Abstract:
Policy enforcement and policy management on mobile phones is challenging task where multi stake holders own rights on device resources. End-users are therefore confined to utilize resources present on these devices conforming to the policy. Policy imposed on users is based on the roles to which they belong as well the sessions in which they are assigned duties. Policy enforcement mechanisms provided by current mobile operating systems do not comply to situations where the mobile resources are owned by multiple stake holders instead of a single user, for example an enterprise owing mobile devices and providing them to their employees. In this context, we perform stakeholder analysis to identify requirements for our multi stake holder model and analyze overall system behavior on policy enforcement and management.
We proceed by transforming Android’s single user policy model to a potentially dynamic multi stake holder policy model where the authority defines policies for resource usage on mobile device using Policy writing tool for Android (PWTA) . This tool is implemented as a web application which helps authorized personnel to define and write policy to the database server from where the policy is downloaded autonomously and dynamically on mobile device using web services.
The authorized personnel is primary stake holder and can be owner of the device, any higher offical member of the department or an administrator in a cooperate environment.Our proposed model is a comprehensive approach towards policy enforcement in a multi stake mobile user environment that achieves usage control on mobile devices based on roles of users. With minimal changes to Android base framework our model is light weight and compatible with existing permission mechanism of Android Policy enforcement and policy management on mobile phones is challenging task where multi stake holders own rights ondevice resources.
Types of Constraints:
Challenges:
We encountered some challenges while designing our model which need to be addressed.
Application specific and system wide policy enforcement:
Our model should handle both application specific policy (which scope is within an
application and a separate policy file exists for each application) as well as system wide policy (which scope is entire system services and has single policy acting for system services)
Delimiting application installation: Our model
should restrict user from installing any 3rd party application on mobile devices unless explicitly allowed by policy. This is required because enterprise may not their employees to install and use applications on mobiles that do not have any official purpose, for example gaming applications.
Light weight mobile framework:
Our model should be compatible with current Android framework and performance overhead should to be minimal. This can be achieved by avoiding too many new classes and plentiful methods in Android source code.
Target Architecture :
We propose an advanced administrative approach for usage based policy enforcement mechanism for Android in which mobile device autonomously fetches policy from web server using web services and enforces this policy on user. Our architecture consists of server part and mobile framework part which comprise of several modules that includes PDP (Policy decision point), DPEP s (Distributed policy enforcement points), CPEP (Central policy enforcement point), PD (Policy database) and AD (Attribute database). In this section we explain functionality of these modules in resolving access permission requests and enforcing usage control based policy on system resources. At administrator’s end,policy is created using interface provided by PWTA and is uploaded to server where data base is maintained for each user assigned to a role. The policy is then fetched from server using web services which is then stored by mobile in a repository known as Policy database. This database maintains both application-specific and system-specific policies in a single repository. It is then updated at initiation of each session by downloading policy from server. Application accesses system resources using Android’s permission mechanism. In addition to the Android’s current permission resolving mechanism,
our model performs some additional operations on the permission request before access is granted. The permission request is forwarded to a central point known as Central policy enforcement point (CPEP). It is at this point where an application is allowed or denied to access any resource. Exceptions are handled by CPEP in case when application is not granted access. Permissions request is then forwarded to Policy distribution point which serves as main decision maker for access decisions. PDP first extracts policy from policy
DB and resource usage history from attribute DB. Both contents of policy DB and attribute DB are compared in PDP and if the usage of resource has reached its defined limits, CPEP is informed. Attribute database stores information of resource usage by continuously updating its contents upon every access made to resource, for example usage information on number of SMS send by an application is stored in attribute DB. Distributed policy enforcement point updates the attribute DB with relevant information on usage history
and is present within in each service known individually as policy enforcement points. PEP enforces access decision forwarded to it by CPEP for its respective service Xml Policy
Policy Structure:
Structure:
Policy is comprised of labels that include permission names and attributes that are denied for each service. Name is the label for android specic permission for example android.permission.SEND SMS, status is 1 or 0 shows whether the service is enable or disabled respectively. limit in case of SMS de nes the number of SMS allowed to be send while for Call we have block list instead, that de nes the numbers to which the calling facility is blocked. We can de ne anti-block list that negates the functionality of block list that is only allow calling to numbers mentioned in the
list. In case of internet we have download limit that de nes the amount in kilo bytes or megabytes allowed to be downloaded using internet. Note that the rest of parameters that are required by GUI but not mentioned in XML le are handled by web services and data bases themselves for example creation and assignment of roles, devices etc. The generated policy in xml form is either uploaded to data base or directly ported to mobile device. Ultimate destination of policy is however, the policy repository on mobile device from where it comes into action for  implementing fine grained access control.
Performance evaluation:
To evaluate overall performance of framework in resolving access permission request, we calculate execution time of each of our defined methods. We ported our Android version on HTC Android Developer Phone (ADP). We include some facts and figures in the table
that shows execution time of each of the method. IsP olicyUpdateT ime() method implements a timer that invokes methods for policy update and has therefore no overhead, so we consider time taken by all other methods. checkP olicyV ersion() and updatePolicy()are executed only when the policy update is requested, so the overhead caused by these two methods is only causable for policy update and not during regular access to each service.
Methods as isLimitExceeded() is present within each service however a slight difference of milliseconds exists comparative to time taken by each service. We calculate the mean value of execution time of each of these methods for our results to be precise and shown in table. From the facts and figure listed in table it can be concluded that the time taken by a policy enforcement procedure is almost same for all services and overall overhead is minimal. Moreover, the execution time of methods like check PolicyVersion() and update Policy() is evaluated once the policy update is requested for example once in a
session (a session in our use case is 8 working hours) so its time taken in milliseconds is negligible.
Real world applications testing on our administrative role back access control framework:
1. Facebook for Android:
Description: Is a popular share and stay connected with your friends application now available for Android. With this application we can use Facebook web application and share status updates from your home screen, chat with friends, check out News Feed, review upcoming Events, look at friends walls and user info, check into Places to get Deals, upload Photos, share links, check your Messages, and watch videos.
Required Permissions:
This application requires a number of permission but here we only include those permissions that are part of enforcement model.
• User accounts that manages the accounts list Allows an application to perform operations like adding, and removing accounts and deleting their password. Acts as account authenticator by allowing an application to use the account authenticator capabilities of the Account Manager, including creating accounts and getting and setting their passwords.
• User location that require fine (GPS) location Access fine location sources such as the Global Positioning System on the device, where available.
• Network communication that requires full Internet access Allows an application to create network sockets.
• User personal information required to read and write contact data Allows an application to read all of the contact (address) data stored on your device. Allows an application to modify the contact (address) data stored on your device.
Fine grained access control on Facebook application:
Facebook application requires full internet access in order to update user status and other information displayed on user face book page. User has to allow full internet access for which the mobile has to connect to internet. User may allow internet using Wi-Fi, however she might not want to allow internet access when Wi-Fi is not present i.e, using GPRS for accessing internet due to limited GPRS package. Android currently does not allow such customization of permissions that could limit amount of data download from internet. However, our extended framework for android lets user not only restrict amount of data download from internet but also restrict internet usage when user has no Wi-Fi connection available. This is perfect example of usage based constraint that we refer as fine grained access control in Android framework. Privacy is a main issue when it comes to using social networking application. User cannot bear if her sensitive data or information is  compromised in any circumstance. A user may wish not to allow face book application to read or write contacts data stored on her device due to privacy reasons. Android current framework subjects users to allow all requested permissions at install time. User cannot deny access of application to access contacts when once it has been granted permission. However our framework makes user capable to restrict application to read or write contacts data stored on device, even if permission was granted before at install time. Similarly user might not want to disclose her exact location on face book to be updated, so she can deny GPS access while preserving functionality of application. This is a good example of
common access control mechanism that our framework is capable to impose.
2. Easy Tether
Description: With this application now its become far much easy to tether Android phone to any system having Windows, Mac OS X, Ubuntu, ps3, wii and xbox. The best feature about this application is that it does not require root privileges on phone and also its free to tether. It shares phone Internet connection with PC (Windows 7/Vista/XP 64-bit/32-bit, Mac OS X, Ubuntu, Fedora). EasyTether application works via USB. EasyTether is developed by Mobile Stream and published by Polyclef Software.
Permissions: Following are the permissions required by this application in order to be correctly installed and run.
• Network communication which includes full Internet access. This is required as core requirement which allows an application to create network sockets.
• System tools so that the application automatically start at boot. This will allow an application to have itself started as soon as the system has finished booting.
Fine grained access control on Easy tether application: Tethering is a smart technology feature that provides ease of internet connectivity even when no internet connection is present on them like Personal computers, laptops etc., while still can surf the internet using mobile data communication network using GRPS or EDGE technology. Tethering is gaining significance in daily life where we are unable to connect our laptop or PC to common wired and wireless mediums. Internet access on phone via GRPS is the core requirement of this application as without this would be unable to provide internet connectivity to other devices such as laptops. Suppose a laptop and pc is connected to mobile phone and start using internet using tethering. User may have purchased internet data package from any service provider at some cost per Mbytes. User would not want the connected devices to run out of data packages by downloading enormous amount of data for unlimited period of
time, rather it is required that the mobile should allow specific amount of data to be downloaded by other devices in order to control the cost on data packages for GRPS. Our framework comes in action in such situation where user requires imposing fine grained access control which is on internet service in this case. Otherwise, Android current framework has no means to control the usage of internet resource utilized
by applications .
3. Quick Office
Overview: Quickoffice takes mobile productivity to the next level with most comprehensive suite ever for Android smartphones. With this suite one can CREATE, VIEW, and EDIT, Microsoft Office files including Word documents, Excel spread-sheets, and PowerPoint presentations. Conveniently access files remotely from your Google Docs, Dropbox, Huddle, SugarSync, and MobileMe accounts or from SD card with enhanced Connected File Manager. Also included is advanced PDF viewer. This suite comes with the following main features: Seamlessly access Google Docs, Dropbox, Box, Huddle, SugarSync, and MobileMe and access and manage files on SD Card. View Office and non-Office files within the file manager and create, copy, move, delete and rename files and folders. Share files via e-mail, SMS, Bluetooth,
and cloud services moreover, browse zip files and copy files from zip folders to other directories.
Permissions:
This application requires access using the following permissions:
• Messages to read Gmail. This permission will allow application to read and modify Gmail including sending and deleting mail.
• Read SMS or MMS which allows application to read SMS messages stored on device or SIM card. Network communication that requires full Internet access which allows an application to create network sockets.
• Personal information to read contact data that will allow an application to read all of the contact (address) data stored on device.
• Phone calls that will allow reading phone state and identity, moreover it allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
• Storage that can modify/delete USB storage contents modify/delete SD card contents and will allow an application to write to the USB storage, and some other permissions that we do not include here as they are not cost and security sensitive.
Fine grained access control discussion on Quick Office application:
Keeping in view the features of this application we can understand that this application is very useful suite that provides a lot of ease for consumer when dealing with documents of various formats and kinds for example word, power point, excel pdf etc. This application requires permission to read and modify users Gmail data, access to personal information to read contacts data that will allow reading contacts
data stored on device. A typical user may want to use the office features for documentation and presentation etc., but may not want to allow application to modify email data, or personal data stored in phone contacts. In other words the user might not be interested in the additional functionalities that this application provides besides basic documentation facility. With currently available Android framework it would thus not be possible to restrict this application from accessing email data or personal information from phone contacts as these permissions are
mandatory granted at install time. However, when subjected to the extended Android framework, user is not only able to deny applications access to email data and personal information but also can fine tune the rest of permissions that this application requires, for example Phone call permission that leads to reading the phones state whether a call is active and the number that call is connected to etc.

Leave a Reply


(Required)

(Required)