A User-Centric Security Policy Enforcement Framework for Hybrid Mobile Applications
Date of Award
2019
Degree Name
Master of Computer Science (M.C.S.)
Department
Department of Computer Science
Advisor/Chair
Advisor: Phu H. Phung
Abstract
Hybrid mobile application development frameworks are used to develop mobile applications with web standards, thus achieving cross-platform development. These frameworks provide JavaScript bridges interfaces for the applications to access the device resources. Despite the advantages of cross-platform development, hybrid mobile apps pose serious security issues as any JavaScript code such as Ads within an app can access the granted device resources and compromise the privacy of users.In this work, we have developed an origin-based and fine-grained policy enforcement framework for hybrid mobile apps to prevent potential malicious behaviors and privacy violations from different origins. We have designed various policy categories, implemented a policy engine to enforce these policies and provided a graphical interface for users to customize these policies based on their requirements. Developed in JavaScript, our framework is highly extensible as it can be adapted into other hybrid frameworks. Ourexperimental results demonstrated that the framework allows end-users to customize the policies and control the usage of device resources. The simulated attack scenarios are strictly blocked by our policy enforcement engine thus protecting device resource misuse and users' privacy.
Keywords
Computer Science, hybrid mobile apps, user-centric policy, fine-grained policy, privacy, usage control
Rights Statement
Copyright © 2019, author
Recommended Citation
Sunkaralakunta Venkatarama Reddy, Rakesh, "A User-Centric Security Policy Enforcement Framework for Hybrid Mobile Applications" (2019). Graduate Theses and Dissertations. 6671.
https://ecommons.udayton.edu/graduate_theses/6671
