ETRI-Knowledge Sharing Plaform

KOREAN
논문 검색
Type SCI
Year ~ Keyword

Detail

Journal Article Is Your Android App Insecure? Patching Security Functions With Dynamic Policy Based on a Java Reflection Technique
Cited 4 time in scopus Download 115 time Share share facebook twitter linkedin kakaostory
Authors
Sung-Hoon Lee, Seung-Hyun Kim, Jung Yeon Hwang, Soohyung Kim, Seung-Hun Jin
Issue Date
2020-04
Citation
IEEE Access, v.8, pp.83248-83264
ISSN
2169-3536
Publisher
IEEE
Language
English
Type
Journal Article
DOI
https://dx.doi.org/10.1109/ACCESS.2020.2987059
Abstract
With the popularization of smart devices, companies are adopting bring-your-own-device or mobile office policies that utilize personal smart devices for work. However, as work data are stored on individual smart devices, critical security threats are emerging, such as the leakage of confidential documents. Enterprises want to address this issue by adapting enterprise mobility management (EMM) solutions. Appwrapping is among the core technologies in EMM solutions, enabling security function insertion or misused code patching without the original application (app) source code. Studies on permission control, misused code patching, security function insertion based on static policies, etc., have been conducted, but there are limitations such as poor user convenience and overhead. In this paper, we propose an AppWrapper toolkit to support dynamic polices. Basically it can insert security function execution code into apps by using appwrapping technology without the original source code. This code uses Java reflection to invoke security functions dynamically based on preset policies. Accordingly, after the initial appwrapping, the policy can be changed easily. In addition, even when multiple security functions are required, Java reflection can invoke multiple security functions dynamically and simultaneously without conflicting with the existing code. The AppWrapper toolkit also provides a log function to check in real time where the security function is needed. Hence, the policy-setting administrator can check the log in real time and implement the security function where needed. Our experimental results show that this technique improves significantly the efficiency, effectiveness, and convenience of adding security function execution code.
KSP Keywords
Android Apps, Bring your own Device, Code patching, Critical security threats, Dynamic policy, Enterprise Mobility, Mobility management, Permission Control, Real-Time, Security function, Smart devices
This work is distributed under the term of Creative Commons License (CCL)
(CC BY)
CC BY