CRêPE: A system for enforcing fine-grained context-related policies on android

Mauro Conti, Bruno Crispo, Earlence Fernandes, Yury Zhauniarovich

Research output: Contribution to journalArticle

58 Citations (Scopus)


Current smartphone systems allow the user to use only marginally contextual information to specify the behavior of the applications: this hinders the wide adoption of this technology to its full potential. In this paper, we fill this gap by proposing CRêPE, a fine-grained Context-Related Policy Enforcement System for Android. While the concept of context-related access control is not new, this is the first work that brings this concept into the smartphone environment. In particular, in our work, a context can be defined by: the status of variables sensed by physical (low level) sensors, like time and location; additional processing on these data via software (high level) sensors; or particular interactions with the users or third parties. CRêPE allows context-related policies to be set (even at runtime) by both the user and authorized third parties locally (via an application) or remotely (via SMS, MMS, Bluetooth, and QR-code). A thorough set of experiments shows that our full implementation of CRêPE has a negligible overhead in terms of energy consumption, time, and storage, making our system ready for a production environment.

Original languageEnglish
Article number6215040
Pages (from-to)1426-1438
Number of pages13
JournalIEEE Transactions on Information Forensics and Security
Issue number5
Publication statusPublished - 20 Sep 2012



  • Android security
  • context policy
  • smartphone security

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Cite this