A formal approach for the verification of the permission-based security model of Android
This article reports on our experiences in applying formal methods to verify the security mechanisms of Android. We have developed a comprehensive formal specification of Android's permission model, which has been used to state and prove properties that establish expected behavior of the proce...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Centro Latinoamericano de Estudios en Informática
2018-08-01
|
| Series: | CLEI Electronic Journal |
| Subjects: | |
| Online Access: | http://clei.org/cleiej-beta/index.php/cleiej/article/view/41 |
| id |
doaj-ef614a8bda7642ff9167e3995030b5a7 |
|---|---|
| record_format |
Article |
| spelling |
doaj-ef614a8bda7642ff9167e3995030b5a72020-11-25T00:21:33ZengCentro Latinoamericano de Estudios en InformáticaCLEI Electronic Journal0717-50002018-08-0121210.19153/cleiej.21.2.3A formal approach for the verification of the permission-based security model of AndroidCarlos Luna0Gustavo Betarte1Juan Campo2Camila Sanz3Maximiliano Cristiá4Felipe Gorostiaga5Facultad de Ingeniería, Universidad de la República, UruguayFacultad de Ingeniería, Universidad de la República, UruguayFacultad de Ingeniería, Universidad de la República, UruguayFacultad de Ingeniería, Universidad de la República, UruguayCIFASIS, Universidad Nacional de Rosario, ArgentinaIMDEA Software Institute, Spain This article reports on our experiences in applying formal methods to verify the security mechanisms of Android. We have developed a comprehensive formal specification of Android's permission model, which has been used to state and prove properties that establish expected behavior of the procedures that enforce the defined access control policy. We are also interested in providing guarantees concerning actual implementations of the mechanisms. Therefore we are following a verification approach that combines the use of idealized models, on which fundamental properties are formally verified, with testing of actual implementations using lightweight model-based techniques. We describe the formalized model, present security properties that have been proved using the Coq proof assistant and propose the use of a certified algorithm for performing verification activities such as monitoring of actual implementations of the platform and also as a testing oracle. http://clei.org/cleiej-beta/index.php/cleiej/article/view/41AndroidFormal idealized modelReference monitorCertified implementationModel-based security testing |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Carlos Luna Gustavo Betarte Juan Campo Camila Sanz Maximiliano Cristiá Felipe Gorostiaga |
| spellingShingle |
Carlos Luna Gustavo Betarte Juan Campo Camila Sanz Maximiliano Cristiá Felipe Gorostiaga A formal approach for the verification of the permission-based security model of Android CLEI Electronic Journal Android Formal idealized model Reference monitor Certified implementation Model-based security testing |
| author_facet |
Carlos Luna Gustavo Betarte Juan Campo Camila Sanz Maximiliano Cristiá Felipe Gorostiaga |
| author_sort |
Carlos Luna |
| title |
A formal approach for the verification of the permission-based security model of Android |
| title_short |
A formal approach for the verification of the permission-based security model of Android |
| title_full |
A formal approach for the verification of the permission-based security model of Android |
| title_fullStr |
A formal approach for the verification of the permission-based security model of Android |
| title_full_unstemmed |
A formal approach for the verification of the permission-based security model of Android |
| title_sort |
formal approach for the verification of the permission-based security model of android |
| publisher |
Centro Latinoamericano de Estudios en Informática |
| series |
CLEI Electronic Journal |
| issn |
0717-5000 |
| publishDate |
2018-08-01 |
| description |
This article reports on our experiences in applying formal methods to verify the security mechanisms of Android. We have developed a comprehensive formal specification of Android's permission model, which has been used to state and prove properties that establish expected behavior of the procedures that enforce the defined access control policy. We are also interested in providing guarantees concerning actual implementations of the mechanisms. Therefore we are following a verification approach that combines the use of idealized models, on which fundamental properties are formally verified, with testing of actual implementations using lightweight model-based techniques. We describe the formalized model, present security properties that have been proved using the Coq proof assistant and propose the use of a certified algorithm for performing verification activities such as monitoring of actual implementations of the platform and also as a testing oracle.
|
| topic |
Android Formal idealized model Reference monitor Certified implementation Model-based security testing |
| url |
http://clei.org/cleiej-beta/index.php/cleiej/article/view/41 |
| work_keys_str_mv |
AT carlosluna aformalapproachfortheverificationofthepermissionbasedsecuritymodelofandroid AT gustavobetarte aformalapproachfortheverificationofthepermissionbasedsecuritymodelofandroid AT juancampo aformalapproachfortheverificationofthepermissionbasedsecuritymodelofandroid AT camilasanz aformalapproachfortheverificationofthepermissionbasedsecuritymodelofandroid AT maximilianocristia aformalapproachfortheverificationofthepermissionbasedsecuritymodelofandroid AT felipegorostiaga aformalapproachfortheverificationofthepermissionbasedsecuritymodelofandroid AT carlosluna formalapproachfortheverificationofthepermissionbasedsecuritymodelofandroid AT gustavobetarte formalapproachfortheverificationofthepermissionbasedsecuritymodelofandroid AT juancampo formalapproachfortheverificationofthepermissionbasedsecuritymodelofandroid AT camilasanz formalapproachfortheverificationofthepermissionbasedsecuritymodelofandroid AT maximilianocristia formalapproachfortheverificationofthepermissionbasedsecuritymodelofandroid AT felipegorostiaga formalapproachfortheverificationofthepermissionbasedsecuritymodelofandroid |
| _version_ |
1725362061140033536 |