ETRI-Knowledge Sharing Plaform



논문 검색
구분 SCI
연도 ~ 키워드


학술대회 Appwrapping Providing Fine-Grained Security Policy Enforcement Per Method Unit in Android
Cited 3 time in scopus Download 3 time Share share facebook twitter linkedin kakaostory
이성훈, 김승현, 김수형, 진승헌
International Symposium on Software Reliability Engineering Workshops (ISSREW) 2017, pp.36-39
17HH3600, 상황인지기반 멀티팩터 인증 및 전자서명을 제공하는 범용인증플랫폼기술 개발, 김수형
Enterprise mobility management (EMM) solution is widely used to securely protect confidential information stored on an individual's smartphone, while increasing the efficiency because of BYOD policy. The application wrapping (Appwrapping) technology is one way to be applied EMM solutions, by modifying binary applications without the original source code. In the past, Appwrapping was performed to control permissions or APIs to protect privacy on Android. This method is applied collectively to the whole section, not a specific section of the app, so it is difficult to control the section (flow) desired by the user or the manager. In addition, system overhead can occur because the control is applied to the whole section of the app. In this paper, we propose a method to insert an additional security policy code at a certain interval position in the intermediate code of a binary app, so that it can be controlled at a specific interval rather than the whole interval of the app. The proposed method extracts and saves the security policy intermediate code and the related file in advance and then adds the security policy code to the specific method on the intermediate code of the specific activity acquired by decompiling the target app. Finally, the additional security policy code is modified to avoid errors caused by the additional code. We create an automation tool for performance verification, experiment with five commercial office apps, and confirm that the apps work properly with the added EMM security functions.
KSP 제안 키워드
Enterprise Mobility, Mobility management, Performance verification, Security policy enforcement, Source Code, Specific activity, confidential information, fine-grained, intermediate code