상세정보
학술대회
AppWrapper: Patching Security Functions with Dynamic Policy on Your Insecure Android Apps
- 발행일
- 201810
- 출처
- International Symposium on Software Reliability Engineering Workshops (ISSREW) 2018, pp.36-41
- 협약과제
- 18HH5500, O2O 서비스를 위한 무자각 증강인증 및 프라이버시가 보장되는 블록체인 ID 관리 기술 개발, 김수형
- 초록
- Android provides a security system with permission control, but there are a number of vulnerabilities that have excessive permission rights and a large number of per-permission related APIs. To address these vulnerabilities, permission control studies have been conducted on APIs that are at risk of compromising user privacy. However, it is impossible to add a new security function to an insecure application, and there is a disadvantage that an overhead occurs in the progress of the app because the user is required to permit permission in real time and the users' convenience is decreased. In this paper, we propose an AppWrapper toolkit. The toolkit can add security functions to the user/administrator's desired locations (method level in activities) of an insecure app using the appwrapping technique. And, using dynamic policy management, it is easy to apply secure policies without adding security functions again. In addition, by providing a real-time app log function that considers the convenience of users, it is possible to confirm the location where the security function is required according to the progress flow of the insecure app, and to create a policy file by setting the policy. Experiments on commercial apps have shown 100% success rate, except for apps with built-in security and Android apps. On the average, it took 1.86 seconds to add the security function through the proposed framework, and the file size increased by about 2.11%, indicating that the security function can be added in a short time with the increase of the minimum file size.
- KSP 제안 키워드
- Android Apps, Built-in, Dynamic policy, File size, Permission Control, Policy Management, Real-Time, Security function, Short time, Success rate, User Privacy