{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,28]],"date-time":"2026-02-28T17:32:36Z","timestamp":1772299956555,"version":"3.50.1"},"reference-count":31,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2020,11,14]],"date-time":"2020-11-14T00:00:00Z","timestamp":1605312000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,11,14]],"date-time":"2020-11-14T00:00:00Z","timestamp":1605312000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Inf Syst Front"],"published-print":{"date-parts":[[2021,8]]},"DOI":"10.1007\/s10796-020-10066-9","type":"journal-article","created":{"date-parts":[[2020,11,14]],"date-time":"2020-11-14T04:53:00Z","timestamp":1605329580000},"page":"849-866","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["A Formal Specification of Access Control in Android with URI Permissions"],"prefix":"10.1007","volume":"23","author":[{"given":"Samir","family":"Talegaon","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ram","family":"Krishnan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,11,14]]},"reference":[{"key":"10066_CR1","unstructured":"(2019) Android perm protection lvl \u201cnormal are never re-granted!\u201d https:\/\/issuetracker.google.com\/issues\/129029397, [Online; accessed 21-March-2019]."},{"key":"10066_CR2","unstructured":"(2019a) Android Permissions \u2014 Android Open Source Project. https:\/\/source.android.com\/devices\/tech\/config, [Online; accessed 17-June-2019]."},{"key":"10066_CR3","unstructured":"(2019) Issue about Android\u2019s permission to permission-group mapping. https:\/\/issuetracker.google.com\/issues\/128888710, [Online; accessed 21-March-2019]."},{"key":"10066_CR4","unstructured":"(2019b) Request App Perms \u2014 Android Devs. https:\/\/developer.android.com\/training\/permissions\/requesting\/, [Online; accessed 12-March-2019]."},{"key":"10066_CR5","doi-asserted-by":"crossref","unstructured":"Bagheri, H., Kang, E., Malek, S., & Jackson, D. (2015a). In Intl. Symp. on Formal Methods (pp. 73\u201389): Springer.","DOI":"10.1007\/978-3-319-19249-9_6"},{"issue":"9","key":"10066_CR6","doi-asserted-by":"publisher","first-page":"866","DOI":"10.1109\/TSE.2015.2419611","volume":"41","author":"H Bagheri","year":"2015","unstructured":"Bagheri, H., Sadeghi, A., Garcia, J., & Malek, S. (2015b). COVERT: Compositional analysis of android Inter-App permission leakage. IEEE Transactions on Software Engineering, 41(9), 866\u2013886.","journal-title":"IEEE Transactions on Software Engineering"},{"issue":"5","key":"10066_CR7","doi-asserted-by":"publisher","first-page":"525","DOI":"10.1007\/s00165-017-0445-z","volume":"30","author":"H Bagheri","year":"2018","unstructured":"Bagheri, H., Kang, E., Malek, S., & Jackson, D. (2018). A formal approach for detection of security flaws in the android permission system. Formal Aspects of Computing, 30(5), 525\u2013544.","journal-title":"Formal Aspects of Computing"},{"key":"10066_CR8","first-page":"485","volume-title":"Verifying Android\u2019s Permission Model","author":"G Betarte","year":"2015","unstructured":"Betarte, G., Campo, J.D., Luna, C., & Romano, A. (2015). Verifying Android\u2019s Permission Model, (pp. 485\u2013504). Cham: Springer."},{"issue":"1","key":"10066_CR9","doi-asserted-by":"publisher","first-page":"27","DOI":"10.7561\/SACS.2016.1.27","volume":"26","author":"G Betarte","year":"2016","unstructured":"Betarte, G., Campo, J., Luna, C., & Romano, A. (2016). Formal analysis of android\u2019s Permission-Based security model 1. Scientific Annals of Computer Science, 26(1), 27\u201368.","journal-title":"Scientific Annals of Computer Science"},{"key":"10066_CR10","doi-asserted-by":"crossref","unstructured":"Betarte, G., Campo, J., Cristi\u00e1, M., Gorostiaga, F., Luna, C., & Sanz, C. (2017). Towards formal model-based analysis and testing of android\u2019s security mechanisms. In 2017 XLIII Latin American Computer Conference (CLEI) (pp. 1\u201310): IEEE.","DOI":"10.1109\/CLEI.2017.8226404"},{"key":"10066_CR11","unstructured":"Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R., & Shastry, B. (2012). Towards taming privilege-escalation attacks on android. In NDSS, Citeseer, (Vol. 17 p. 19)."},{"key":"10066_CR12","doi-asserted-by":"crossref","unstructured":"Chin, E., Felt, A.P., Greenwood, K., & Wagner, D. (2011). Analyzing inter-application communication in android. In Proc. of the 9th International Conference on Mobile Systems, Applications, and Services (pp. 239\u2013252).","DOI":"10.1145\/1999995.2000018"},{"key":"10066_CR13","doi-asserted-by":"crossref","unstructured":"Davi, L., Dmitrienko, A., Sadeghi, A.R., & Winandy, M. (2010). Privilege escalation attacks on android. In International conference on Information security (pp. 346\u2013360): Springer.","DOI":"10.1007\/978-3-642-18178-8_30"},{"key":"10066_CR14","doi-asserted-by":"crossref","unstructured":"Enck, W., Ongtang, M., & McDaniel, P. (2009a). On lightweight mobile phone application certification. In Proc. of the 16th ACM Conference on Computer and Communications Security (pp. 235\u2013245).","DOI":"10.1145\/1653662.1653691"},{"key":"10066_CR15","doi-asserted-by":"crossref","unstructured":"Enck, W., Ongtang, M., & McDaniel, P. (2009b). Understanding android security. IEEE security & privacy, pp. 50\u201357.","DOI":"10.1109\/MSP.2009.26"},{"key":"10066_CR16","unstructured":"Enck, W., Octeau, D., McDaniel, P.D., & Chaudhuri, S. (2011). A study of android application security. In USENIX Security Symposium, (Vol. 2 p. 2)."},{"key":"10066_CR17","doi-asserted-by":"crossref","unstructured":"Felt, A.P., Chin, E., Hanna, S., Song, D., & Wagner, D. (2011). Android permissions demystified. In Proc. of the 18th ACM conference on Computer and communications security (pp. 627\u2013638).","DOI":"10.1145\/2046707.2046779"},{"key":"10066_CR18","doi-asserted-by":"publisher","first-page":"1","DOI":"10.21236\/ADA579929","volume-title":"Modeling and Enhancing Android\u2019s Permission System","author":"E Fragkaki","year":"2012","unstructured":"Fragkaki, E., Bauer, L., Jia, L., & Swasey, D. (2012). Modeling and Enhancing Android\u2019s Permission System, (pp. 1\u201318). Berlin: Springer."},{"key":"10066_CR19","doi-asserted-by":"crossref","unstructured":"Geerts, F., Goethals, B., & Mielik\u00e4inen, T. (2004). Tiling databases. In International conference on discovery science (pp. 278\u2013289): Springer.","DOI":"10.1007\/978-3-540-30214-8_22"},{"key":"10066_CR20","unstructured":"Grace, M.C., Zhou, Y., Wang, Z., & Jiang, X. (2012). Systematic detection of capability leaks in stock android smartphones. In NDSS, (Vol. 14 p. 19)."},{"key":"10066_CR21","unstructured":"Guo, Q. (2010). A formal approach to the role mining problem. PhD thesis, Rutgers University-Graduate School-Newark."},{"issue":"6","key":"10066_CR22","doi-asserted-by":"publisher","first-page":"658","DOI":"10.1002\/sec.360","volume":"5","author":"M Ongtang","year":"2012","unstructured":"Ongtang, M., McLaughlin, S., Enck, W., & McDaniel, P. (2012). Semantically rich application-centric security in android. Security and Communication Networks, 5(6), 658\u2013673.","journal-title":"Security and Communication Networks"},{"issue":"2","key":"10066_CR23","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1109\/MSP.2010.2","volume":"8","author":"A Shabtai","year":"2010","unstructured":"Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., & Glezer, C. (2010). Google android: a comprehensive security assessment. IEEE Security & Privacy, 8(2), 35\u201344.","journal-title":"IEEE Security & Privacy"},{"key":"10066_CR24","doi-asserted-by":"crossref","unstructured":"Shin, W., Kiyomoto, S., Fukushima, K., & Tanaka, T. (2010). A formal model to analyze the permission authorization and enforcement in the Android framework. In Proc. - socialcom 2010: 2nd IEEE international conference on social computing, PASSAT 2010: 2nd IEEE International Conference on Privacy, Security, Risk and Trust (pp. 944\u2013951).","DOI":"10.1109\/SocialCom.2010.140"},{"key":"10066_CR25","doi-asserted-by":"crossref","unstructured":"Talegaon, S., & Krishnan, R. (2019). A formal specification of access control in android. In International Conference on Secure Knowledge Management in Artificial Intelligence Era (pp. 101\u2013125): Springer.","DOI":"10.1007\/978-981-15-3817-9_7"},{"key":"10066_CR26","unstructured":"Taylor, V.F., & Martinovic, I. (2016). Quantifying permission-creep in the google play store. arXiv:160601708."},{"key":"10066_CR27","doi-asserted-by":"crossref","unstructured":"Tuncay, G.S., Demetriou, S., Ganju, K., & Gunter, C.A. (2018). Resolving the predicament of android custom permissions. In Proc. 2018 Network and Distributed System Security Symposium. Reston: Internet Society.","DOI":"10.14722\/ndss.2018.23210"},{"key":"10066_CR28","doi-asserted-by":"crossref","unstructured":"Vaidya, J., Atluri, V., & Warner, J. (2006). Roleminer: mining roles using subset enumeration. In Proceedings of the 13th ACM conference on Computer and communications security (pp. 144\u2013153).","DOI":"10.1145\/1180405.1180424"},{"key":"10066_CR29","doi-asserted-by":"crossref","unstructured":"Vaidya, J., Atluri, V., & Guo, Q. (2007). The role mining problem: finding a minimal descriptive set of roles. In Proceedings of the 12th ACM symposium on Access control models and technologies (pp. 175\u2013184).","DOI":"10.1145\/1266840.1266870"},{"issue":"3","key":"10066_CR30","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1805974.1805983","volume":"13","author":"J Vaidya","year":"2010","unstructured":"Vaidya, J., Atluri, V., & Guo, Q. (2010). The role mining problem: a formal perspective. ACM Transactions on Information and System Security (TISSEC), 13(3), 1\u201331.","journal-title":"ACM Transactions on Information and System Security (TISSEC)"},{"key":"10066_CR31","doi-asserted-by":"crossref","unstructured":"Wei, X., Gomez, L., Neamtiu, I., & Faloutsos, M. (2012). Permission evolution in the android ecosystem. In Proc. of the 28th Annual Computer Security Applications Conference (pp. 31\u201340).","DOI":"10.1145\/2420950.2420956"}],"container-title":["Information Systems Frontiers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-020-10066-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10796-020-10066-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-020-10066-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,9,8]],"date-time":"2021-09-08T03:52:49Z","timestamp":1631073169000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10796-020-10066-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,11,14]]},"references-count":31,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2021,8]]}},"alternative-id":["10066"],"URL":"https:\/\/doi.org\/10.1007\/s10796-020-10066-9","relation":{},"ISSN":["1387-3326","1572-9419"],"issn-type":[{"value":"1387-3326","type":"print"},{"value":"1572-9419","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,11,14]]},"assertion":[{"value":"10 September 2020","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 November 2020","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}