DR BACA: dynamic role based access control for Android

Abstract

Android as an open platform dominates the booming mobile market. However its permission mechanism is inflexible and often results in over-privileged applications. This in turn creates severe security issues. Aiming to support the Principle of Least Privilege, we propose and implement a Dynamic Role Based Access Control for Android (DR BACA) model to enhance Android security, particularly in corporate environment. Our system offers multi-user management on Android mobile devices comparable to traditional workstations, and provides fine-grained Role Based Access Control (RBAC) to enhance Android security at both the application and permission level. Moreover, by leveraging context-aware capabilities of mobile devices and Near Field communication (NFC) technology, our solution supports dynamic RBAC to provide more flexible access control while still being able to mitigate some of the most serious security risks on mobile devices. The DR BACA system can easily be managed, even in large business environments with many mobile devices. We show that our DR BACA system can be deployed and used with ease. With a proper security policy, our evaluation shows that DR BACA can effectively mitigate the security risks posed by both malicious and vulnerable non-malicious applications while incurring only a small overall system overhead.