Opendata, web and dolomites


Mining Sandboxes for Automatic App Protection

Total Cost €


EC-Contrib. €






Project "BOXMATE" data sheet

The following table provides information about the project.


Organization address
address: CAMPUS
postcode: 66123

contact info
title: n.a.
name: n.a.
surname: n.a.
function: n.a.
email: n.a.
telephone: n.a.
fax: n.a.

 Coordinator Country Germany [DE]
 Total cost 150˙000 €
 EC max contribution 150˙000 € (100%)
 Programme 1. H2020-EU.1.1. (EXCELLENT SCIENCE - European Research Council (ERC))
 Code Call ERC-2016-PoC
 Funding Scheme ERC-POC
 Starting year 2017
 Duration (year-month-day) from 2017-09-01   to  2019-02-28


Take a look of project's partnership.

# participants  country  role  EC contrib. [€] 


 Project objective

Today’s industry is more vulnerable to cyberattacks than ever. The biggest threat comes from advanced persistent threats that targets the sensitive data of a specific company. Such a threat may come along as an innocuous app that starts its malicious behavior only when the mobile logs into the corporate network. At the same time, such threats can be made undetectable through testing or code analysis. The ERC SPECMATE project has developed a technology named BOXMATE that protects against unexpected changes of app behavior and thus drastically reduces the attack surface of mobile applications. The key idea is to mine app behavior by executing generated tests, systematically exploring the program’s accesses to sensitive data. During production, the app then is placed in a sandbox, which prohibits accesses not seen during testing. This combination of test generation and sandboxing effectively protects against advanced persistent threats. To access sensitive data during production, the app already must do so during testing—where tracing makes it easy to discover and assess. BOXMATE neither does not need to collect user data: All app behavior is assessed during testing already. Finally, BOXMATE requires no knowledge about source or binary code, and thus easily handles arbitrarily obfuscated or obscure third-party apps. BOXMATE is currently being patented worldwide. We want to turn the BOXMATE approach into a full mobile security solution for corporate and end users. This proposal aims at producing a full-fledged prototype that can be demonstrated to potential customers, most notably app vendors and mobile infrastructure providers; as well as developing an adequate marketing strategy exploring and responding to the needs of the market. This proposal is fueled by the principal investigator, Andreas Zeller, one of the world’s leading experts in software test generation and specification mining.


year authors and title journal last update
List of publications.
2019 Nataniel P. Borges, Andreas Zeller
Why does this App need this Data? Automatic Tightening of Resource Access
published pages: , ISSN: , DOI:
ICST 2019 - 12th International Conference on Software Testing, Verification and Validation 2019-09-02

Are you the coordinator (or a participant) of this project? Plaese send me more information about the "BOXMATE" project.

For instance: the website url (it has not provided by EU-opendata yet), the logo, a more detailed description of the project (in plain text as a rtf file or a word file), some pictures (as picture files, not embedded into any word file), twitter account, linkedin page, etc.

Send me an  email ( and I put them in your project's page as son as possible.

Thanks. And then put a link of this page into your project's website.

The information about "BOXMATE" are provided by the European Opendata Portal: CORDIS opendata.

More projects from the same programme (H2020-EU.1.1.)

NanoPD_P (2020)

High throughput multiplexed trace-analyte screening for diagnostics applications

Read More  


Streamlined carbon dioxide conversion in ionic liquids – a platform strategy for modern carbonylation chemistry

Read More  

FuncMAB (2019)

High-throughput single-cell phenotypic analysis of functional antibody repertoires

Read More