Visible to the public SPE: Security and Privacy Enhancement Framework for Mobile Devices

TitleSPE: Security and Privacy Enhancement Framework for Mobile Devices
Publication TypeJournal Article
Year of Publication2017
AuthorsKrupp, B., Sridhar, N., Zhao, W.
JournalIEEE Transactions on Dependable and Secure Computing
Keywordsandroid, Android (operating system), compositionality, data privacy, Encryption, human factors, ios, iOS (operating system), iOS Security, Metrics, mobile computing, mobile devices, Mobile handsets, mobile privacy, mobile security, Multimedia communication, Ontologies, ontologies (artificial intelligence), Ontology, Operating systems, operating systems (computers), privacy, pubcrawl, Resiliency, security, security and privacy enhancement, security of data, sensing, Sensors, SPE, unmodified mobile operating systems

In this paper, we present a security and privacy enhancement (SPE) framework for unmodified mobile operating systems. SPE introduces a new layer between the application and the operating system and does not require a device be jailbroken or utilize a custom operating system. We utilize an existing ontology designed for enforcing security and privacy policies on mobile devices to build a policy that is customizable. Based on this policy, SPE provides enhancements to native controls that currently exist on the platform for privacy and security sensitive components. SPE allows access to these components in a way that allows the framework to ensure the application is truthful in its declared intent and ensure that the user's policy is enforced. In our evaluation we verify the correctness of the framework and the computing impact on the device. Additionally, we discovered security and privacy issues in several open source applications by utilizing the SPE Framework. From our findings, if SPE is adopted by mobile operating systems producers, it would provide consumers and businesses the additional privacy and security controls they demand and allow users to be more aware of security and privacy issues with applications on their devices.

Citation Keykrupp_spe:_2017