@misc{10481/70348,
year = {2021},
month = {7},
url = {http://hdl.handle.net/10481/70348},
abstract = {In this paper, we introduce a new methodology for network access control for Android
devices based on app risk assessment. Named ARANAC (which stands for Application Risk Assessment
based Network Access Control), this methodology is specially tailored for scenarios using the Bring-Your-
Own-Device (BYOD) policy, where the adoption of some solutions can lead to problems in security and
privacy for both the employees and the business organization. ARANAC mainly relies on the analysis of an
aggregate of permissions declared in the manifests of installed applications on users' devices. The access
control scheme combines three operational modules: i) a device monitoring tool, ii) a novel permission-based
risk model, and iii) an anomaly-based detection machine learning module based on a methodology (called
MSNM, from Multivariate Statistical Network Monitoring) that provides both detection and diagnostic
capabilities. ARANAC's novelty is in the combination of four features. Firstly, it is privacy-aware, and thus,
it does not require detailed information about installed applications but only an aggregate of permissions.
Secondly, it builds a normality model by combining expert knowledge with data, capturing the behavior of
a complete population of mobile devices. Thirdly, it is dynamic, as permissions are updated in real time,
allowing the network to re-assess access control on a continuous basis. Finally, its diagnostic capabilities
allow for giving recommendations to  nal users so that they are capable of mitigating their risks when
accessing networks. We evaluated the approach with more than 80 Android devices at a university campus
network and obtained interesting results regarding security risks in the usual deployment of device apps.},
organization = {Spanish Government-Ministerio de Economia y Competitividad (MINECO)},
organization = {European Commission	TIN2017-83494-R},
publisher = {IEEE},
keywords = {Android permissions},
keywords = {Bring-your-own-device},
keywords = {Mobile security},
keywords = {Network access control},
keywords = {Risk assessment},
title = {ARANAC: A Bring-Your-Own-Permissions Network Access Control Methodology for Android Devices},
doi = {10.1109/ACCESS.2021.3097152},
author = {Gómez Hernández, José Antonio and Camacho Páez, José and Holgado Terriza, Juan Antonio and García Teodoro, Pedro and Macía Fernández, Gabriel},
}