Edinburgh Research Explorer

Certified Lightweight Contextual Policies for Android

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Related Edinburgh Organisations

Open Access permissions

Open

Documents

https://ieeexplore.ieee.org/document/7839801/
http://ieeexplore.ieee.org/document/7839801/
Original languageEnglish
Title of host publicationProceedings - 2016 IEEE Cybersecurity Development, SecDev 2016
Place of PublicationBoston, MA, USA
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages94-100
Number of pages7
ISBN (Electronic)978-1-5090-5589-0
ISBN (Print)978-1-5090-5590-6
DOIs
Publication statusPublished - 6 Feb 2017
Event2016 IEEE Cybersecurity Development, SecDev 2016 - Boston, United States
Duration: 3 Nov 20164 Nov 2016

Conference

Conference2016 IEEE Cybersecurity Development, SecDev 2016
CountryUnited States
CityBoston
Period3/11/164/11/16

Abstract

Security in Android applications is enforced with access control policies implemented via permissions giving access to different resources on the phone. These permissions are often too coarse and on most Android platforms, based on an all-or-nothing decision. How can we grant permissions and be sure they will not be misused? We propose a policy-based lightweight approach for the verification and certification of Android applications with respect to a given policy. It consists of a verifier running on a conventional computer and a checker residing on an Android mobile device. The verifier applies static analysis to show the conformance between an application and a given policy. It also generates a certificate asserting the validity of the analysis result. The checker, on a mobile device, can then check the validity of the certificate to confirm or refute the fulfilment of the policy by the application before installing it. This scheme represents a potential future model for app stores where apps are equipped with policies and checkable evidence. We have implemented our approach and report on preliminary results obtained for a set of popular real-world applications.

    Research areas

  • Android, Certification, Security policies, Static analysis

Event

2016 IEEE Cybersecurity Development, SecDev 2016

3/11/164/11/16

Boston, United States

Event: Conference

Download statistics

No data available

ID: 28280718