We present the conceptual system design of self-aware access control system that enhance the security of Android platform. The objective of the self-awareness is to achieve optimal security through learning of application behaviors and then optimizing the access control policies accordingly. The self-configure, learn and optimize components of the self-aware agent are responsible for the autonomy of itself and the access control system. The cooperation of self-aware access control system with Android’s permission model and user subsystem leads to better understanding of application activities and recognition of dynamic threat patterns. The access control system is customized to perform the monitoring tasks for the learning process. The mobile device activities are classified and two different context approaches, environment and attribute, are employed to achieve finer granular and diversified policies. The access control system is designed to enforce static and dynamic restriction on request calls to secure protected and open resources. The presented design is a preliminary abstraction that allows to realize self-aware access control system in Android.
Thanigaivelan N.K., Nigussie E., Virtanen S., Isoaho J. (University of Turku): Self-aware Access Control System for Android.