SecureDroid is an Android security framework extension that allows context-aware policy enforcement at runtime. It extends the standard Android security framework to check custom policies after an app is installed, using context information like location as constraints. Multiple parties like manufacturers, carriers, and users can set policies that are evaluated in a specific order. SecureDroid's architecture includes a policy enforcement point, context handler, policy administration and information points, and a policy decision point to determine access based on the app, permissions, context, and applicable policies.

1. SecureDroid: An Android Security
Framework Extension for Context-­‐‑
Aware policy Enforcement
V.Arena, V. Catania,
G. La Torre, S. Monteleone
Department of Electrical,
Electronics and Computer
Engineering
University of Catania - Italy
PRISM 2013, International Conference on Privacy and Security in Mobile Systems
June 24-­‐‑27, 2013 Atlantic City, NJ, USA
F. Ricciato
Innovation and Industry
Relations
Telecom Italia S.p.A. - Italy

2. What do we do with our
smartphone?
Call + Text = ~ 17%

3. Mobile Applications
v Plenty of applications in online markets
v Loss of money, loss of personal information
v Users’ security depends on applications’ security

4. Applications’ Security in
Mobile OSs
v Apple – App Store
v Microsoft – Windows Phone Store
v Google – Google Play
v Applications are signed and must specify permissions
v User consent
v Isolation
v Once an application has been installed it gets access
to required permissions until it will be uninstalled

5. Google’s guideline about
application’s security
Android has no mechanism for granting
permissions dynamically (at run-time)
because it complicates the user
experience to the detriment of security
PARTIALLY TRUE …

6. Android Security
Framework
v Permissions are granted
only during installation
v Accept all or cannot install
v Users don’t pay aXention to
them
v Downloads’ count and
users’ comments are
more effective.

7. Android Security
Framework
Android’s security framework checks for permissions
when one of the following situations occurs.
v An application wants to access to a particular
functionality protected by a permission (e.g. GPS
information),
v An application tries to start an activity of another
application,
v Both when an application sends and receives
broadcasts,
v An application tries to access and operate on a
content provider and
v When binding to or starting a service.

8. SecureDroid
v Extends Android Security Framework
v Standard security control still remains
v Compatible with applications from market
Provides the possibility to:
v Check custom policies at runtime
v Specify policies after an application has been
installed
v Use context information as policy’s constraints
v Allow multiple parties to set policies
v Handle policy enforcement: PolicyDenyException

9. User’s Context
v User Context: mobile devices follow the users
v Context from sensors, device status, …
v Applications’ behavior may depend on user/device’s
context
Some examples
v Deny notification from app X while my position is in the
range (Lat, Lon, R)
v Deny Internet access to App Y if my device is roaming
v Allow only my girlfriend to call me when I’m running

10. Policy Model
v Based on XACML
v Subject information from certificate
v Package, author, distributor, …
v Resource information from the application
v Android permissions e.g android.permission.INTERNET
v Content provider URI
v Context information from sensors
v Battery level
v User’s Position
v Roaming
v Accelerometer, gyroscope, …

11. Policy
<policy−set combine=”deny−overrides” description=“User’s policyset”> "
<policy combine=”deny−overrides”> "
<target> "
<subject> "
<subject−match attr=”id” match=”com.example.exampleApp”/> "
</subject>"
</target> "
<rule effect=”prompt-session”>"
<condition> "
<resource−match attr=”android-permission” "
match=”android.permission.INTERNET”/>"
"
<resource−match attr=”uri”
match=”http://blockedsite.org∗”/>"
"
<environment−match attr =”connection−type” "
match=”mobile−roaming”/> "
</condition> "
</rule> "
<rule effect=”permit”> "
</policy> "
</policy−set>

12. SecureDroid’s Architecture
Get
capability
1. PEP sends to CH subject’s
information about the App
(e.g. Certificate) and the
required capability (e.g.
INTERNET)
2. CH asks the PAP which context
information are required for
the subject (e.g. Roaming)
3. CH asks to PIP the current
value for context (Roaming)
4. CH creates a request and asks
to PDP to evaluate the policy
for given subject, resources and
context
App
PEP
PAP
Security Manager
Service
Context
Handler
Policy
PDP
PIP
Sensors,
Device status
1
2
3
4
5
Read/
Write
policies

13. Request
Request
Subject
Attribute AttributeId=”id”
AttributeValuecom.example.exampleApp/AttributeValue
/Attribute
Attribute AttributeId=”author-signature”
AttributeValueBzx62xM45Lc34/AttributeValue
/Attribute
/Subject
Resources
Attribute AttributeId=”android-permission
AttributeValueandroid.permission.INTERNET/AttributeValue
/Attribute
Attribute AttributeId=”uri
AttributeValuehttp://blockedsite.org/some_content.html/AttributeValue
/Attribute
/Resources
Environment
Attribute AttributeId=”connection-type
AttributeValuemobile-roaming/AttributeValue
/Attribute
/Environment
/Request

14. Run-­‐‑Time policy
enforcement

15. Who can set policies?
v Manufacturer
v Operator (e.g. Branded smartphones)
v Third-parties (e.g. Museum, Company, …)
v User
SecurityManagerService class:
v Defines READ_POLICY and WRITE_POLICY permissions
v Provides readPolicy and writePolicy methods

16. Policy Management UI
My Context

17. Overall evaluation
Android Check
SecureDroid Check
Application requires
a capability at
runtime
1. Is a system app/service?
2. Is the permission declared in
the manifest?
Policies evaluation order
Manufacturer Operator Third-­‐‑parties User
Allow
Deny
SecureDroid
won’t be
invoked

18. Scenarios
v User’s context-aware policies
v Companies: Bring Your Own Device
v Museum: Deny camera

19. Conclusions and
Future Works
Our contribute: SecureDroid
v Acts at system level: platform extension
v Enforces context-aware policies at runtime
v Allows multiple parties to set policies
Future Work
v Analysis of user-experience in dealing with Policy
Management UI
v Improve context selection
v Help users in choosing policies
v Similar applications Similar policy in similar context

20. Thanks for your aXention!
Giuseppe La Torre
PhD Student
University of Catania (ITALY)
giuseppe.latorre@dieei.unict.it
Q