Doctoral theses
Current Record: 22 of 125
|
Identifier |
000454775 |
Title |
Android’s security and privacy journey through the lens of access control policies |
Alternative Title |
Η εξέλιξη ασφάλειας και απορρήτου του Android μέσα από το πρίσμα των πολιτικών ελέγχου πρόσβασης |
Author
|
Διαμαντάρης, Μιχάλης Η
|
Thesis advisor
|
Ιωαννίδης, Σωτήριος
|
Reviewer
|
Μαρκάτος, Ευάγγελος
Πρατικάκης, Πολύβιος
Polakis, Jason
Μαγκούτης, Κωνσταντίνος
Αργυρός Αντώνιος
Polychronakis, Michalis
Kapravelos, Alexandros
|
Abstract |
The popularity of the Android operating system and the personalized nature of modern
smartphones have gained a lot of attention. Smartphone devices offer a rich set of functionality that has been empowered by the application ecosystem. Android is dominated by
free apps and developers earn their revenue by embedding advertisements. While this concept may appear beneficial to the user, as it does not induce a cost for enjoying a plethora
of apps, it suffers from the inherent privacy risks of the embedded third-party libraries.
As was foreseeable, applications are a black box with hidden inner workings and have become a treasure trove of sensitive user data and personally identifiable information.
In Android device resources are guarded by permissions and while Android has evolved
over the last decade and moved towards a more fine-grained run time permission system,
data privacy is still the major problem that mobile users face. Users can not differentiate
between permission requests needed for the core functionality of the app and requests
from third-parties, as they lack the contextual information that will enable them to make
informed decisions. Additionally, mobile web browsing and apps’ integration with webbased content, further aggrevates the situation due to the semantic gap between access
control policies in the operating system and the HTML5 WebAPIs.
In this dissertation using the permission management and enforcement system as our
focal point, we explore how the Android operating system can be augmented to better protect users in real time. Specifically, we note that a fine-grained permission system should
notify users of the origin of a permission request and explicitly state if it is needed by
the app’s core functionality or an integrated third-party library. We explore in depth the
security and privacy issues that arise, due to improper access control, when mobile device characteristics are combined with the powerful features of the HTML5. Furthermore,
we introduce a novel attack vector that misuses the advertising ecosystem and combines
flaws in Android’s isolation and permission management for delivering sophisticated and
stealthy attacks that place even security-cautious users at risk. To mitigate these problems
and better protect users, we implement solutions and propose a set of access control policies and guidelines.
|
Language |
English |
Subject |
Android Privacy |
|
Android Security |
|
Android Ασφάλεια |
|
Android Ιδιωτικότητα |
Issue date |
2023-04-07 |
Collection
|
School/Department--School of Sciences and Engineering--Department of Computer Science--Doctoral theses
|
|
Type of Work--Doctoral theses
|
Permanent Link |
https://elocus.lib.uoc.gr//dlib/8/d/2/metadata-dlib-1680851633-131176-21201.tkl
|
Views |
917 |