CRePE: Context-Related Policy Enforcement for Android Mauro Conti, Vu Thien Nga Nguyen and Bruno Crispo P roceedings of the 13 th International Conference on Information Security. A commentary by In-Hwan Kim. Summary.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
CRePE: Context-Related Policy Enforcement for AndroidMauro Conti, Vu Thien Nga Nguyen and Bruno CrispoProceedings of the 13th International Conference on Information Security
A commentary by In-Hwan Kim
“We observe that the current Android security modelcannot serve our purpose of enforcing fine-grained context-related security policies. In fact, there are no mechanisms either to enforce or to change policies at application run-time.”
“This section presents how CRePE works in a scenario cited in Section 1. We
consider the example of a company that wants to restrict the set of applications that can run, during work activities, on the smartphones that the company has given to its employees.”
“Meanwhile, to protect users’ privacy, the current security models restrict trusted third parties’ control on mobile phones. Typically, only the device manufacturer and the telephone company have a small
control on the smartphone. There are no mechanisms to allow other authorized parties(e.g. a government agency or a company that bought a smartphone for its employee) to have any direct control on the phone.”
“The energy overhead induced by CRePEis some 50% of the Android consumption when 10 rules are set, while it becomes more than 100% of the Android’s one when the rules are 50.”