상세정보
학술지
Is Your Android App Insecure? Patching Security Functions With Dynamic Policy Based on a Java Reflection Technique
- 발행일
- 202004
- 출처
- IEEE Access, v.8, pp.83248-83264
- ISSN
- 2169-3536
- 출판사
- IEEE
- 초록
- With the popularization of smart devices, companies are adopting bring-your-own-device or mobile office policies that utilize personal smart devices for work. However, as work data are stored on individual smart devices, critical security threats are emerging, such as the leakage of confidential documents. Enterprises want to address this issue by adapting enterprise mobility management (EMM) solutions. Appwrapping is among the core technologies in EMM solutions, enabling security function insertion or misused code patching without the original application (app) source code. Studies on permission control, misused code patching, security function insertion based on static policies, etc., have been conducted, but there are limitations such as poor user convenience and overhead. In this paper, we propose an AppWrapper toolkit to support dynamic polices. Basically it can insert security function execution code into apps by using appwrapping technology without the original source code. This code uses Java reflection to invoke security functions dynamically based on preset policies. Accordingly, after the initial appwrapping, the policy can be changed easily. In addition, even when multiple security functions are required, Java reflection can invoke multiple security functions dynamically and simultaneously without conflicting with the existing code. The AppWrapper toolkit also provides a log function to check in real time where the security function is needed. Hence, the policy-setting administrator can check the log in real time and implement the security function where needed. Our experimental results show that this technique improves significantly the efficiency, effectiveness, and convenience of adding security function execution code.
- KSP 제안 키워드
- Android Apps, Bring your own Device, Code patching, Critical security threats, Dynamic policy, Enterprise Mobility, Mobility management, Permission Control, Real-Time, Security function, Smart devices
본 저작물은 크리에이티브 커먼즈 저작자 표시 (CC BY) 조건에 따라 이용할 수 있습니다.
