Predicting the Security Behaviour of Mobile Apps
A cyber security research project at University of Edinburgh’s School of Informatics jointly funded by the US Office of Naval Research (ONR) and the Air Force Office of Scientific Research (AFOSR), 2017-2020.
In this project we undertake fundamental research on behavioural security policies for mobile applications at scale. Behavioural security policies move beyond access control policies which are all-or-nothing controls. With a behavioural policy, access depends in a context-sensitive way on behaviour and intent, and can vary over time. We aim to build:
- a formal, language-based abstraction that can capture behaviour of mobile apps precisely, going beyond resources, permissions and information flows;
- new type-and-effect systems for policy-specific swift verification; and
- a semi-supervised learning framework to support automatic construction and refinement of behavioural security policies.
This project builds upon some of the advances made in the EPSRC-funded project App Guarden, but takes a more fundamental starting point.
Publications and software
- Extracting Functions from Mobile Apps, Harmony Singh, MSc thesis 2018. This MSc studies a functional form for Dalvik code, Light FuncDroid, used in the typing analysis for behavioural security policies.
- Traffic Generation using Containerization for Machine Learning, Henry Clausen,
Robert Flood and David Aspinall. Presented at
ACSAC 2019 DYNAMICS workshop (publication pending), 2019. This paper introduces
a data collection method designed to solve the ground truth problem with cyber
security datasets. It is being applied to gather outputs for mobile applications.
- Authors’ PDF
- Github repository (coming soon, please contact us for early access)
- A Data-driven Toolset Using Containers to Generate Datasets for Network Intrusion Detection, Robert Flood, MSc thesis 2019. This MSc introduces some of the methods and examples described in the above paper.
- Flow Types for Lightweight Program Analysis, Wei Chen, Martin Hofmann, David Aspinall.
- In draft
- Flow and Effect Types via Büchi Automata, Wei Chen, Martin Hofmann, David Aspinall.
- In draft
- David Aspinall, PI, Informatics, University of Edinburgh
- Rob Flood, pre-doc Researcher, University of Edinburgh
- Arthur Chan, postdoc Researcher, University of Edinburgh
- Wei Chen, Senior Researcher, University of Edinburgh (until 2019)
Other collaborators include Henry Clausen and Martin Hofmann (who sadly passed away in 2018)
- More about the Informatics Security & Privacy Group.