The Android Platform Security Model-Reference-Cited by-同舟云学术

The Android Platform Security Model

Published:2021-08-31 Issue:3 Volume:24 Page:1-35
ISSN:2471-2566
Container-title:ACM Transactions on Privacy and Security
language:en
Short-container-title:ACM Trans. Priv. Secur.

Author:

Mayrhofer René¹,Stoep Jeffrey Vander²,Brubaker Chad²,Kralevich Nick²

Affiliation:

1. Google and Johannes Kepler University Linz, Austria

2. Google, USA

Abstract

Android is the most widely deployed end-user focused operating system. With its growing set of use cases encompassing communication, navigation, media consumption, entertainment, finance, health, and access to sensors, actuators, cameras, or microphones, its underlying security model needs to address a host of practical threats in a wide variety of scenarios while being useful to non-security experts. The model needs to strike a difficult balance between security, privacy, and usability for end users, assurances for app developers, and system performance under tight hardware constraints. While many of the underlying design principles have implicitly informed the overall system architecture, access control mechanisms, and mitigation techniques, the Android security model has previously not been formally published. This article aims to both document the abstract model and discuss its implications. Based on a definition of the threat model and Android ecosystem context in which it operates, we analyze how the different security measures in past and current Android implementations work together to mitigate these threats. There are some special cases in applying the security model, and we discuss such deliberate deviations from the abstract model.

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,General Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3448609

Reference142 articles.

1. 2015. Stagefright Vulnerability Report. Retrieved from https://www.kb.cert.org/vuls/id/924951. 2015. Stagefright Vulnerability Report. Retrieved from https://www.kb.cert.org/vuls/id/924951.

2. 2017. BlueBorne. Retrieved from https://go.armis.com/hubfs/BlueBorne%20-%20Android%20Exploit%20(20171130).pdf?t=1529364695784. 2017. BlueBorne. Retrieved from https://go.armis.com/hubfs/BlueBorne%20-%20Android%20Exploit%20(20171130).pdf?t=1529364695784.

3. 2017. CVE-2017-13177. Retrieved from https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13177. 2017. CVE-2017-13177. Retrieved from https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13177.

4. 2018. Retrieved from https://www.stonetemple.com/mobile-vs-desktop-usage-study/. 2018. Retrieved from https://www.stonetemple.com/mobile-vs-desktop-usage-study/.

5. 2018. Retrieved from http://gs.statcounter.com/platform-market-share/desktop-mobile-tablet. 2018. Retrieved from http://gs.statcounter.com/platform-market-share/desktop-mobile-tablet.

Cited by 23 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Leveraging application permissions and network traffic attributes for Android ransomware detection;Journal of Network and Computer Applications;2024-10

2. To Boldly Go Where No Fuzzer Has Gone Before: Finding Bugs in Linux’ Wireless Stacks through VirtIO Devices;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19

3. SoK: The Long Journey of Exploiting and Defending the Legacy of King Harald Bluetooth;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19

4. Survey of Real-World Process Sandboxing;2024 35th Conference of Open Innovations Association (FRUCT);2024-04-24

5. Imaging privacy threats from an ambient light sensor;Science Advances;2024-01-12