Predicting the Security Behaviour of Mobile Apps

A cyber security research project at University of Edinburgh’s School of Informatics jointly funded by the US Office of Naval Research (ONR) and the Air Force Office of Scientific Research (AFOSR), 2017-2020.


In this project we undertake fundamental research on behavioural security policies for mobile applications at scale. Behavioural security policies move beyond access control policies which are all-or-nothing controls. With a behavioural policy, access depends in a context-sensitive way on behaviour and intent, and can vary over time. We aim to build:

  1. a formal, language-based abstraction that can capture behaviour of mobile apps precisely, going beyond resources, permissions and information flows;
  2. new type-and-effect systems for policy-specific swift verification; and
  3. a semi-supervised learning framework to support automatic construction and refinement of behavioural security policies.

This project builds upon some of the advances made in the EPSRC-funded project App Guarden, but takes a more fundamental starting point.

Publications and software


Other collaborators include Henry Clausen and Martin Hofmann (who sadly passed away in 2018)