International Journal of Information Security

, Volume 14, Issue 2, pp 123–140 | Cite as

Formal modeling and automatic enforcement of Bring Your Own Device policies

  • Alessandro Armando
  • Gabriele Costa
  • Alessio MerloEmail author
  • Luca Verderame
Special Issue Paper


The emerging Bring Your Own Device (BYOD) paradigm is pushing the adoption of employees’ personal mobile devices (e.g., smartphones and tablets) inside organizations for professional usage. However, allowing private, general purpose devices to interact with proprietary, possibly critical infrastructures enables obvious threats. Unfortunately, current mobile OSes do not seem to provide adequate security support for dealing with them. In this paper, we present a formal modeling and assessment of the security of mobile applications. In particular, we propose a security framework for verifying and enforcing BYOD security policies on Android devices. Interestingly, our approach is non-invasive and only requires minor platform modifications at application level. Finally, we provide empirical evidence of the practical feasibility of the approach by means of a prototype which we used to validate a set of real Android applications.


Bring Your Own Device History expressions Hennessy–Milner logic Type and effect systems Partial model checking Android 


  1. 1.
    Abadi, M., Fournet, C.: Access control based on execution history. In: Proceedings of the 10th Annual Network and Distributed System Security Symposium, pp. 107–121 (2003)Google Scholar
  2. 2.
    Andersen, H., Lind-Nielsen, J.: MuDiv: a tool for partial model checking. In: CONCUR (1996)Google Scholar
  3. 3.
    Andersen, H.R.: Partial model checking (extended abstract). In: Proceedings of the Tenth Annual IEEE Symposium on Logic in Computer Science, pp. 398–407. IEEE Computer Society Press (1995)Google Scholar
  4. 4.
    Armando, A., Costa, G., Merlo, A.: Formal modeling and reasoning about the Android security framework. In: Proceedings of Seventh International Symposium on Trustworthy Global Computing (2012a)Google Scholar
  5. 5.
    Armando, A., Merlo, A., Migliardi, M., Verderame, L.: Would you mind forking this process? A denial of service attack on Android (and some countermeasures). In: Proceedings of the 27th IFIP International Information Security and Privacy Conference (SEC 2012), pp. 13–24 (2012b)Google Scholar
  6. 6.
    Armando, A., Costa, G., Merlo, A.: Bring your own device, securely. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing, pp. 1852–1858. ACM, New York, NY, USA, SAC ’13 (2013). doi: 10.1145/2480362.2480707
  7. 7.
    Bartoletti, M., Degano, P., Ferrari, G.L.: History-based access control with local policies. In: FoSSaCS, pp. 316–332 (2005)Google Scholar
  8. 8.
    Bartoletti, M., Costa, G., Degano, P., Martinelli, F., Zunino, R.: Securing Java with local policies. J. Object Technol. 8(4), 5–32 (2009)CrossRefGoogle Scholar
  9. 9.
    Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R.: Xmandroid: a new Android evolution to mitigate privilege escalation attacks. Technical Report TR-2011-04, Technische Univ. Darmstadt (2011)
  10. 10.
    Burguera, I., Zurutuza, U., Nadjm-Therani, S.: Crowdroid: behavior-based malware detection system for Android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM’11) (2011)Google Scholar
  11. 11.
    Chaudhuri, A.: Language-based security on Android. In: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, pp. 1–7. ACM, New York, NY, USA, PLAS ’09 (2009)Google Scholar
  12. 12.
    Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: Proceedings of the 9th International Conference on Mobile Systems, applications, and services, pp. 239–252. ACM, New York, NY, USA, MobiSys ’11 (2011). doi: 10.1145/1999995.2000018
  13. 13.
    Fuchs, A.P., Chaudhuri, A., Foster, J.S.: Scandroid: automated security certification of Android applications. Tech. rep. (2011)
  14. 14.
    Hennessy, M., Milner, R.: On observing nondeterminism and concurrency. In: Proceedings of the 7th Colloquium on Automata, Languages and Programming, pp. 299–309. Springer, London (1980)Google Scholar
  15. 15.
    Holzmann, G.: The Spin Model Checker: Primer and Reference Manual, 1st edn. Addison-Wesley Professional, Reading, MA (2003)Google Scholar
  16. 16.
    Igarashi, A., Pierce, B.C., Wadler, P.: Featherweight Java: a minimal core calculus for Java and GJ. In: ACM Transactions on Programming Languages and Systems, pp. 132–146 (1999)Google Scholar
  17. 17.
    Janin, D., Walukiewicz, I.: (1995) Automata for the modal mu-calculus and related results. In: Wiedermann, J., Hájek, P. (eds) MFCS, Springer, Lecture Notes in Computer Science, vol. 969, pp. 552–562Google Scholar
  18. 18.
    Lamport, L.: Proving the correctness of multiprocess programs. IEEE Trans. Softw. Eng. 3(2), 125–143 (1977). doi: 10.1109/TSE.1977.229904 CrossRefzbMATHMathSciNetGoogle Scholar
  19. 19.
    Larsen, K.G.: Proof system for Hennessy–Milner logic with recursion. In: Dauchet, M., Nivat, M. (eds) CAAP, Springer, Lecture Notes in Computer Science, vol. 299, pp. 215–230 (1988)Google Scholar
  20. 20.
    Martinelli, F., Matteucci, I.: Through modeling to synthesis of security automata. Electron. Notes Theor. Comput. Sci. 179, 31–46 (2007)CrossRefGoogle Scholar
  21. 21.
    Nauman, M., Khan, S., Zhang, X.: Apex: extending Android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 328–332. ACM, New York, NY, USA, ASIACCS ’10. (2010) doi: 10.1145/1755688.1755732
  22. 22.
    Ongtang, M., Mclaughlin, S., Enck, W., Mcdaniel, P.: Semantically rich application-centric security in Android. In: ACSAC ’09: Annual Computer Security Applications Conference (2009)Google Scholar
  23. 23.
    Schlegel, R., Zhang, K., Zhou, X., Intwala, M., Kapadia, A., Wang, X.: Soundcomber: a Stealthy and Context-Aware Sound Trojan for Smartphones. In: Proceedings of the 18th Annual Network & Distributed System Security Symposium (2011)Google Scholar
  24. 24.
    Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google Android: a comprehensive security assessment. Secur. Priv. IEEE 8(2), 35–44 (2010). doi: 10.1109/MSP.2010.2 CrossRefGoogle Scholar
  25. 25.
    Shin, W., Kiyomoto, S., Fukushima, K., Tanaka, T.: A formal model to analyze the permission authorization and enforcement in the Android framework. In: Proceedings of the 2010 IEEE Second International Conference on Social Computing, pp. 944–951. IEEE Computer Society, Washington, DC, USA, SOCIALCOM ’10 (2010)Google Scholar
  26. 26.
    Skalka, C., Smith, S.: History effects and verification. In: Second ASIAN Symposium on Programming Languages and Systems (APLAS), pp. 107–128. Springer, Berlin (2004)Google Scholar
  27. 27.
    Skalka, C., Smith, S., Van Horn, D.: A Type and effect system for flexible abstract interpretation of Java. Electron. Notes Theor. Comput. Sci. 131, 111–124 (2005)CrossRefGoogle Scholar
  28. 28.
    Streett, R.S., Emerson, E.A.: An automata theoretic decision procedure for the propositional mu-calculus. Inf. Comput. 81(3), 249–264 (1989)CrossRefzbMATHMathSciNetGoogle Scholar
  29. 29.
    Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming information-stealing smartphone applications (on Android). In: Proceedings of the 4th International Conference on Trust and Trustworthy Computing, TRUST’11, pp. 93–107 (2011)Google Scholar
  30. 30.
    Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, You, Get Off of My Market: detecting malicious apps in official and alternative android markets. In: Proceedings of the 19th Annual Network & Distributed System Security Symposium (2012)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Alessandro Armando
    • 1
    • 2
  • Gabriele Costa
    • 1
  • Alessio Merlo
    • 3
    • 4
    Email author
  • Luca Verderame
    • 1
  1. 1.DIBRIS - University of GenovaGenoaItaly
  2. 2.FBK-IRSTTrentoItaly
  3. 3.E-Campus UniversityNovedrateItaly
  4. 4.University of GenovaGenoaItaly

Personalised recommendations