Recent years have seen a significant increase of computing
power, ubiquitous connectivity, connection bandwidth, and data
storage on mobile devices. Consequently, more applications and
services are also deployed on these devices which bring new
business processes, pervasive information and content creation
and sharing, and mobile medical systems. With the increase in
use of open mobile architecture, security risks and attacks are
also increasing on these devices. In the current scenario of
mobile platforms, Android is one of the most anticipated smart
phone operating systems, introduced by Google as an open source
operating system that provides a complete software stack for
mobile devices that includes an operating system, system
utilities, middleware in the form of virtual machine, and key
The existing architecture of Android does not provide any policy
enforcement while communicating with internal processes and
consuming external resources. Android developed its own
mechanism for any operation to be performed by introducing
Intents. Intent is an abstract description of an operation to be
performed and provides a facility for performing late runtime
binding between the components of different applications.
One of the drawbacks of the existing Android architecture is
that there is no security policy framework attached to intents.
To address these and similar security issues this project
proposes a Policy Enforcement Framework (PEF) for intents. PEF
will provide a Policy Enforcement Engine (runtime environment)
and a policy language based on existing standards. The project
plans to extend the existing Android architecture of Intents to
evaluate the user's policy before any activity can be performed.
If the policy of the calling application and that of the called
application allow the activity, the Intent will be allowed by
the Android framework.
The approach of this project will be a dynamic runtime framework
with minimal trade-off of performance and aims to bring the
benefits of access policies to the Android platform and develop
a policy enforcement framework which can be plugged into the
existing architecture of Android.
The key benefits of this project are:
It will develop a comprehensive access control framework and a
policy language for the Android platform.
project will also implement a policy enforcement framework
and policy writing tool to facilitate the policy writing for
the application owners and developers.
comprehensive policy enforcement framework for the android
platform can be used in local and international market and
this work is on the cutting edge of research related to open
source mobile platforms.