<rdf:RDF xmlns:rdf="http://www.openarchives.org/OAI/2.0/rdf/" xmlns:ow="http://www.ontoweb.org/ontology/1#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:ds="http://dspace.org/ds/elements/1.1/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:doc="http://www.lyncode.com/xoai" xsi:schemaLocation="http://www.openarchives.org/OAI/2.0/rdf/ http://www.openarchives.org/OAI/2.0/rdf.xsd">
   <ow:Publication rdf:about="oai:digibug.ugr.es:10481/70348">
      <dc:title>ARANAC: A Bring-Your-Own-Permissions Network Access Control Methodology for Android Devices</dc:title>
      <dc:creator>Gómez Hernández, José Antonio</dc:creator>
      <dc:creator>Camacho Páez, José</dc:creator>
      <dc:creator>Holgado Terriza, Juan Antonio</dc:creator>
      <dc:creator>García Teodoro, Pedro</dc:creator>
      <dc:creator>Macía Fernández, Gabriel</dc:creator>
      <dc:subject>Android permissions</dc:subject>
      <dc:subject>Bring-your-own-device</dc:subject>
      <dc:subject>Mobile security</dc:subject>
      <dc:subject>Network access control</dc:subject>
      <dc:subject>Risk assessment</dc:subject>
      <dc:description>This work was supported in part by the Spanish Government-Ministerio de Economia y Competitividad (MINECO), and in part by the European Regional Development Fund (ERDF) under Project TIN2017-83494-R.</dc:description>
      <dc:description>In this paper, we introduce a new methodology for network access control for Android&#xd;
devices based on app risk assessment. Named ARANAC (which stands for Application Risk Assessment&#xd;
based Network Access Control), this methodology is specially tailored for scenarios using the Bring-Your-&#xd;
Own-Device (BYOD) policy, where the adoption of some solutions can lead to problems in security and&#xd;
privacy for both the employees and the business organization. ARANAC mainly relies on the analysis of an&#xd;
aggregate of permissions declared in the manifests of installed applications on users' devices. The access&#xd;
control scheme combines three operational modules: i) a device monitoring tool, ii) a novel permission-based&#xd;
risk model, and iii) an anomaly-based detection machine learning module based on a methodology (called&#xd;
MSNM, from Multivariate Statistical Network Monitoring) that provides both detection and diagnostic&#xd;
capabilities. ARANAC's novelty is in the combination of four features. Firstly, it is privacy-aware, and thus,&#xd;
it does not require detailed information about installed applications but only an aggregate of permissions.&#xd;
Secondly, it builds a normality model by combining expert knowledge with data, capturing the behavior of&#xd;
a complete population of mobile devices. Thirdly, it is dynamic, as permissions are updated in real time,&#xd;
allowing the network to re-assess access control on a continuous basis. Finally, its diagnostic capabilities&#xd;
allow for giving recommendations to  nal users so that they are capable of mitigating their risks when&#xd;
accessing networks. We evaluated the approach with more than 80 Android devices at a university campus&#xd;
network and obtained interesting results regarding security risks in the usual deployment of device apps.</dc:description>
      <dc:date>2021-09-22T08:11:47Z</dc:date>
      <dc:date>2021-09-22T08:11:47Z</dc:date>
      <dc:date>2021-07-14</dc:date>
      <dc:type>journal article</dc:type>
      <dc:identifier>J. A. Gómez-Hernández... [et al.]. "ARANAC: A Bring-Your-Own-Permissions Network Access Control Methodology for Android Devices," in IEEE Access, vol. 9, pp. 101321-101334, 2021, doi: [10.1109/ACCESS.2021.3097152]</dc:identifier>
      <dc:identifier>http://hdl.handle.net/10481/70348</dc:identifier>
      <dc:identifier>10.1109/ACCESS.2021.3097152</dc:identifier>
      <dc:language>eng</dc:language>
      <dc:rights>http://creativecommons.org/licenses/by/3.0/es/</dc:rights>
      <dc:rights>open access</dc:rights>
      <dc:rights>Atribución 3.0 España</dc:rights>
      <dc:publisher>IEEE</dc:publisher>
   </ow:Publication>
</rdf:RDF>