Your browser does not support JavaScript!

Doctoral theses

Search command : Author="Παπαγιαννάκης"  And Author="Γεώργιος"

Current Record: 18 of 121

Back to Results Previous page
Next page
Add to Basket
[Add to Basket]
Identifier 000454775
Title Android’s security and privacy journey through the lens of access control policies
Alternative Title Η εξέλιξη ασφάλειας και απορρήτου του Android μέσα από το πρίσμα των πολιτικών ελέγχου πρόσβασης
Author Διαμαντάρης, Μιχάλης Η
Thesis advisor Ιωαννίδης, Σωτήριος
Reviewer Μαρκάτος, Ευάγγελος
Πρατικάκης, Πολύβιος
Polakis, Jason
Μαγκούτης, Κωνσταντίνος
Αργυρός Αντώνιος
Polychronakis, Michalis
Kapravelos, Alexandros
Abstract The popularity of the Android operating system and the personalized nature of modern smartphones have gained a lot of attention. Smartphone devices offer a rich set of functionality that has been empowered by the application ecosystem. Android is dominated by free apps and developers earn their revenue by embedding advertisements. While this concept may appear beneficial to the user, as it does not induce a cost for enjoying a plethora of apps, it suffers from the inherent privacy risks of the embedded third-party libraries. As was foreseeable, applications are a black box with hidden inner workings and have become a treasure trove of sensitive user data and personally identifiable information. In Android device resources are guarded by permissions and while Android has evolved over the last decade and moved towards a more fine-grained run time permission system, data privacy is still the major problem that mobile users face. Users can not differentiate between permission requests needed for the core functionality of the app and requests from third-parties, as they lack the contextual information that will enable them to make informed decisions. Additionally, mobile web browsing and apps’ integration with webbased content, further aggrevates the situation due to the semantic gap between access control policies in the operating system and the HTML5 WebAPIs. In this dissertation using the permission management and enforcement system as our focal point, we explore how the Android operating system can be augmented to better protect users in real time. Specifically, we note that a fine-grained permission system should notify users of the origin of a permission request and explicitly state if it is needed by the app’s core functionality or an integrated third-party library. We explore in depth the security and privacy issues that arise, due to improper access control, when mobile device characteristics are combined with the powerful features of the HTML5. Furthermore, we introduce a novel attack vector that misuses the advertising ecosystem and combines flaws in Android’s isolation and permission management for delivering sophisticated and stealthy attacks that place even security-cautious users at risk. To mitigate these problems and better protect users, we implement solutions and propose a set of access control policies and guidelines.
Language English
Subject Android Privacy
Android Security
Android Ασφάλεια
Android Ιδιωτικότητα
Issue date 2023-04-07
Collection   School/Department--School of Sciences and Engineering--Department of Computer Science--Doctoral theses
  Type of Work--Doctoral theses
Permanent Link https://elocus.lib.uoc.gr//dlib/8/d/2/metadata-dlib-1680851633-131176-21201.tkl Bookmark and Share
Views 826

Digital Documents
No preview available

Download document
View document
Views : 9