Presentation is loading. Please wait.

Presentation is loading. Please wait.

Byron Alleman Will Galloway Jesse McCall. Permission Based Security Model Users can only use features for which their permissions grant them access Abstracts.

Published byGabriel Flowers Modified over 9 years ago

Similar presentations

Presentation on theme: "Byron Alleman Will Galloway Jesse McCall. Permission Based Security Model Users can only use features for which their permissions grant them access Abstracts."— Presentation transcript:

1 Byron Alleman Will Galloway Jesse McCall

2 Permission Based Security Model Users can only use features for which their permissions grant them access Abstracts the hierarchy system More freedom than the hierarchy system More secure in theory because nothing is trusted unless they have permissions Pretty much pioneered by Android

3 Android Permissions Overview Android treats all applications as untrustworthy users Each app runs in its own virtual machine If an application has special needs it must request permission Attempting to access a system feature that the application doesn’t have permission for either results in the feature not starting or a security error

4 Android Permissions Continued… Requested permissions are displayed in the Play store Android assigns the application a unique linux user ID Permissions requested by an application are declared in the application’s AndroidManifest.xml file

5 ProsCons Applications should only have access to features they require to function as intended Ideally applications wont be able to negatively impact other applications or the user Applications can request more permissions than they require Leaves system open to possible malicious attack

6 Types of Permissions Normal Low-risk permissions Automatically granted Example: Flashlight, Read SD card contents Dangerous Higher-risk permissions that the user must confirm before installing the application Can negatively impact the user Example: Internet Access, Send SMS

7 Types of Permissions continued Signature Permissions that the system only grants if the requesting application is signed with the same certificate as the application that declared the permission. Automatically granted Signature/System Permissions that the system only grants to apps that are in the Android system image or signed with the same certificate Automatically granted

8 Application Defined Permissions Applications can enforce their own defined permissions. Ensures self-protection and preservation of the application. Applications can specify exactly what outside applications can access of its resources.

9 The Problem Many users don’t understand the permissions system Many users ignore the permissions Permission descriptions aren’t always clear Permission location can easily be overlooked in the Play store

10 Survey Results 51.9% of surveyed always read permissions before downloading an app 44.3% of surveyed feel that all permissions are easy to comprehend 78.2% of surveyed have decided not to install an app based on its permissions

11 How to Fix Educate users about permissions and their impact Locate potentially hazardous applications on the device Better layout for permissions on the Play Store Advise users to be cautious when downloading from the third party app stores (like Amazon Market)

12 Other Applications Pocket Permissions App Profiles DroidRanger Stowaway

13 Our App Lists all permissions used by apps, grouped by apps Lists all apps that use each permission List apps that have a high risk based on permissions User guide to permissions Explains permissions Show the risk of each permission Tips for Android safety

14 DEMO

15 QUESTIONS?

Download ppt "Byron Alleman Will Galloway Jesse McCall. Permission Based Security Model Users can only use features for which their permissions grant them access Abstracts."

Similar presentations

Google Android Introduction to Mobile Computing. Android is part of the build a better phone process Open Handset Alliance produces Android Comprises.

Google Android Introduction to Mobile Computing. Android is part of the build a better phone process Open Handset Alliance produces Android Comprises.
Viking Shield Your personal safety app while at CSU.

Viking Shield Your personal safety app while at CSU.
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
New Security Issues Raised by Open Cards Pierre GirardJean-Louis Lanet GERMPLUS R&D.

New Security Issues Raised by Open Cards Pierre GirardJean-Louis Lanet GERMPLUS R&D.
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely P J Human Resources Pte Ltd presents:

Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely P J Human Resources Pte Ltd presents:
Android OS : Core Concepts Dr. Jeyakesavan Veerasamy Sr. Lecturer University of Texas at Dallas

Android OS : Core Concepts Dr. Jeyakesavan Veerasamy Sr. Lecturer University of Texas at Dallas
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.

Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
ASUS Demo App - Introduction

ASUS Demo App - Introduction
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID David Barrera, H. Güne¸s Kayacık, P.C. van Oorschot,

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID David Barrera, H. Güne¸s Kayacık, P.C. van Oorschot,
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Web Security A how to guide on Keeping your Website Safe. By: Robert Black.

Web Security A how to guide on Keeping your Website Safe. By: Robert Black.
Google Android as a mobile development platform T-110.7111 Internet Technologies for Mobile Computing Olli Mäkinen.

Google Android as a mobile development platform T Internet Technologies for Mobile Computing Olli Mäkinen.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
Lesson 18: Configuring Application Restriction Policies

Lesson 18: Configuring Application Restriction Policies
Document Management System

Document Management System
Installing software on personal computer

Installing software on personal computer
Network security policy: best practices

Network security policy: best practices

Similar presentations

Ads by Google