Skip to main content
SpringerLink
Log in

An Android runtime security policy enforcement framework

  • Original Article
  • Published:
Personal and Ubiquitous Computing Aims and scope Submit manuscript

Abstract

Today, smart phone’s malwares are deceptive enough to spoof itself as a legal mobile application. The front-end service of Trojans is attractive enough to deceive mobile users. Mobile users download similar malwares without knowing their illegitimate background threat. Unlike other vendors, Android is an open-source mobile operating system, and hence, it lacks a dedicated team to analyze the application code and decide its trustworthiness. We propose an augmented framework for Android that monitors the dynamic behavior of application during its execution. Our proposed architecture called Security Enhanced Android Framework (seaf) validates the behavior of an application through its permissions exercising patterns. Based on the exercised permissions’ combination, the mobile user is intimated about the dangerous behavior of an application. We have implemented the proposed framework within Android software stack and ported it to device. Our initial investigation shows that our solution is practical enough to be used in the consumer market.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Notes

  1. We have modified the Android current installer in order to prompt user to assign appropriate mode to application and then after installation, Permission Manager could also be used to alter application mode assigned during installation.

References

  1. Enck W, Ongtang M, McDaniel P (2009) On lightweight mobile phone application certification. In: Proceedings of the 16th acm conference on computer and communications security acm, pp 235–245

  2. Jamaluddin J, Zotou N, Coulton P (2004) Mobile phone vulnerabilities: a new generation of malware. In: 2004, ieee international symposium on consumer electronics, 1–3 Sept, pp 199–202

  3. Apple App Store Approval Process (2007) Available at: http://en.wikipedia.org/wiki/App. Store#Approval process, 5 March 2007

  4. Khan S, Khan S, Banuri H (2009) Analysis of Dalvik virtual machine and class path library. Available at:http://imsciences.edu.pk/serg/wp-content/uploads/2009/07/Analysis-of-Dalvik-vm.pdf. Nov 2009

  5. Android reference: security and permissions. Available at: http://developer.android.com/guide/topics/security/security.html

  6. Enck W, Ongtang M, McDaniel P (2009) Understanding android security. IEEE Sec Privacy 7(1):50–57

    Article  Google Scholar 

  7. Android reference: manifest. Available at: http://developer.android.com/guide/topics/manifest/manifest-intro.html

  8. Ongtang M, McLaughlin S, Enck W, McDaniel P (2009) Semantically rich application-centric security in android. ieee: Ann Comput Sec Appl Conf 22:340–349

    Google Scholar 

  9. Android Application—sms Replier 1.61a. Available at: http://developer.android.com/guide/topics/security/security.html

  10. Reto M (2008) Professional android application development, by Wrox. ISBN:978-0-470-34471-2, pp 68–73

  11. Android reference: class context. Available at: http://developer.android.com/reference/android/content/Context.html

  12. Security Engineering Research Group—serg reference. Available at: http://imsciences.edu.pk/serg/projects/easip/android-runtime-security-policy-enforcement-framework/

  13. Android reference: android 2.2 platform highlights. Available at: http://developer.android.com/sdk/android-2.2-highlights.html

  14. Shankar U, Jaeger T, Sailer R (2006) Toward automated information-flow integrity verification for security-critical applications. In: Proceedings of the 13th annual network and sistributed systems security symposium. Internet Society, 2006

  15. Enck W, Ongtang M, McDaniel P (2008) Mitigating android software misuse before it happens. Technical report nas-tr-0094-2008, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, pa, usa, November

  16. Chaudhuri A (2009) Language-based security on android. In: Proceedings of the acm sigplan fourth workshop on programming languages and analysis for security, pp 1–7

Download references

Author information

Authors and Affiliations

  1. Security Engineering Research Group (SERG), Institute of Management Sciences, 1-A, E-5, Phase VII, Hayatabad, Peshawar, Pakistan

    Hammad Banuri, Masoom Alam, Shahryar Khan, Jawad Manzoor, Bahar Ali, Yasar Khan, Mohsin Yaseen, Mir Nauman Tahir, Tamleek Ali & Quratulain Alam

  2. Huawei Research Center, Santa Clara, CA, USA

    Xinwen Zhang

Authors
  1. Hammad Banuri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Masoom Alam
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shahryar Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jawad Manzoor
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Bahar Ali
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yasar Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Mohsin Yaseen
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Mir Nauman Tahir
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Tamleek Ali
    View author publications

    You can also search for this author in PubMed Google Scholar

  10. Quratulain Alam
    View author publications

    You can also search for this author in PubMed Google Scholar

  11. Xinwen Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Masoom Alam.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Banuri, H., Alam, M., Khan, S. et al. An Android runtime security policy enforcement framework. Pers Ubiquit Comput 16, 631–641 (2012). https://doi.org/10.1007/s00779-011-0437-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00779-011-0437-6

Keywords

Search

Navigation