Abstract
Most of the research work for enforcing security policies on smartphones considered coarse-grained policies, e.g. either to allow an application to run or not. In this paper we present CRePE, the first system that is able to enforce fine-grained policies, e.g. that vary while an application is running, that also depend on the context of the smartphone. A context can be defined by the status of some variables (e.g. location, time, temperature, noise, and light), the presence of other devices, a particular interaction between the user and the smartphone, or a combination of these. CRePE allows context-related policies to be defined either by the user or by trusted third parties. Depending on the authorization, third parties can set a policy on a smartphone at any moment or just when the phone is within a particular context, e.g. within a building, or a plane.
The work of this paper is partly supported by the project S-MOBILE, contract VIT.7627 funded by STW - Sentinels, The Netherlands. The work of the third author is partially funded by the EU project MASTER contract no. FP7-216917.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Android-Developers. Android dev phones, http://developer.android.com/guide/developing/device.html (retrieved June 30, 2010)
Android Project. Android, http://www.android.com (retrieved June 30, 2010)
Andromaly Project. Andromaly anomaly detaction in android platform. http://andromaly.wordpress.com/ (retrieved June 30, 2010)
Becher, M., Hund, R.: Kernel-level interception and applications on windows mobile devices. Technical Report TR-2008-003, Department for Mathematics and Computer Science, University of Mannheim, Germany (2008)
Steel, R.C., Nagappan, R.: Core Security Patterns: Best Practices and Stategies for J2EE, Web Services, and Identity Management. Prentice Hall, Englewood Cliffs (2005)
Damiani, M.L., Bertino, E., Catania, B., Perlasca, P.: Geo-rbac: A spatially aware rbac. ACM Trans. Inf. Syst. Secur. 10(1) (2007)
Dashti, M.T., Nair, S.K., Jonker, H.: Nuovo DRM paradiso: Designing a secure, verified, fair exchange drm scheme. Fundam. Inf. 89(4), 393–417 (2009)
Desmet, L., Joosen, W., Massacci, F., Naliuka, K., Philippaerts, P., Piessens, F., Vanoverberghe, D.: A flexible security architecture to support third-party applications on mobile devices. In: CSAW 2007, pp. 19–28 (2007)
Djuknic, G.M., Richton, R.E.: Geolocation and assisted gps. Computer 34(2), 123–125 (2001)
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: CCS 2009, pp. 235–245 (2009)
Enck, W., Ongtang, M., McDaniel, P.: Understanding android security. IEEE Security and Privacy 7(1), 50–57 (2009)
Han, W., Zhang, J., Yao, X.: Context-sensitive access control model and implementation. In: CIT 2005, pp. 757–763 (2005)
Ion, I., Dragovic, B., Crispo, B.: Extending the java virtual machine to enforce fine-grained security policies in mobile devices. In: Choi, L., Paek, Y., Cho, S. (eds.) ACSAC 2007. LNCS, vol. 4697, pp. 233–242. Springer, Heidelberg (2007)
Jansen, W., Karygiannis, T., Iorga, M., Gravila, S., Korolev, V.: Security policy management for handheld devices. In: SAM 2003, pp. 199–204 (2003)
Joshi, A.: Providing security and privacy through context and policy driven device control. In: W3C Workshop on Security for Access to Device APIs from the Web (2008)
Nair, S.K., Tanenbaum, A.S., Gheorghe, G., Crispo, B.: Enforcing DRM policies across applications. In: DRM 2008, pp. 87–94 (2008)
Nokia Forum. Signed MIDlet Developer’s Guide, http://www.forum.nokia.com (retrieved June 30, 2010)
OMTP Project. OMTP: Open mobile terminal platform, http://www.omtp.org (retrieved June 30, 2010)
Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in android. In: ACSAC 2009, pp. 73–82 (2009)
Openmoko Project. Openmoko, http://www.openmoko.org (retrieved June 30, 2010)
S3MS. Security of Software and Services for Mobile Systems, http://www.s3ms.org (retrieved June 30, 2010)
Sampemane, G., Naldurg, P., Campbell, R.H.: Access control for active spaces. In: ACSAC 2002, p. 343 (2002)
Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google android: A comprehensive security assessment. IEEE Security and Privacy 8, 35–44 (2010)
Symbian Ltd. Simbian Signed, https://www.symbiansigned.com (retrieved June 30, 2010)
Vachharajani, N., Bridges, M., Chang, J., Rangan, R., Ottoni, G., Blome, J., Reis, G., Vachharajani, M., August, D.: Rifle: An architectural framework for user-centri information-flow security. In: MICRO 2004, pp. 243–254 (2004)
Zhang, X., Aciiçmez, O., Seifert, J.-P.: A trusted mobile phone reference architecturevia secure kernel. In: STC 2007, pp. 7–14 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Conti, M., Nguyen, V.T.N., Crispo, B. (2011). CRePE: Context-Related Policy Enforcement for Android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds) Information Security. ISC 2010. Lecture Notes in Computer Science, vol 6531. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-18178-8_29
Download citation
DOI: https://doi.org/10.1007/978-3-642-18178-8_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-18177-1
Online ISBN: 978-3-642-18178-8
eBook Packages: Computer ScienceComputer Science (R0)