- researchers at Purdue University BYODin the sceneAndroidThe problem of malicious software leaking user sensitive data in terminal, a context-based access control model is proposed (context-based Access Control, CBAC ). CBACmodels can implement different authorization policies in different contexts (time, location) for different applications. For the location context, this paper presents aWi-Fithe positioning method of signal strength, combined with existingGPSand cellular positioning, can be achieved in different rooms (such as corporate offices, meeting rooms, home living room, bedroom) of the differentiated positioning. CBACThe strategy can be developed flexibly by the user, or can be pushed by the company network management. AlsoCBACThe security issues that may arise are also5security Optimizations. In contrast to this article, other existing work1) cannot reach the location context granularity of this article,2The permissions checkpoint is not comprehensive. In GoogleNexus 4Phones andNexus 7the experimental results on the plate show thatCBACmethods The accuracy of spatial positioning is achieved90%above, the checkpoint time overhead does not exceed12ms, the power consumption does not exceed5%. The results are available for Androidsystem to better supportBYOD. (context-based Access Control Systems for Mobiledevices, IEEE transactions on dependable and Secure Computing, Mar 2015 )
- researchers at the State University of New York, Buffalo, Michigan State University, the University of Massachusetts Lowell, and the City University of Hong Kong NFCThe technology needs additional hardware support, easy to be monitored and the problem of the middle person attack, proposed a kind of secure visible light communication system based on two-dimensional code ( Secure sytem for barcode-based Visible lightcommunication, SBVLC ), can be used for mobile payment, identification, encrypted data transmission and other scenarios. VLCis a recent rise in communication, and its applications includeLi-fiand so on. SBVLCmethod Firstly, the security geometric model of QR code communication is analyzed, and then a physical security enhancement method is proposed to prevent eavesdropping attacks, such as using privacy screen foil (Privacy Screen Projector) reduces large-angle visibility of the screen, or two terminals for active synchronous rotation. SBVLCneed two terminal with color screen and front camera, on the basis of multi-frame two-dimensional code communication, put forward a message delivery protocol, handshake protocol and Flow protocol, to ensure that as long as not be listening to all the frames of the two-dimensional code, the communication content is safe. In theIPhone 4/4S/5and manyAndroidthe experimental results on the mobile phone show that97.5%The testers can learnSBVLCcommunication method, and the method is safe enough. At present, there is no similar adoption of matureQR CodeTwo-dimensional code multi-frame encryption method. The results are available for Androidsystem to better support end-to-end short-distance communication. (sbvlc:secure barcode-based visible lightcommunication for Smartphones, IEEE transactions on Mobile Computing, Mar 201 5)
- researchers at Penn State University have proposed a policy-based sensor Rights Management framework for sensor data that could lead to user data breaches-semadroid. semadroidthe ability to specify specific applications and to specify the context in which the policy takes effect, such as the time range, phone status (whether on the phone), device status (on or off screen), app status (foreground or background), and so on. This policy can limitGPS, photo, video, recording, etc.Androidsensors that define permissions, and can also limit acceleration sensors, directional sensors, etc. withoutAndroidthe sensor that corresponds to the permission. And the limit granularity is very fine, can reach the specific parameters, such as sample rate, photo clarity, whether or not to add noise data. This strategy is divided into three kinds of sensor data processing rules: Data adjustment Rules, data manipulation rules and data forgery rules, in order to make the processed sensor data accuracy is increasingly low, more and more forgery data. And the coordination mechanism is designed to allow users to choose their own appropriate sensor data processing rules, can not disclose privacy, and does not affect personal use. Currently,AndroidThe system only sets the permissions control on a subset of the sensors, and the user only installsAppwill not be reminded of this permission to dynamically modify permissions. The existing approach, most of the access control for the sensor is not enough granularity, there is a small number of access control for the sensor, but the false data is constant, which will make some applications (such as relying on changingGPScoordinate) crashes, andsemadroidtwo ways to ensure that false data can be "genuine" through random and trace files. And now the work does not provide the sensor data processing rules coordination mechanism, so that users can choose their own. The results are available for Androidsystem to better support rights management. (semadroid:a privacy-aware Sensor Management Framework for Smartphones, Codaspy ' Mar2015)
2015 3-April 3 top papers on Android access control security "2015.3-2015.4"
