Context-aware permission control of hybrid mobile applications
First Claim
1. A method for controlling access to secure resources of a data processing system that includes a processor unit, the method comprising:
- removing, by the data processing system, all direct application programming interface calls by an application install on the data processing system to the secure resources of the data processing system;
requiring, by the data processing system, the application accessing the secure resources of the data processing system to utilize a set of custom information flow control application programming interfaces located in an information flow control module of the data processing system to call the secure resources;
generating, by the data processing system, an input-to-output mapping of the application installed on the data processing system that determines whether a secure resource of the secure resources in the data processing system is shared with an external entity associated with the application and under what specified conditions;
determining, by the data processing system, whether the specified conditions exist during runtime of the application;
responsive to the data processing system determining that the specified conditions do not exist during runtime of the application, preventing, by the data processing system, sharing of the secure resource of the data processing system with the external entity associated with the application; and
responsive to the data processing system determining that the specified conditions do exist during runtime of the application, allowing, by the data processing system, sharing of the secure resource of the data processing system with the external entity associated with the application.
6 Assignments
0 Petitions
Accused Products
Abstract
Controlling access to secure resources of a data processing system is provided. An input-to-output mapping of an application installed on the data processing system is generated that determines whether a secure resource in the data processing system is shared with an external entity associated with the application and under what specified conditions. It is determined whether the specified conditions exist during runtime of the application. In response to determining that the specified conditions do not exist during runtime of the application, sharing of the secure resource of the data processing system with the external entity associated with the application is prevented. In response to determining that the specified conditions do exist during runtime of the application, sharing of the secure resource of the data processing system with the external entity associated with the application is allowed.
22 Citations
7 Claims
-
1. A method for controlling access to secure resources of a data processing system that includes a processor unit, the method comprising:
-
removing, by the data processing system, all direct application programming interface calls by an application install on the data processing system to the secure resources of the data processing system; requiring, by the data processing system, the application accessing the secure resources of the data processing system to utilize a set of custom information flow control application programming interfaces located in an information flow control module of the data processing system to call the secure resources; generating, by the data processing system, an input-to-output mapping of the application installed on the data processing system that determines whether a secure resource of the secure resources in the data processing system is shared with an external entity associated with the application and under what specified conditions; determining, by the data processing system, whether the specified conditions exist during runtime of the application; responsive to the data processing system determining that the specified conditions do not exist during runtime of the application, preventing, by the data processing system, sharing of the secure resource of the data processing system with the external entity associated with the application; and responsive to the data processing system determining that the specified conditions do exist during runtime of the application, allowing, by the data processing system, sharing of the secure resource of the data processing system with the external entity associated with the application. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification