{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,3,30]],"date-time":"2022-03-30T17:57:14Z","timestamp":1648663034113},"reference-count":30,"publisher":"SAGE Publications","issue":"3","license":[{"start":{"date-parts":[[2019,3,1]],"date-time":"2019-03-01T00:00:00Z","timestamp":1551398400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["International Journal of Distributed Sensor Networks"],"published-print":{"date-parts":[[2019,3]]},"abstract":" In Android systems, sensitive information associated with system permission is exposed to the application completely once it gains the permission. To solve this problem, this article presents a fine-grained access control framework for sensitive information based on eXtensible Access Control Markup Language data flow model. In this framework, a user can define access policies for each application and resource and the application\u2019s access request to sensitive information is evaluated by these policies. Therefore, all access requests must comply with the security policy irrespective of whether they have gained the permission associated with the information. This helps to protect sensitive data outside the Android permission mechanism. In order to facilitate users to manage policies, the proposed framework implements automatic policy generation and policy conflict detection functions. The framework is implemented in TaintDroid and experiments indicate that the improvement is effective in achieving fine-grained access control to sensitive information and does not adversely affect the system overhead costs. <\/jats:p>","DOI":"10.1177\/1550147719840232","type":"journal-article","created":{"date-parts":[[2019,3,29]],"date-time":"2019-03-29T09:30:18Z","timestamp":1553851818000},"page":"155014771984023","update-policy":"http:\/\/dx.doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":0,"title":["Fine-grained access control method for private data in android system"],"prefix":"10.1177","volume":"15","author":[{"ORCID":"http:\/\/orcid.org\/0000-0001-9491-744X","authenticated-orcid":false,"given":"Gang","family":"Liu","sequence":"first","affiliation":[{"name":"School of Computer Science and Technology, Xidian University, Xi\u2019an, China"}]},{"given":"Guofang","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Xidian University, Xi\u2019an, China"}]},{"given":"Quan","family":"Wang","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Xidian University, Xi\u2019an, China"}]},{"given":"Shaomin","family":"Ji","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Xidian University, Xi\u2019an, China"}]},{"given":"Lizhi","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Xidian University, Xi\u2019an, China"}]}],"member":"179","published-online":{"date-parts":[[2019,3,29]]},"reference":[{"key":"bibr1-1550147719840232","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2017.09.042"},{"key":"bibr2-1550147719840232","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2017.2773646"},{"key":"bibr3-1550147719840232","author":"360 Fenghuo Lab","year":"2016","journal-title":"Mobile phone malicious program personal information situation analysis report"},{"issue":"12","key":"bibr4-1550147719840232","first-page":"126","volume":"2014","author":"China Information Security Evaluation Center","journal-title":"China Inform Secur"},{"issue":"2","key":"bibr5-1550147719840232","first-page":"129","volume":"32","author":"Enck W","year":"2010","journal-title":"ACM T Comput Syst"},{"key":"bibr6-1550147719840232","doi-asserted-by":"publisher","DOI":"10.1049\/iet-sen.2012.0101"},{"key":"bibr7-1550147719840232","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.05.007"},{"key":"bibr8-1550147719840232","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2017.2789219"},{"key":"bibr9-1550147719840232","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.07.013"},{"key":"bibr10-1550147719840232","doi-asserted-by":"publisher","DOI":"10.1007\/s00165-017-0445-z"},{"key":"bibr11-1550147719840232","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.10.005"},{"key":"bibr12-1550147719840232","volume-title":"Computer security applications conference","author":"Ongtang M"},{"key":"bibr13-1550147719840232","volume-title":"5th international symposium on ACM symposium on information, computer and communications security","author":"Nauman M"},{"key":"bibr14-1550147719840232","first-page":"365","volume-title":"International conference on software engineering","author":"Inverardi P"},{"key":"bibr15-1550147719840232","doi-asserted-by":"publisher","DOI":"10.1063\/1.4940270"},{"key":"bibr16-1550147719840232","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2015.2479613"},{"key":"bibr17-1550147719840232","volume-title":"12th workshop on mobile computing systems & applications","author":"Beresford AR"},{"key":"bibr18-1550147719840232","volume-title":"IEEE third international conference on privacy, security, risk and trust","author":"Russello G"},{"key":"bibr19-1550147719840232","volume-title":"Proceedings of the 22nd USENIX conference on Security","author":"Bugiel S"},{"key":"bibr20-1550147719840232","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.4180"},{"key":"bibr21-1550147719840232","volume-title":"Security enhanced (SE) Android: bringing flexible MAC to Android","author":"Malley S","year":"2013"},{"key":"bibr22-1550147719840232","doi-asserted-by":"publisher","DOI":"10.4236\/cn.2017.94016"},{"key":"bibr23-1550147719840232","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-54970-4_15"},{"key":"bibr24-1550147719840232","first-page":"1","volume":"19","author":"Marforio C","year":"2010","journal-title":"Application collusion attack on the permission-based security model and its implications for modern smartphone systems"},{"key":"bibr25-1550147719840232","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2016.2548426"},{"issue":"2","key":"bibr26-1550147719840232","first-page":"101","volume":"13","author":"Wei X","year":"2016","journal-title":"Appl Comput Inf"},{"key":"bibr27-1550147719840232","first-page":"23","volume-title":"Proceedings of the 20th USENIX conference on security","author":"Dietz M"},{"key":"bibr28-1550147719840232","volume-title":"International conference on ubiquitous intelligence & computing and international conference on autonomic & trusted computing","author":"Yagemann C"},{"key":"bibr29-1550147719840232","doi-asserted-by":"publisher","DOI":"10.1016\/j.pmcj.2016.04.013"},{"key":"bibr30-1550147719840232","doi-asserted-by":"publisher","DOI":"10.1109\/TLA.2015.7106371"}],"container-title":["International Journal of Distributed Sensor Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/1550147719840232","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/journals.sagepub.com\/doi\/full-xml\/10.1177\/1550147719840232","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/1550147719840232","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,12,6]],"date-time":"2020-12-06T20:42:08Z","timestamp":1607287328000},"score":1,"resource":{"primary":{"URL":"http:\/\/journals.sagepub.com\/doi\/10.1177\/1550147719840232"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,3]]},"references-count":30,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2019,3]]}},"alternative-id":["10.1177\/1550147719840232"],"URL":"http:\/\/dx.doi.org\/10.1177\/1550147719840232","relation":{},"ISSN":["1550-1477","1550-1477"],"issn-type":[{"value":"1550-1477","type":"print"},{"value":"1550-1477","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,3]]}}}
