Fine-grained access control method for private data in android system

Abstract

In Android systems, sensitive information associated with system permission is exposed to the application completely once it gains the permission. To solve this problem, this article presents a fine-grained access control framework for sensitive information based on eXtensible Access Control Markup Language data flow model. In this framework, a user can define access policies for each application and resource and the application’s access request to sensitive information is evaluated by these policies. Therefore, all access requests must comply with the security policy irrespective of whether they have gained the permission associated with the information. This helps to protect sensitive data outside the Android permission mechanism. In order to facilitate users to manage policies, the proposed framework implements automatic policy generation and policy conflict detection functions. The framework is implemented in TaintDroid and experiments indicate that the improvement is effective in achieving fine-grained access control to sensitive information and does not adversely affect the system overhead costs.