Title

A User-Centric Security Policy Enforcement Framework for Hybrid Mobile Applications

Date of Award

1-1-2019

Degree Name

Master of Computer Science (M.C.S.)

Department

Department of Computer Science

Advisor/Chair

Advisor: Phu H. Phung

Abstract

Hybrid mobile application development frameworks are used to develop mobile applications with web standards, thus achieving cross-platform development. These frameworks provide JavaScript bridges interfaces for the applications to access the device resources. Despite the advantages of cross-platform development, hybrid mobile apps pose serious security issues as any JavaScript code such as Ads within an app can access the granted device resources and compromise the privacy of users.In this work, we have developed an origin-based and fine-grained policy enforcement framework for hybrid mobile apps to prevent potential malicious behaviors and privacy violations from different origins. We have designed various policy categories, implemented a policy engine to enforce these policies and provided a graphical interface for users to customize these policies based on their requirements. Developed in JavaScript, our framework is highly extensible as it can be adapted into other hybrid frameworks. Ourexperimental results demonstrated that the framework allows end-users to customize the policies and control the usage of device resources. The simulated attack scenarios are strictly blocked by our policy enforcement engine thus protecting device resource misuse and users' privacy.

Keywords

Computer Science, hybrid mobile apps, user-centric policy, fine-grained policy, privacy, usage control

Rights Statement

Copyright 2019, author

Share

COinS