Permission-based security models provide controlled access to various system resources. The expressiveness of the permission set plays an important role in providing the right level of granularity in access control. In this work, we present a methodology for the empirical analysis of permission-based security models which makes novel use of the Self-Organizing Map (SOM) algorithm of Kohonen (2001). While the proposed methodology may be applicable to a wide range of architectures, we analyze 1,100 Android applications as a case study. Our methodology is of independent interest for visualization of permissionbased systems beyond our present Android-specific empirical analysis. We offer some discussion identifying potential points of improvement for the Android permission model, attempting to increase expressiveness where needed without increasing the total number of permissions or overall complexity. Copyright 2010 ACM.

Additional Metadata
Keywords Access control, Permission-based security, Self-organizing maps, Smartphone operating systems, Visualization
Persistent URL dx.doi.org/10.1145/1866307.1866317
Conference 17th ACM Conference on Computer and Communications Security, CCS'10
Citation
Barrera, D. (David), Kayacik, H.G. (H. Güneş), Van Oorschot, P, & Somayaji, A. (2010). A methodology for empirical analysis of permission-based security models and its application to Android. Presented at the 17th ACM Conference on Computer and Communications Security, CCS'10. doi:10.1145/1866307.1866317