by Saad Inshi 1, Mahdi Elarbi 1, Rasel Chowdhury1,* , Hakima Ould-Slimane 2 , Chamseddine Talhi 1
1 Department of Software Engineering and Information Technology, École de technologie supérieure, Montréal, Canada
2 Département de Mathématiques et d’Informatique, Université du Québec à Trois-Rivières, Trois-Rivières, Canada
* Author to whom correspondence should be addressed.
Journal of Engineering Research and Sciences, Volume 2, Issue 1, Page # 13-23, 2023; DOI: 10.55708/js0201002
Keywords: Security, Android applications, Application instrumentation, Context-aware policies, Policy enforcement, Privacy
Received: 31 October 2022, Accepted: 29 December 2022, Published Online: 28 January 2023
APA Style
Chicago/Turabian Style
IEEE Style
The notion of Context-Awareness of mobile applications is drawing more attention, where many applications need to adapt to physical environments of users and devices, such as location, time, connectivity, resources, etc. While these adaptive features can facilitate better communication and help users to access their information anywhere at any time, this however bring risks caused by the potential loss, misuse, or leak of users’ confidential information. Therefore, a flexible policy-based access control system is needed to monitor critical functions executed by Android applications, especially, those requiring access to user’s sensitive and crucial information. This paper introduces CAPEF, which is a policy specification framework that enforces context-aware inter-app security policies to mitigate privacy leakage across different Android applications. It also, provides an instrumentation framework to effectively enforce different behaviors based on automated context-aware policies to each Android application individually without modifying the underlying platform. Accordingly, the modified applications will be forced to communicate with our centralized policy engine to avoid any malware collusion that occur without the users’ awareness. Experiments conducted on CAPEF shows an effective performance on the size of the enforced application after the instrumentation. The average size added was 705 bytes, which is about 0.063% of the size of the original applications, which is significantly small compared to other existing enforcement approaches. Also, we have denoted that the size and the execution time of the policy increases whenever the policies become more complex.
This paper is currently not cited.
This sidebar is currently being updated and may temporarily overlap with the pages.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.