Context-based access control model--cbac under Android platform

Context-basedaccess Control Systems for Mobile Devices, IEEE transactions on dependable andsecure Computing, March 2015 [1]ht tp://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6807727

1.1. Background

Researchers at Purdue University have proposed a context-based access control model for malware leaking user-sensitive data in the context of the BYOD scenario (context-basedaccess control, CBAC). The CBAC model can implement different authorization strategies for different applications in different contexts ( time, Location ), and the strategy can restrict hardware resources, privacy data, System boundary switches, application communication and user security functions .

BYOD (Bring Your Own device) is a device that carries its own devices, including personal computers, mobile phones, tablets, and more, such as mobile smart devices such as mobile phones or tablets. In airports, hotels, cafes, etc., login to the company mailbox, online Office system, not by time, location, equipment, personnel, network environment restrictions, BYOD to people show a beautiful future office scene. At present, the biggest problem of BYOD is security problem, including malware shielding, anti-eavesdropping, privilege control, network data encryption , and so on, the access control technology represented by CBAC can solve these problems well.

1.2. Contributions

This paper presents a policy-based CBAC model, as shown in Architecture 1. The policy consists of { limit, context } Two elements, which refers to a principal (represented by the app package name ) to a resource (including hardware resources, privacy data, system boundary switches, Access control for inter-application communication and user security features . The context consists of { time, place } Two elements, which include the start time and end time , as well as the ability to set the interval (how often the policy is executed). The location combines three methods of Wi-Fi signal strength positioning,GPS positioning, and cellular network positioning to differentiate the granularity of the specific room where the device resides.

Figure 1 CBAC Model architecture

Aiming at the location situation, this paper puts forward the location method based on Wi-Fi signal strength, combined with the existing GPS and cellular positioning, can realize the differentiation and localization of different rooms (such as company office, meeting room, home living room, bedroom). CBAC's strategy can be developed flexibly by the user, or it can be pushed by the company's network management. The CBAC also provides 5 security optimizations for possible security issues.

1.3. Contrast

Compared with this article, other existing work 1) only used GPS or cellular network positioning, and this paper uses the Wi-Fi combined with the signal strength of the location method, can pinpoint to a specific room , Other existing work can not achieve the location of this article granularity, 2) permissions Checkpoint is not comprehensive, this article in the hardware resources, privacy data, System boundary switch, application communication and user security functions , such as a variety of security issues easily set up a checkpoint.

1.4. Experiments

Experimental results on the Google Nexus 4 mobile phone and Nexus 7 tablet show that the Cbac method has a spatial positioning accuracy of more than 90% , the checkpoint time overhead does not exceed 12ms(as shown in table 1), and the power consumption does not exceed 5% (as shown in 2).

Table 1 Important operating time overhead

Figure 2 Power consumption of the Cbac method

1.5. Expert opinion

BYOD (Bring Your Owndevice) refers to carrying their own equipment, such as personal computers, mobile phones, tablets, etc., and more in the case of mobile smart devices such as mobile phones or tablets. Cisco and the Juniper The company has launched its own solutions in the BYOD Arena, but has limited investment in endpoint security technology. And the biggest problem of BYOD is security problem, including malware shielding, anti-eavesdropping, privilege control, network data encryption , and so on, this paper proposes access control based on context (time, location, etc.) CBAC (context-basedaccess Control) framework that can solve these problems well.

The BYOD Market has a broad outlook, and handset makers use the CBCA solution to lay out the BYOD market with natural advantages. The Android system now integrates autonomous access control and mandatory access control (SELinux) as a new access control mechanism that complies with the BYOD concept,CBAC It is possible to become One of the standard features of Android phones, and phones with CBAC security features will also be of concern. The results can be used in mobile phone systems to better support BYOD.

1.6. References

[1] Shebaro, Bilal, Oyindamola oluwatimi,and Elisa Bertino. "Context-based Access Control Systems for mobiledevices." (2014): 1-1.

Context-based access control model--cbac under Android platform