A formal approach for the verification of the permission-based security model of Android

A formal approach for the verification of the permission-based security model of Android

This article reports on our experiences in applying formal methods to verify the security mechanisms of Android. We have developed a comprehensive formal specification of Android's permission model, which has been used to state and prove properties that establish expected behavior of the proce...

Full description

Bibliographic Details
Main Authors: Carlos Luna, Gustavo Betarte, Juan Campo, Camila Sanz, Maximiliano Cristiá, Felipe Gorostiaga
Format: Article
Language:English
Published: Centro Latinoamericano de Estudios en Informática 2018-08-01
Series:CLEI Electronic Journal
Subjects:
Android
Formal idealized model
Reference monitor
Certified implementation
Model-based security testing
Online Access:http://clei.org/cleiej-beta/index.php/cleiej/article/view/41
Description
Summary:This article reports on our experiences in applying formal methods to verify the security mechanisms of Android. We have developed a comprehensive formal specification of Android's permission model, which has been used to state and prove properties that establish expected behavior of the procedures that enforce the defined access control policy. We are also interested in providing guarantees concerning actual implementations of the mechanisms. Therefore we are following a verification approach that combines the use of idealized models, on which fundamental properties are formally verified, with testing of actual implementations using lightweight model-based techniques. We describe the formalized model, present security properties that have been proved using the Coq proof assistant and propose the use of a certified algorithm for performing verification activities such as monitoring of actual implementations of the platform and also as a testing oracle.
ISSN:0717-5000

Similar Items