An extension to the Android access control framework
Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Several nice hardware functionalities located at the low level of operating system onmobile phones could be utilized in a better way if they are available to applicationdevelopers. With their help, developers are able to bring overall user experienceto a new level in terms of developing novel applications. For instance, one of thosehardware functionalities, SIM-card authentication is able to offer stronger andmore convenient way of authentication when compared to the traditional approach.Replacing the username-password combination with the SIM-card authentication,users are freed from memorizing passwords. However, since normally those kindsof functionalities are locked up at the low level, they are only accessible by a fewusers who have been given privileged access rights. To let the normal applicationsbe benefiting as well, they need to be made accessible at the application level. Onthe one hand, as we see the benefit it will bring to us, there is a clear intentionto open it up, however, on the other hand, there is also a limitation resultingfrom their security-critical nature that needs to be placed when accessing whichis restricting the access to trusted third parties.
Our investigation is based on the Android platform. The problem that we havediscovered is the existing security mechanism in Android is not able to satisfy everyregards of requirements we mentioned above when exposing SIM-card authenticationfunctionality. Hence, our requirement on enhancing the access control modelof Android comes naturally. In order to better suit the needs, we proposed a solutionWhite lists & Domains (WITDOM) to improve its current situation in thethesis. The proposed solution is an extension to the existing access control modelin Android that allows alternative ways to specify access controls therefore complementingthe existing Android security mechanisms. We have both designedand implemented the solution and the result shows that with the service that weprovided, critical functionalities, such as APIs for the low-level hardware functionalitycan retain the same level of protection however in the meanwhile, with moreflexible protection mechanism.
Place, publisher, year, edition, pages
2011. , 58 p.
Android security, access control
IdentifiersURN: urn:nbn:se:liu:diva-73064ISRN: LIU-IDA/LITH-EX-A--11/045—SEOAI: oai:DiVA.org:liu-73064DiVA: diva2:465642
Swedish Institute of Computer Science
Subject / course
Master's programme in Computer Science
2011-10-13, Charles Babbage, Linköpings universitet, Linköping, 13:00 (English)
Seitz, Ludwig, Senior Researcher
Shahmehri, Nahid, Professor