Appwrapping Providing Fine-Grained Security Policy Enforcement Per Method Unit in Android

Abstract The Android operating system (OS) has become the dominant smart phone OS in recent years due to its accessibility, usability and its open-source philosophy. Consequently, this has also made it a popular target for attackers who aim to install malware on Android devices and take advantage of Android’s coarsegrained, non-revoking permission system. This project designs, implements and evaluates a security tool named COMBdroid, which addresses these security concerns in Android by enforcing fine-grained, user-defined policies. COMBdroid modifies an application before installation, allowing it to override points of security vulnerabilities at run-time. As a proof of concept we have implemented three policies in COMBdroid. This paper documents the development process of COMBdroid, deriving design decisions from the literature review, detailing the design and implementation, and proving the program’s effectiveness through evaluation.

Download Full-text

Trust in Security-Policy Enforcement Mechanisms

10.21236/ada444727 ◽

2006 ◽

Author(s):

Fred B. Schneider ◽

Greg Morrisett

Keyword(s):

Security Policy ◽

Policy Enforcement ◽

Enforcement Mechanisms

Download Full-text

Poster: Shielding AppSPEAR - Enhancing Memory Safety for Trusted Application-level Security Policy Enforcement

Proceedings of the 26th ACM Symposium on Access Control Models and Technologies ◽

10.1145/3450569.3464396 ◽

2021 ◽

Author(s):

Marius Schlegel

Keyword(s):

Security Policy ◽

Policy Enforcement ◽

Memory Safety

Download Full-text

DIOXIN: runtime security policy enforcement of fog applications

International Journal of Grid and Utility Computing ◽

10.1504/ijguc.2021.114821 ◽

2021 ◽

Vol 12 (2) ◽

pp. 126

Author(s):

Enrico Russo ◽

Luca Verderame ◽

Alessandro Armando ◽

Alessio Merlo

Keyword(s):

Security Policy ◽

Policy Enforcement

Download Full-text

ABE for Vehicular Network Security Policy Enforcement

Attribute-Based Encryption and Access Control ◽

10.1201/9781351210607-12 ◽

2020 ◽

pp. 249-265

Author(s):

Dijiang Huang ◽

Qiuxiang Dong ◽

Yan Zhu

Keyword(s):

Network Security ◽

Security Policy ◽

Vehicular Network ◽

Policy Enforcement

Download Full-text

Enterprise Network Packet Filtering for Mobile Cryptographic Identities

International Journal of Handheld Computing Research ◽

10.4018/jhcr.2010090905 ◽

2010 ◽

Vol 1 (1) ◽

pp. 79-94 ◽

Cited By ~ 1

Author(s):

Janne Lindqvist ◽

Essi Vehmersalo ◽

Miika Komu ◽

Jukka Manner

Keyword(s):

Network Security ◽

Security Policy ◽

Data Transfer ◽

The Internet ◽

Policy Enforcement ◽

Enterprise Network ◽

Packet Filtering ◽

Enterprise Network Security ◽

Host Identity ◽

Mobile Clients

Firewalls are an essential component of the Internet and enterprise network security policy enforcement today. The configurations of enterprise firewalls are typically rather static. Even if client’s IP addresses can be dynamically added to the packet filtering rules, the services allowed through the firewall are commonly still fixed. In this paper, we present a transparent firewall configuration solution based on mobile cryptographic identifiers of Host Identity Protocol (HIP). HIP allows a client to protect the data transfer with IPsec ESP, and supports dynamic address changes for mobile clients. The HIP-based firewall learns the identity of a client when it communicates with the server over HIP. The firewall configures the necessary rules based on HIP control messages passing through the firewall. The solution is secure and flexible, and introduces only minimal latency to the initial HIP connection establishment.

Download Full-text