A collaborative policy-based security scheme to enforce resource access controlling mechanism

Muthumanickam, K.; Mahesh, P. C. Senthil

doi:10.1007/s11276-019-01984-x

Cited by 3 publications

(1 citation statement)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Authors in [45] design an Android lightweight kernel layer mandatory access control framework, analyze and discuss the necessity of terminal kernel layer security protection and propose and finalize verifiable the lightweight kernel layer access control model. Similarly, authors in [46] present a security system called collaborative policy-based security scheme (CSS) that permits users to customize the access permissions of Android applications during runtime. They therefore present a collaboration-based security model for discovering m-apps that misuse user/system permissions to violate the predefined security policies.…”

Section: A Access Controlmentioning

confidence: 99%

ARANAC: A Bring-Your-Own-Permissions Network Access Control Methodology for Android Devices

et al. 2021

View full text Add to dashboard Cite

In this paper, we introduce a new methodology for network access control for Android devices based on app risk assessment. Named ARANAC (which stands for Application Risk Assessment based Network Access Control), this methodology is specially tailored for scenarios using the Bring-Your-Own-Device (BYOD) policy, where the adoption of some solutions can lead to problems in security and privacy for both the employees and the business organization. ARANAC mainly relies on the analysis of an aggregate of permissions declared in the manifests of installed applications on users' devices. The access control scheme combines three operational modules: i) a device monitoring tool, ii) a novel permission-based risk model, and iii) an anomaly-based detection machine learning module based on a methodology (called MSNM, from Multivariate Statistical Network Monitoring) that provides both detection and diagnostic capabilities. ARANAC's novelty is in the combination of four features. Firstly, it is privacy-aware, and thus, it does not require detailed information about installed applications but only an aggregate of permissions. Secondly, it builds a normality model by combining expert knowledge with data, capturing the behavior of a complete population of mobile devices. Thirdly, it is dynamic, as permissions are updated in real time, allowing the network to re-assess access control on a continuous basis. Finally, its diagnostic capabilities allow for giving recommendations to final users so that they are capable of mitigating their risks when accessing networks. We evaluated the approach with more than 80 Android devices at a university campus network and obtained interesting results regarding security risks in the usual deployment of device apps.INDEX TERMS Android permissions, bring-your-own-device, mobile security, network access control, risk assessment.

show abstract

Section: A Access Controlmentioning

confidence: 99%

ARANAC: A Bring-Your-Own-Permissions Network Access Control Methodology for Android Devices

et al. 2021

View full text Add to dashboard Cite

show abstract

RETRACTED ARTICLE: Access authentication control method for library historical archive resources based on key sharing

Zhang

Hua

2022

Ann Oper Res

View full text Add to dashboard Cite

App-based detection of vulnerable implementations of OTP SMS APIs in the banking sector

Aparicio¹,

González²,

Cardeñoso-Payo³

2023

Wireless Netw

View full text Add to dashboard Cite

Two Factor Authentication (2FA) using One Time Password (OTP) codes via SMS messages is widely used. In order to improve user experience, Google has proposed APIs that allow the automatic verification of the SMS messages without the intervention of the users themselves. They reduce the risks of user error, but they also have vulnerabilities. One of these APIs is the SMS Retriever API for Android devices. This article presents a method to study the vulnerabilities of these OTP exchange APIs in a given sector. The most popular API in the sector is selected, and different scenarios of interaction between mobile apps and SMS OTP servers are posed to determine which implementations are vulnerable. The proposed methodology, applied here to the banking sector, is nevertheless simple enough to be applied to any other sector, or to other SMS OTP APIs. One of its advantages is that it proposes a method for detecting bad implementations on the server side, based on analyses of the apps, which boosts reusability and replicability, while offering a guide to developers to prevent errors that cause vulnerabilities. Our study focuses on Spain’s banking sector, in which the SMS Retriever API is the most popular. The results suggest that there are vulnerable implementations which would allow cybercriminals to steal the users SMS OTP codes. This suggests that a revision of the equilibrium between ease of use and security would apply in order to maintain the high level of security which has traditionally characterized this sector.

show abstract

A collaborative policy-based security scheme to enforce resource access controlling mechanism

Cited by 3 publications

References 21 publications

ARANAC: A Bring-Your-Own-Permissions Network Access Control Methodology for Android Devices

ARANAC: A Bring-Your-Own-Permissions Network Access Control Methodology for Android Devices

RETRACTED ARTICLE: Access authentication control method for library historical archive resources based on key sharing

App-based detection of vulnerable implementations of OTP SMS APIs in the banking sector

Contact Info

Product

Resources

About