Projects per year
Abstract / Description of output
Security in Android applications is enforced with access control policies implemented via permissions giving access to different resources on the phone. These permissions are often too coarse and on most Android platforms, based on an all-or-nothing decision. How can we grant permissions and be sure they will not be misused? We propose a policy-based lightweight approach for the verification and certification of Android applications with respect to a given policy. It consists of a verifier running on a conventional computer and a checker residing on an Android mobile device. The verifier applies static analysis to show the conformance between an application and a given policy. It also generates a certificate asserting the validity of the analysis result. The checker, on a mobile device, can then check the validity of the certificate to confirm or refute the fulfilment of the policy by the application before installing it. This scheme represents a potential future model for app stores where apps are equipped with policies and checkable evidence. We have implemented our approach and report on preliminary results obtained for a set of popular real-world applications.
Original language | English |
---|---|
Title of host publication | Proceedings - 2016 IEEE Cybersecurity Development, SecDev 2016 |
Place of Publication | Boston, MA, USA |
Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
Pages | 94-100 |
Number of pages | 7 |
ISBN (Electronic) | 978-1-5090-5589-0 |
ISBN (Print) | 978-1-5090-5590-6 |
DOIs | |
Publication status | Published - 6 Feb 2017 |
Event | 2016 IEEE Cybersecurity Development, SecDev 2016 - Boston, United States Duration: 3 Nov 2016 → 4 Nov 2016 |
Conference
Conference | 2016 IEEE Cybersecurity Development, SecDev 2016 |
---|---|
Country/Territory | United States |
City | Boston |
Period | 3/11/16 → 4/11/16 |
Keywords / Materials (for Non-textual outputs)
- Android
- Certification
- Security policies
- Static analysis
Fingerprint
Dive into the research topics of 'Certified Lightweight Contextual Policies for Android'. Together they form a unique fingerprint.Projects
- 1 Finished
-
App Guarden: Resilient Application Stores
Aspinall, D., Franke, B., Gordon, A., Sannella, D., Stark, I. & Sutton, C.
1/09/13 → 31/08/16
Project: Research