PolEnA: Enforcing Fine-grained Permission Policies in Android

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10489)


In this paper we present PolEnA, an extension of the Android Security Framework (ASF). PolEnA enables a number of features that are not currently provided by the ASF. Among them, PolEnA allows for the definition of fine-grained security policies and their dynamic verification. The runtime enforcement of the policies is supported by a state-of-the-art SAT solver. One of the main features of our approach is the low invasiveness as it does not require modifications to the operating system.


Android Security Runtime Enforcement Dynamic Verification 



This work has been partially supported by CINI Cybersecurity National Laboratory within the project FilieraSicura: Securing the Supply Chain of Domestic Critical Infrastructures from Cyber Attacks ( funded by CISCO Systems Inc.


  1. 1.
    Armando, A., Carbone, R., Costa, G., Merlo, A.: Android permissions unleashed. In: IEEE 28th Computer Security Foundations Symposium, pp. 320–333 (2015)Google Scholar
  2. 2.
    Armando, A., Costa, G., Merlo, A., Verderame, L.: Enabling BYOD through secure meta-market. In: Proceedings of WiSec 2014, pp. 219–230 (2014)Google Scholar
  3. 3.
    Bartoletti, M., Costa, G., Zunino, R.: Jalapa: securing Java with local policies. Electron. Notes Theor. Comput. Sci. 253(5), 145–151 (2009)CrossRefGoogle Scholar
  4. 4.
    Costa, G., Martinelli, F., Mori, P., Schaefer, C., Walter, T.: Runtime monitoring for next generation Java ME platform. Comput. Secur. 29(1), 74–87 (2010)CrossRefGoogle Scholar
  5. 5.
    Cotterell, K., Welch, I., Chen, A.: An android security policy enforcement tool. Int. J. Electron. Telecommun. 61, 311–320 (2015)CrossRefGoogle Scholar
  6. 6.
    Eén, N., Sörensson, N.: An extensible SAT-solver. In: Giunchiglia, E., Tacchella, A. (eds.) SAT 2003. LNCS, vol. 2919, pp. 502–518. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24605-3_37 CrossRefGoogle Scholar
  7. 7.
    Lam, P., Bodden, E., Lhoták, O., Hendren, L.: The soot framework for Java program analysis: a retrospective. In: Cetus Users and Compiler Infrastructure Workshop (2011)Google Scholar
  8. 8.
    Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission model and enforcement with user-defined runtime constraints, ASIACCS (2010)Google Scholar
  9. 9.
    Vallee-Rai, R., Hendren, L.J.: Jimple: Simplifying Java bytecode for analyses and transformations. McGill University, Sable Research Group (1998)Google Scholar
  10. 10.
    Xu, R., Saïdi, H., Anderson, R.: Aurasium: practical policy enforcement for android applications. In: 21st USENIX Security Symposium, pp. 539–552 (2012)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.DIBRISUniversity of GenovaGenovaItaly
  2. 2.Security & Trust Unit, FBK-ICTTrentoItaly

Personalised recommendations