The Android Platform Security Model-Reference-Cited by-同舟云学术

The Android Platform Security Model

Published:2021-08-31 Issue:3 Volume:24 Page:1-35
ISSN:2471-2566
Container-title:ACM Transactions on Privacy and Security
language:en
Short-container-title:ACM Trans. Priv. Secur.

Author:

Mayrhofer René¹,Stoep Jeffrey Vander²,Brubaker Chad²,Kralevich Nick²

Affiliation:

1. Google and Johannes Kepler University Linz, Austria

2. Google, USA

Abstract

Android is the most widely deployed end-user focused operating system. With its growing set of use cases encompassing communication, navigation, media consumption, entertainment, finance, health, and access to sensors, actuators, cameras, or microphones, its underlying security model needs to address a host of practical threats in a wide variety of scenarios while being useful to non-security experts. The model needs to strike a difficult balance between security, privacy, and usability for end users, assurances for app developers, and system performance under tight hardware constraints. While many of the underlying design principles have implicitly informed the overall system architecture, access control mechanisms, and mitigation techniques, the Android security model has previously not been formally published. This article aims to both document the abstract model and discuss its implications. Based on a definition of the threat model and Android ecosystem context in which it operates, we analyze how the different security measures in past and current Android implementations work together to mitigate these threats. There are some special cases in applying the security model, and we discuss such deliberate deviations from the abstract model.

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,General Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3448609

Reference142 articles.

1. 2015. Stagefright Vulnerability Report. Retrieved from https://www.kb.cert.org/vuls/id/924951. 2015. Stagefright Vulnerability Report. Retrieved from https://www.kb.cert.org/vuls/id/924951.

2. 2017. BlueBorne. Retrieved from https://go.armis.com/hubfs/BlueBorne%20-%20Android%20Exploit%20(20171130).pdf?t=1529364695784. 2017. BlueBorne. Retrieved from https://go.armis.com/hubfs/BlueBorne%20-%20Android%20Exploit%20(20171130).pdf?t=1529364695784.

3. 2017. CVE-2017-13177. Retrieved from https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13177. 2017. CVE-2017-13177. Retrieved from https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13177.

4. 2018. Retrieved from https://www.stonetemple.com/mobile-vs-desktop-usage-study/. 2018. Retrieved from https://www.stonetemple.com/mobile-vs-desktop-usage-study/.

5. 2018. Retrieved from http://gs.statcounter.com/platform-market-share/desktop-mobile-tablet. 2018. Retrieved from http://gs.statcounter.com/platform-market-share/desktop-mobile-tablet.

Cited by 17 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Imaging privacy threats from an ambient light sensor;Science Advances;2024-01-12

2. Mobile App Distribution Transparency (MADT): Design and Evaluation of a System to Mitigate Necessary Trust in Mobile App Distribution Systems;Secure IT Systems;2023-11-08

3. An In-Depth Analysis of Android’s Java Class Library: its Evolution and Security Impact;2023 IEEE Secure Development Conference (SecDev);2023-10-18

4. App-based detection of vulnerable implementations of OTP SMS APIs in the banking sector;Wireless Networks;2023-07-22

5. A Survey and Evaluation of Android-Based Malware Evasion Techniques and Detection Frameworks;Information;2023-06-30