Edinburgh Research Explorer

PhoneWrap - Injecting the "How Often" into Mobile Apps

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Related Edinburgh Organisations

Open Access permissions

Open

Documents

  • Download as Adobe PDF

    Final published version, 1 MB, PDF-document

    Licence: Creative Commons: Attribution (CC-BY)

http://ceur-ws.org/Vol-1575/paper_11.pdf
Original languageEnglish
Title of host publicationProceedings of the 1st International Workshop on Innovations in Mobile Privacy and Security co-located with the International Symposium on Engineering Secure Software and Systems (ESSoS 2016)
PublisherCEUR-WS.org
Pages11-19
Number of pages9
Publication statusPublished - Apr 2016
Event1st International Workshop on Innovations in Mobile Privacy and Security co-located with the International Symposium on Engineering Secure Software and Systems - London, United Kingdom
Duration: 6 Apr 20166 Apr 2016
http://ceur-ws.org/Vol-1575/

Publication series

NameCEUR Workshop Proceedings
PublisherCEUR-WS.org
Volume1575
ISSN (Print)1613-0073

Conference

Conference1st International Workshop on Innovations in Mobile Privacy and Security co-located with the International Symposium on Engineering Secure Software and Systems
Abbreviated titleIMPS 2016
CountryUnited Kingdom
CityLondon
Period6/04/166/04/16
Internet address

Abstract

Mobile apps have access to a variety of sensitive resources and data. Current permission based policies guarding these resources are not expressive enough to distinguish the wanted functionality from malicious attacks. We present the tool PhoneWrap which inserts fine-grained ticket-based policies into mobile JavaScript apps written with the PhoneGap framework. Our policies grant a bounded number of accesses for each functionality based on the user’s interaction with the app. The policies are enforced without modification of the execution environment. We have applied PhoneWrap successfully to hand-crafted examples and real-world Android apps to show that accurate policies can be retrofitted.

Download statistics

No data available

ID: 25410090