Predicting the Security Behaviour of Mobile Apps

A cyber security research project at University of Edinburgh’s School of Informatics jointly funded by the US Office of Naval Research (ONR) and the Air Force Office of Scientific Research (AFOSR), 2017-2020.


In this project we undertook fundamental research on behavioural security policies for mobile applications at scale. Behavioural security policies move beyond access control policies which are all-or-nothing controls. With a behavioural policy, access depends in a context-sensitive way on behaviour and intent, and can vary over time. We worked on:

  1. a formal, language-based abstraction that can capture behaviour of mobile apps precisely, going beyond resources, permissions and information flows;
  2. new type-and-effect systems for policy-specific swift verification;
  3. the infrastructure for a semi-supervised learning framework to support automatic construction and refinement of behavioural security policies.

This project built on some advances made in the UK EPSRC-funded project App Guarden, but taking a more foundational starting point.

Publications and software


Other collaborators include Henry Clausen and Martin Hofmann ()who sadly passed away in 2018).