Enhancing Security of the Android Platform via Multi-level Security Model

Author(s):  
Ji-Soo Oh ◽  
Min-Woo Park ◽  
Tai-Myoung Chung
2014 ◽  
Vol 2014 ◽  
pp. 1-14 ◽  
Author(s):  
Ahmed Al-Haiqi ◽  
Mahamod Ismail ◽  
Rosdiadee Nordin

Covert channels are not new in computing systems, and have been studied since their first definition four decades ago. New platforms invoke thorough investigations to assess their security. Now is the time for Android platform to analyze its security model, in particular the two key principles: process-isolation and the permissions system. Aside from all sorts of malware, one threat proved intractable by current protection solutions, that is, collusion attacks involving two applications communicating over covert channels. Still no universal solution can countermeasure this sort of attack unless the covert channels are known. This paper is an attempt to reveal a new covert channel, not only being specific to smartphones, but also exploiting an unusual resource as a vehicle to carry covert information: sensors data. Accelerometers generate signals that reflect user motions, and malware applications can apparently only read their data. However, if the vibration motor on the device is used properly, programmatically produced vibration patterns can encode stolen data and hence an application can cause discernible effects on acceleration data to be received and decoded by another application. Our evaluations confirmed a real threat where strings of tens of characters could be transmitted errorless if the throughput is reduced to around 2.5–5 bps. The proposed covert channel is very stealthy as no unusual permissions are required and there is no explicit communication between the colluding applications.


2013 ◽  
Vol 397-400 ◽  
pp. 2536-2539 ◽  
Author(s):  
Hai Yan Zhao ◽  
Xiang Yang Liu ◽  
Jing Zhao

In the current multi-level security database system, the BLP model is the most widely used security model. For the problem of data redundancy, primary key loophole and reasoning channel of the BLP model, an improved method is proposed. The proposed method consummates the read-write level and the read-write range of user, increases the audit mechanism, eliminates the primary key loophole and avoids the reasoning channel to some extent. The proposed method in this paper improves the security of the BLP model and makes the security model more practical.


Author(s):  
Євгенія Володимирівна Міщук

It is argued that the methodological backbone for assessing the degree of enterprise economic security is its hierarchical structure. The paper seeks to explore the existing approaches to building an enterprise economic security framework. It has been revealed that only few of them demonstrate a hierarchical structure, yet the existing hierarchies have certain limitations and offer areas for improvement. The purpose of the study is to develop a multi-level hierarchical structure of an enterprise economic security which, unlike the existing ones, would allow for a more objective assessment of the overall economic security as well as its separate elements with regard to both static and dynamic nature of economic security. To accomplish the objectives, the following research methods have been employed: generalization, reasoning, grouping – for analyzing various scholars’ views on the object of the study and drawing conclusions of the content analysis of primary sources; analysis and synthesis – for interpreting the main research categories and providing rationale for new elements of economic security. The paper provides insights to the principles of building a structure of enterprise economic security along with suggesting an improved hierarchical structure of the enterprise economic security model using the proposed multidimensional approach. The enterprise economic security concept is viewed from the two perspectives, in a wide and a narrow sense. An author's definition of an «enterprise» concept in a broad sense is provided. The broader interpretation of the enterprise economic security entails the aspects of stakeholders’ economic security affected by the economic security of the enterprise. The separate elements of the economic security of various groups of the enterprise stakeholders have been identified. The floating nature of the hierarchical structure of the enterprise economic security has been demonstrated. A particular case of the hierarchy that provides twelve levels of consecutive elements has been discussed. The proposed hierarchical structure of the enterprise economic security successfully accommodates its binary nature subject to its static and dynamic character. The findings verify that the suggested elements could be used to select indicators for assessing the overall economic security as well as its particular types. It is argued that the methodology for measuring the degree of enterprise economic security should rely on a comprehensive study of its elements and consistent integration of the results of their bottom-up assessment for each level of the hierarchical structure.


Sign in / Sign up

Export Citation Format

Share Document