ANTLR: a predicated-LL(k) parser generator
Software—Practice & Experience
Rationale for the RBAC96 family of access control models
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Little languages: little maintenance
Journal of Software Maintenance: Research and Practice
History-based access control for mobile code
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Programming pearls: little languages
Communications of the ACM
Authorization and Attribute Certificates for Widely Distributed Access Control
WETICE '98 Proceedings of the 7th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Supporting location-based conditions in access control policies
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
The Definitive ANTLR Reference: Building Domain-Specific Languages
The Definitive ANTLR Reference: Building Domain-Specific Languages
Language-based security on Android
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Semantically Rich Application-Centric Security in Android
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Porscha: policy oriented secure content handling in Android
Proceedings of the 26th Annual Computer Security Applications Conference
CRePE: context-related policy enforcement for android
ISC'10 Proceedings of the 13th international conference on Information security
Taming information-stealing smartphone applications (on Android)
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
History-based access control with local policies
FOSSACS'05 Proceedings of the 8th international conference on Foundations of Software Science and Computation Structures
Android permissions: user attention, comprehension, and behavior
Proceedings of the Eighth Symposium on Usable Privacy and Security
Real-time detection and prevention of android SMS permission abuses
Proceedings of the first international workshop on Security in embedded systems and smartphones
| Hi-index | 0.00 |
Android is a massively popular platform in the fast-growing smartphone industry. The core Android security model follows an all-or-nothing policy which either allows an application access to all requested permissions or doesn't install it at all. Several extensions to this core model are surfacing with different syntax and semantics and each manufacturer may choose a different mechanism for policy enforcement on its devices. In this paper, we present a framework that allows stakeholder to specify their policies in a high-level language independent of the target model. These high-level requirements are transformed to the target model depending on the scenario. We present the design decisions regarding this new language, formally specify its syntax and semantics and provide an eclipse-based plug-in that integrates with the official Android Development Tools to perform the transformations. The end product is a tool which allows stakeholder to easily specify and manage their policies independent of the target model.