a commentary by in hwan kim n.
Skip this Video
Loading SlideShow in 5 Seconds..
A commentary by In-Hwan Kim PowerPoint Presentation
Download Presentation
A commentary by In-Hwan Kim

Loading in 2 Seconds...

play fullscreen
1 / 7

A commentary by In-Hwan Kim - PowerPoint PPT Presentation

  • Uploaded on

CRePE: Context-Related Policy Enforcement for Android Mauro Conti, Vu Thien Nga Nguyen and Bruno Crispo P roceedings of the 13 th International Conference on Information Security. A commentary by In-Hwan Kim. Summary.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

A commentary by In-Hwan Kim

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
a commentary by in hwan kim

CRePE: Context-Related Policy Enforcement for AndroidMauro Conti, Vu Thien Nga Nguyen and Bruno CrispoProceedings of the 13th International Conference on Information Security

A commentary by In-Hwan Kim

  • CRePE: A system to enforce fine-grained security policies dependent on the context of the smart phone.
appreciative comment
Appreciative Comment
  • Addresses a limitation in the current Android security model where policies cannot be enforced or modified at application runtime.

“We observe that the current Android security modelcannot serve our purpose of enforcing fine-grained context-related security policies. In fact, there are no mechanisms either to enforce or to change policies at application run-time.”

critical comment
Critical Comment
  • The authors do not take into full consideration the real world usability of CRePE.

“This section presents how CRePE works in a scenario cited in Section 1. We

consider the example of a company that wants to restrict the set of applications that can run, during work activities, on the smartphones that the company has given to its employees.”

does it really work
Does it really work?
  • Government and “trusted” third party control over your phone.
  • Most people won’t bother.

“Meanwhile, to protect users’ privacy, the current security models restrict trusted third parties’ control on mobile phones. Typically, only the device manufacturer and the telephone company have a small

control on the smartphone. There are no mechanisms to allow other authorized parties(e.g. a government agency or a company that bought a smartphone for its employee) to have any direct control on the phone.”

more limitations
More limitations…
  • Significant reduction in battery life.
  • Location context polling creates a window of opportunity for attackers.
  • Some applications may not run.

“The energy overhead induced by CRePEis some 50% of the Android consumption when 10 rules are set, while it becomes more than 100% of the Android’s one when the rules are 50.”

  • If CRePE came standard with all new mobile phones sold today and in the future, how would you respond?