ETRI-Knowledge Sharing Plaform

KOREAN
논문 검색
Type SCI
Year ~ Keyword

Detail

Conference Paper Appwrapping Providing Fine-Grained Security Policy Enforcement Per Method Unit in Android
Cited 4 time in scopus Download 3 time Share share facebook twitter linkedin kakaostory
Authors
Sung-Hoon Lee, Seung-Hyun Kim, SooHyung Kim, Seung-Hun Jin
Issue Date
2017-10
Citation
International Symposium on Software Reliability Engineering Workshops (ISSREW) 2017, pp.36-39
Language
English
Type
Conference Paper
DOI
https://dx.doi.org/10.1109/ISSREW.2017.25
Project Code
17HH3600, Development of Universal Authentication Platform Technology with Context-Aware Multi-Factor Authentication and Digital Signature, Soo Hyung Kim
Abstract
Enterprise mobility management (EMM) solution is widely used to securely protect confidential information stored on an individual's smartphone, while increasing the efficiency because of BYOD policy. The application wrapping (Appwrapping) technology is one way to be applied EMM solutions, by modifying binary applications without the original source code. In the past, Appwrapping was performed to control permissions or APIs to protect privacy on Android. This method is applied collectively to the whole section, not a specific section of the app, so it is difficult to control the section (flow) desired by the user or the manager. In addition, system overhead can occur because the control is applied to the whole section of the app. In this paper, we propose a method to insert an additional security policy code at a certain interval position in the intermediate code of a binary app, so that it can be controlled at a specific interval rather than the whole interval of the app. The proposed method extracts and saves the security policy intermediate code and the related file in advance and then adds the security policy code to the specific method on the intermediate code of the specific activity acquired by decompiling the target app. Finally, the additional security policy code is modified to avoid errors caused by the additional code. We create an automation tool for performance verification, experiment with five commercial office apps, and confirm that the apps work properly with the added EMM security functions.
KSP Keywords
Enterprise Mobility, Mobility management, Performance verification, Security policy enforcement, Source Code, Specific activity, confidential information, fine-grained, intermediate code