Android Security Framework: Enabling Generic and Extensible Access Control on Android
This addresses the problem of fragmented and hard-to-maintain security solutions for Android developers and users, though it is incremental as it builds on established frameworks like Linux Security Modules.
The authors tackled the lack of a generic and extensible security framework for Android by introducing the Android Security Framework (ASF), which enables the development and integration of various security models as code-based modules, overcoming the need for separate patches or mainline codebase embedding.
We introduce the Android Security Framework (ASF), a generic, extensible security framework for Android that enables the development and integration of a wide spectrum of security models in form of code-based security modules. The design of ASF reflects lessons learned from the literature on established security frameworks (such as Linux Security Modules or the BSD MAC Framework) and intertwines them with the particular requirements and challenges from the design of Android's software stack. ASF provides a novel security API that supports authors of Android security extensions in developing their modules. This overcomes the current unsatisfactory situation to provide security solutions as separate patches to the Android software stack or to embed them into Android's mainline codebase. As a result, ASF provides different practical benefits such as a higher degree of acceptance, adaptation, and maintenance of security solutions than previously possible on Android. We present a prototypical implementation of ASF and demonstrate its effectiveness and efficiency by modularizing different security models from related work, such as context-aware access control, inlined reference monitoring, and type enforcement.