Fine-grained access control for HTML5-based mobile applications in android

Xing Jin, Lusha Wang, Tongbo Luo, Wenliang Du

Research output: Chapter in Book/Entry/PoemConference contribution

17 Scopus citations

Abstract

HTML5-based mobile applications are becoming more and more popular because they can run on different platforms. Several newly introduced mobile OS natively support HTML5-based applications. For those that do not provide native support, such as Android, iOS, and Windows Phone, developers can develop HTML5-based applications using middlewares, such as PhoneGap. In these platforms, programs are loaded into a web component, called WebView, which can render HTML5 pages and execute JavaScript code. In order for the program to access the system resources, which are isolated from the content inside WebView due to its sandbox, bridges need to be built between JavaScript and the native code (e.g. Java code in Android). Unfortunately, such bridges break the existing protection that was originally built into WebView. In this paper, we study the potential risks of HTML5-based applications, and investigate how the existing mobile systems’ access control supports these applications. We focus on Android and the PhoneGap middleware. However, our ideas can be applied to other platforms. Our studies indicate that Android does not provide an adequate access control for this kind of applications. We propose a fine-grained access control mechanism for the bridge in Android system. We have implemented our scheme in Android and have evaluated its effectiveness and performance.

Original languageEnglish (US)
Title of host publicationInformation Security - 16th International Conference, ISC 2013, Proceedings
EditorsYvo Desmedt
PublisherSpringer Verlag
Pages309-318
Number of pages10
ISBN (Print)9783319276588
DOIs
StatePublished - 2015
Event16th International Conference on Information Security, ISC 2013 - Dallas, United States
Duration: Nov 13 2013Nov 15 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7807
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other16th International Conference on Information Security, ISC 2013
Country/TerritoryUnited States
CityDallas
Period11/13/1311/15/13

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Fine-grained access control for HTML5-based mobile applications in android'. Together they form a unique fingerprint.

Cite this