Formal Certification of Android Bytecode

Android is an operating system that has been usedin a majority of mobile devices. Each application in Androidruns in an instance of the Dalvik virtual machine, which isa register-based virtual machine (VM). Most applications forAndroid are developed using Java, compiled to Java bytecodeand then translated to DEX bytecode using the dx tool inthe Android SDK. In this work, we aim to develop a type-based method for certifying non-interference properties of DEXbytecode, following a methodology that has been developed forJava bytecode certification by Barthe et al. To this end, we developa formal operational semantics of the Dalvik VM, a type systemfor DEX bytecode, and prove the soundness of the type systemwith respect to a notion of non-interference. We then studythe translation process from Java bytecode to DEX bytecode,as implemented in the dx tool in the Android SDK. We showthat an abstracted version of the translation from Java bytecodeto DEX bytecode preserves the non-interference property. Moreprecisely, we show that if the Java bytecode is typable in Bartheet al’s type system (which guarantees non-interference) then itstranslation is typable in our type system. This result opens upthe possibility to leverage existing bytecode verifiers for Java tocertify non-interference properties of Android bytecode.