Total views : 166
Access Control Policy on Mobile Operating System Frameworks –A survey
Background: Access control is the method of granting permissions according to policies. Mobile devices, such as Smartphone, are acting as multi-purpose devices for private as well as the corporate environment. Since the applications in the Smartphone are accessing in various contexts, there would be a leakage of data and applications. Furthermore, when third party apps are downloading on Android-based platforms, it causes threats to the existing system applications. So, different access control policies have been implemented in the Android-based Smartphone to separate the own application and corporate application for providing security. Methods: This paper presents a survey of access control models in various frameworks and compares them by their performance evaluations. The performance of each framework is corresponding to the characteristics of access control policies. These access controls are categorizing according to role, discretionary, mandatory, context, and attributes. Finding: We have found that, Context-Based Access Control (CBAC) and Dynamic Role Based Access Control (DRBAC) are providing better performance. Hence, to give robust security for mobile operating systems the hybrid access policies can be considered. Applications: This hybrid approach might provide a good Android security framework with acceptable performance.
Access Control Policy, Android OS, Framework, Security, Smartphone
- Bugiel S, Heuser S, Sadeghi AR. Flexible and Fine-Grained Mandatory Access Control on Android for Diverse Security and Privacy Policies, Proceeding 22nd USENIX Conf.Security 2013.
- Jun Zheng, Qikun Zhang, Shangwen Zheng, Yuan Tan. Dynamic Role Based Access Control Model Journal of Software, 2011 Jun; 6(6). Doi: 10.1145/2523649.2523676.
- Sandhu RS, Coyne EJ, Feinstein HL, Youman CE. RoleBased Access Control Models, [C] IEEE Computer. 1996; 29:38−47. Doi: 10.1109/TDSC.2010.55
- Bilal Shebaro, Oyindamola Oluwatimi, Elisa Bertino. Context-Based Access Control System for Mobile Devices, IEEE Transactions on Dependable and Secure Computing. 2015 March/April; 12(2). Doi: 10.1109/ TDSC.2014.2320731.
- Conti M, Nguyen VTN, Crispo B. Context-Related Policy Enforcement for Android, Proceedings 13th Int. Conf. Inf Security. 2011; 331–45. Doi: 101109/TIFS2012 2204249.
- van Wissen B, Palmer N, Kemp R, Kielmann T, Ba H. Context Droid: An Expression Based Context Framework for Android, Procerding Phone Sense’10. 2010; 1-5.
- Bai G, Gu L, Feng T, Guo Y, Chen X. Context-Aware Usage Control for Android, Proceeding Int’l Conf. Security and Privacy in Comm. Networks (Secure Comm ’10). 2010; 326−43.
- Russello G, Conti M, Crispo B, Fernandes E. MOSES: Supporting Operation Modes on Smartphones, Proceeding 17th ACM Symp, Access Control Models and Technologies (SAC MA T’12). 2012; 3−12.
- Russell G, Conti M, Crespo B, Fernandes E. MOSES: Supporting and Enforcing Security Profiles on Smartphones, IEEE Transactions on Dependable and Secure Computing. 2014 May-Jun; 11(3). Doi: 10.1109/TDSC.2014.2300482.
- Michael Backes, Sven Bugiel, Sebastian Gerling, Philipp von Styp-Rekowsky, Android Security Framework: Enabling Generic and Extensible Access Control on Android. arXiv: 1404.1395v1 [cs.CR] 4 Apr 2014.
- Bugiel S, Davi L, Dmitrienko A, Heuser S. Sadeghi A-R., Shastry, B. Practical and lightweight domain isolation on Android, Proceeding 1st ACM Workshop on Security and Privacy in Mobile Devices (SPSM ’11) (2011), ACM, Doi: 10.1145/2046614.2046624.
- Beulah Hemalatha S, Vigneshwaran T, Jasmin M. Security Comparison of Android and IOS and Implementation of user Approved Security (UAS) for Android. IJST. 2016; 9(14). 9i14/87071, Doi: 10.17485/ijst/2016/v9i14/87071.
- Shaukat Ali, Shah Khusro. Mobile Phone Sensing: A New Application Paradigm. IJST. 2016 May; 9(19). Doi: 10.17485/ijst/2016/v9i19/53088.
- Pandey M, Rajashekar Babu M, Manasa J, Avinash K. Mobile Based Home Automation and Security System, Indian Journal of Science and Technology. 2015 Jan; 8(S2):1216. Doi: 10.17485/ijst/2015/v8iS2/57792.
- There are currently no refbacks.
This work is licensed under a Creative Commons Attribution 3.0 License.