Abstract: As a coarse-grained access control mechanism, Android permission model cannot effectively prevent the applications from abusing system resources to launch attacks. In this paper, a behavior-based system resources access control scheme is proposed, to regulate the applications’ behavior in their system resources accessing and prevent the resources from being abused by applications. Firstly, we define a secure behavior pattern for each security-related critical system resource access operation using temporal logic of causal knowledge (TLCK) logic, and dynamically monitor the behavior of the applications. Then, the access control to these system resources is implemented through comparing the applications’ dynamic behavior with the resources’ secure behavior patterns. Compared with the malicious code detection schemes based on malicious behavior signatures, secure behavior patterns are easier to be defined and can be used to detect unknown attacks. Finally, we achieve a behavior-based resources access control system for short message service (SMS) attacks, the most preferred attacks for Android. And the experimental results demonstrate that this scheme has good performance in terms of effectiveness and efficiency.