Android mobile devices, must be statically granted in order to have the application installed. However, this access control model is too coarse grained for the BYOD scenario, because employees would like to have a finer control on the rights granted to such applications, for instance to protect their privacy when they are not on duty. To address this issue, we propose to enhance the Android permission system through a Usage Controlbased framework enabling employees to write policies which are continuously enforced while BYOD applications are running. This framework acts as a dynamic permission manager, where usage control policies grants, revokes and restores permissions to running applications on the base of mutable attributes describing the current context. Context is observed by using Android device standard APIs to monitor attributes such as mobile device location, WiFi status, battery level, current date and time, and so on. External trusted attribute providers can also be exploited.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
