CRePE: Context-Related Policy Enforcement for Android

Abstract

Most of the research work for enforcing security policies on smartphones considered coarse-grained policies, e.g. either to allow an application to run or not. In this paper we present CRePE, the first system that is able to enforce fine-grained policies, e.g. that vary while an application is running, that also depend on the context of the smart- phone. A context can be defined by the status of some variables (e.g. location, time, temperature, noise, and light), the presence of other de- vices, a particular interaction between the user and the smartphone, or a combination of these. CRePE allows context-related policies to be de- fined either by the user or by trusted third parties. Depending on the authorization, third parties can set a policy on a smartphone at any mo- ment or just when the phone is within a particular context, e.g. within a building, or a plane