On Observing Nondeterminism and Concurrency
Proceedings of the 7th Colloquium on Automata, Languages and Programming
LICS '95 Proceedings of the 10th Annual IEEE Symposium on Logic in Computer Science
Language-based security on Android
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Planning and verifying service composition
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
A Type and Effect System for Flexible Abstract Interpretation of Java
Electronic Notes in Theoretical Computer Science (ENTCS)
Semantically Rich Application-Centric Security in Android
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Apex: extending Android permission model and enforcement with user-defined runtime constraints
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Types and Effects for resource usage analysis
FOSSACS'07 Proceedings of the 10th international conference on Foundations of software science and computational structures
Google Android: A Comprehensive Security Assessment
IEEE Security and Privacy
A Formal Model to Analyze the Permission Authorization and Enforcement in the Android Framework
SOCIALCOM '10 Proceedings of the 2010 IEEE Second International Conference on Social Computing
Taming information-stealing smartphone applications (on Android)
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
History-based access control with local policies
FOSSACS'05 Proceedings of the 8th international conference on Foundations of Software Science and Computation Structures
Hi-index | 0.00 |
Modern mobile devices offer users powerful computational capabilities and complete customization. As a matter of fact, today smartphones and tablets have remarkable hardware profiles and a cornucopia of applications. Yet, the security mechanisms offered by most popular mobile operating systems offer only limited protection to the threats posed by malicious applications that may be inadvertently installed by the users and therefore they do not meet the security standards required in corporate environments. In this paper we propose a security framework for mobile devices that ensures that only applications complying with the organization security policy can be installed. This is done by inferring behavioral models from applications and by validating them against the security policy. We also present BYODroid, a prototype implementation of our proposed security framework for the Android OS.