Detection of Design Flaws in the Android Permission Protocol Through Bounded Verification
نویسندگان
چکیده
The ever increasing expansion of mobile applications into nearly every aspect of modern life, from banking to healthcare systems, is making their security more important than ever. Modern smartphone operating systems (OS) rely substantially on the permission-based security model to enforce restrictions on the operations that each application can perform. In this paper, we perform an analysis of the permission protocol implemented in Android, a popular OS for smartphones. We propose a formal model of the Android permission protocol in Alloy, and describe a fully automatic analysis that identifies potential flaws in the protocol. A study of real-world Android applications corroborates our finding that the flaws in the Android permission protocol can have severe security implications, in some cases allowing the attacker to bypass the permission checks entirely.
منابع مشابه
A NEW PROTOCOL MODEL FOR VERIFICATION OF PAYMENT ORDER INFORMATION INTEGRITY IN ONLINE E-PAYMENT SYSTEM USING ELLIPTIC CURVE DIFFIE-HELLMAN KEY AGREEMENT PROTOCOL
Two parties that conduct a business transaction through the internet do not see each other personally nor do they exchange any document neither any money hand-to-hand currency. Electronic payment is a way by which the two parties transfer the money through the internet. Therefore integrity of payment and order information of online purchase is an important concern. With online purchase the cust...
متن کاملFormal verification : an imperative step in the design of security protocols q
Traditionally, security protocols have been designed and verified using informal techniques. However, the absence of formal verification can lead to security errors remaining undetected. Formal verification techniques, on the other hand, provide a systematic way of discovering protocol flaws. This paper discusses the process of formal verification using modal logics. The verification process is...
متن کاملریسک سنج: ابزاری برای سنجش دقیق میزان ریسک امنیتی برنامهها در دستگاههای همراه
Nowadays smartphones and tablets are widely used due to their various capabilities and features for end users. In these devices, accessing a wide range of services and sensitive information including private personal data, contact list, geolocation, sending and receiving messages, accessing social networks and etc. are provided via numerous application programs. These types of accessibilities, ...
متن کاملProtocol Vulnerabilities in Practice: Causes, Modeling and Automatic Detection
Starting from practical scenarios we underline that the most relevant security vulnerabilities in practice come from weak protocol design or implementation flaws rather than from weak or flawed cryptography. In particular, we outline security vulnerabilities in several kinds of scenarios starting from well explored fields such as computer networks to less explored ones from the automotive indus...
متن کاملA Robust Client Verification in cloud enabled m-Commerce using Gaining Protocol
The proposed system highlights a novel approach of exclusive verification process using gain protocol for ensuring security among both the parties (client-service provider) in mcommerce application with cloud enabled service. The proposed system is based on the potential to verify the clients with trusted hand held device depending on the set of frequent events and actions to be carried out. Th...
متن کامل