A certified reference validation mechanism for the permission model of Android
نویسندگان
چکیده
Android embodies security mechanisms at both OS and application level. In this platform application security is built primarily upon a system of permissions which specify restrictions on the operations a particular process can perform. The critical role of these security mechanisms makes them a prime target for (formal) verification. We present an idealized model of a reference monitor of the novel mechanisms of Android 6 (and further), where it is possible to grant permissions at run time. Using the programming language of the proof-assistant Coq we have developed a functional implementation of the reference validation mechanism and certified its correctness with respect to the specified reference monitor. Several properties concerning the permission model of Android 6 and its security mechanisms have been formally formulated and proved. Applying the program extraction mechanism provided by Coq we have also derived a certified Haskell prototype of the reference validation mechanism.
منابع مشابه
ریسک سنج: ابزاری برای سنجش دقیق میزان ریسک امنیتی برنامهها در دستگاههای همراه
Nowadays smartphones and tablets are widely used due to their various capabilities and features for end users. In these devices, accessing a wide range of services and sensitive information including private personal data, contact list, geolocation, sending and receiving messages, accessing social networks and etc. are provided via numerous application programs. These types of accessibilities, ...
متن کاملA Contextually-Aware, Privacy-Preserving Android Permission Model
Smartphones contain a large amount of highly personal data, much of it accessible to third-party applications. Much of this information is safeguarded by a permission model, which regulates access to this information. This work primarily focuses on improving the Android permission model, which is known to have notoriously large amounts of sensitive data leakage, but many of its findings can be ...
متن کاملAppGuard — Real-time policy en- forcement for third-party applications
Android has become the most popular operating system for mobile devices, which makes it a prominent target for malicious software. The security concept of Android is based on app isolation and access control for critical system resources. However, users can only review and accept permission requests at install time, or else they cannot install an app at all. Android neither supports permission ...
متن کاملDPerm: Assisting the Migration of Android Apps to Runtime Permissions
Android apps require permissions when accessing resources related to privacy or system integrity. Starting from Android 6, these permissions have to be asked at runtime. However, migrating to the new permission model poses multiple challenges for developers. First, developers have to discover where the app uses permissions, which requires a permission specification. To date several such specifi...
متن کاملPermission based Android security: Issues and countermeasures
Android security has been a hot spot recently in both academic research and public concerns due to numerous instances of security attacks and privacy leakage on Android platform. Android security has been built upon a permission based mechanism which restricts accesses of third-party Android applications to critical resources on an Android device. Such permission based mechanism is widely criti...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1709.03652 شماره
صفحات -
تاریخ انتشار 2017