Abstract:More and more powerful personal smart devices take users, especially the elder, into a disaster of policy administration where users are forced to set personal management policies in these devices. Considering a real case of this issue in the Android security, it is hard for users, even some programmers, to generally identify malicious permission requests when they install a third-party application. Motivated by the popularity of mutual assistance among friends (including family members) in the real world, we propose a novel framework for policy administration, referring to Socialized Policy Administration (SPA for short), to help users manage the policies in widely deployed personal devices. SPA leverages a basic idea that a user may invite his or her friends to help set the applications. Especially, when the size of invited friends increases, the setting result can be more resilient to a few malicious or unprofessional friends. We define the security properties of SPA, and propose an enforcement framework where users' friends can help users set applications without the leakage of friends' preferences with the supports of a privacy preserving mechanism. In our prototype, we only leverage partially homomorphic encryption cryptosystems to implement our framework, because the fully homomorphic encryption is not acceptable to be deployed in a practical service at the moment. Based on our prototype and performance evaluation, SPA is promising to support major types of policies in current popular applications with acceptable performance.

SPA: Inviting Your Friends to Help Set Android Apps.

Socialized Policy Administration

Poster: Collaborative Policy Administration

AppMoD

Taming Information-Stealing Smartphone Applications (On Android)

Owner-Centric Protection of Unstructured Data on Smartphones.

Hybrid User-level Sandboxing of Third-party Android Apps.

Towards a multilayered permission-based access control for extending Android security.

Securing App Behaviors in Smart Home: A Human-App Interaction Perspective.

Toward Automatically Generating Privacy Policy for Smart Home Apps

Making Distributed Mobile Applications SAFE: Enforcing User Privacy Policies on Untrusted Applications with Secure Application Flow Enforcement

Smart Home Personal Assistants: A Security and Privacy Review

An Adaptive Android Security Extension Against Privilege Escalation Attacks

An Adaptive and Configurable Protection Framework Against Android Privilege Escalation Threats

SEAPP: A secure application management framework based on REST API access control in SDN-enabled cloud environment

Privacy Preserving Personalized Access Control Service at Third Service Provider

Enhancement of Permission Management for an ARM-Android Platform.

Collaborative Privacy Management

Automatic Permission Optimization Framework for Privacy Enhancement of Mobile Applications

SeePrivacy: Automated Contextual Privacy Policy Generation for Mobile Applications

SPOKE: Scalable Knowledge Collection and Attack Surface Analysis of Access Control Policy for Security Enhanced Android.