Abstract
Most of the research work for enforcing security policies on smartphones considered coarse-grained policies, e.g. either to allow an application to run or not. In this paper we present CRePE, the first system that is able to enforce fine-grained policies, e.g. that vary while an application is running, that also depend on the context of the smartphone. A context can be defined by the status of some variables (e.g. location, time, temperature, noise, and light), the presence of other devices, a particular interaction between the user and the smartphone, or a combination of these. CRePE allows context-related policies to be defined either by the user or by trusted third parties. Depending on the authorization, third parties can set a policy on a smartphone at any moment or just when the phone is within a particular context, e.g. within a building, or a plane.
The work of this paper is partly supported by the project S-MOBILE, contract VIT.7627 funded by STW - Sentinels, The Netherlands. The work of the third author is partially funded by the EU project MASTER contract no. FP7-216917.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Android-Developers. Android dev phones, http://developer.android.com/guide/developing/device.html (retrieved June 30, 2010)
Android Project. Android, http://www.android.com (retrieved June 30, 2010)
Andromaly Project. Andromaly anomaly detaction in android platform. http://andromaly.wordpress.com/ (retrieved June 30, 2010)
Becher, M., Hund, R.: Kernel-level interception and applications on windows mobile devices. Technical Report TR-2008-003, Department for Mathematics and Computer Science, University of Mannheim, Germany (2008)
Steel, R.C., Nagappan, R.: Core Security Patterns: Best Practices and Stategies for J2EE, Web Services, and Identity Management. Prentice Hall, Englewood Cliffs (2005)
Damiani, M.L., Bertino, E., Catania, B., Perlasca, P.: Geo-rbac: A spatially aware rbac. ACM Trans. Inf. Syst. Secur. 10(1) (2007)
Dashti, M.T., Nair, S.K., Jonker, H.: Nuovo DRM paradiso: Designing a secure, verified, fair exchange drm scheme. Fundam. Inf. 89(4), 393–417 (2009)
Desmet, L., Joosen, W., Massacci, F., Naliuka, K., Philippaerts, P., Piessens, F., Vanoverberghe, D.: A flexible security architecture to support third-party applications on mobile devices. In: CSAW 2007, pp. 19–28 (2007)
Djuknic, G.M., Richton, R.E.: Geolocation and assisted gps. Computer 34(2), 123–125 (2001)
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: CCS 2009, pp. 235–245 (2009)
Enck, W., Ongtang, M., McDaniel, P.: Understanding android security. IEEE Security and Privacy 7(1), 50–57 (2009)
Han, W., Zhang, J., Yao, X.: Context-sensitive access control model and implementation. In: CIT 2005, pp. 757–763 (2005)
Ion, I., Dragovic, B., Crispo, B.: Extending the java virtual machine to enforce fine-grained security policies in mobile devices. In: Choi, L., Paek, Y., Cho, S. (eds.) ACSAC 2007. LNCS, vol. 4697, pp. 233–242. Springer, Heidelberg (2007)
Jansen, W., Karygiannis, T., Iorga, M., Gravila, S., Korolev, V.: Security policy management for handheld devices. In: SAM 2003, pp. 199–204 (2003)
Joshi, A.: Providing security and privacy through context and policy driven device control. In: W3C Workshop on Security for Access to Device APIs from the Web (2008)
Nair, S.K., Tanenbaum, A.S., Gheorghe, G., Crispo, B.: Enforcing DRM policies across applications. In: DRM 2008, pp. 87–94 (2008)
Nokia Forum. Signed MIDlet Developer’s Guide, http://www.forum.nokia.com (retrieved June 30, 2010)
OMTP Project. OMTP: Open mobile terminal platform, http://www.omtp.org (retrieved June 30, 2010)
Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in android. In: ACSAC 2009, pp. 73–82 (2009)
Openmoko Project. Openmoko, http://www.openmoko.org (retrieved June 30, 2010)
S3MS. Security of Software and Services for Mobile Systems, http://www.s3ms.org (retrieved June 30, 2010)
Sampemane, G., Naldurg, P., Campbell, R.H.: Access control for active spaces. In: ACSAC 2002, p. 343 (2002)
Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google android: A comprehensive security assessment. IEEE Security and Privacy 8, 35–44 (2010)
Symbian Ltd. Simbian Signed, https://www.symbiansigned.com (retrieved June 30, 2010)
Vachharajani, N., Bridges, M., Chang, J., Rangan, R., Ottoni, G., Blome, J., Reis, G., Vachharajani, M., August, D.: Rifle: An architectural framework for user-centri information-flow security. In: MICRO 2004, pp. 243–254 (2004)
Zhang, X., Aciiçmez, O., Seifert, J.-P.: A trusted mobile phone reference architecturevia secure kernel. In: STC 2007, pp. 7–14 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Conti, M., Nguyen, V.T.N., Crispo, B. (2011). CRePE: Context-Related Policy Enforcement for Android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds) Information Security. ISC 2010. Lecture Notes in Computer Science, vol 6531. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-18178-8_29
Download citation
DOI: https://doi.org/10.1007/978-3-642-18178-8_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-18177-1
Online ISBN: 978-3-642-18178-8
eBook Packages: Computer ScienceComputer Science (R0)