Abstract
Mobile devices pose a particular security risk because they hold personal details and have capabilities potentially exploitable for eavesdropping. The Android operating system is designed with a number of built-in security features such as application sandboxing and permission-based access control. Unfortunately, these restrictions can be bypassed, without the user noticing, by colluding apps whose combined permissions allow them to carry out attacks that neither app is able to execute by itself. In this paper, we develop a software model-checking approach within the \(\mathbb {K}\) framework that is capable to detect collusion. This involves giving an abstract, formal semantics to Android applications and proving that the applied abstraction principles lead to a finite state space.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
All experiments are carried out on a Macbook Pro with an Intel i7 2.2 GHz quad-core processor and 16 GB of memory.
References
Android API reference. https://developer.android.com/reference/classes. Accessed 01 May 2018
Android bytecode. https://source.android.com/devices/tech/dalvik/dalvik-bytecode. Accessed 01 May 2018
Alam, M.I., Halder, R., Goswami, H., Pinto, J.S.: K-taint: an executable rewriting logic semantics for taint analysis in the k-framework. In: ENASE, pp. 359–366. SciTePress (2018)
Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Traon, Y.L., Octeau, D., McDaniel, P.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: PLDI 2014, p. 29. ACM (2014)
Asavoae, I.M., Blasco, J., Chen, T.M., Kalutarage, H.K., Muttik, I., Nguyen, H.N., Roggenbach, M., Shaikh, S.A.: Detecting malicious collusion between mobile software applications: the Android\(^{TM}\) case. In: Carrascosa, I.P., Kalutarage, H.K., Huang, Y. (eds.) Data Analytics and Decision Support for Cybersecurity. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59439-2_3
Asavoae, I.M., Blasco, J., Chen, T.M., Kalutarage, H.K., Muttik, I., Nguyen, H.N., Roggenbach, M., Shaikh, S.A.: Distinguishing between malicious app collusion and benign app collaboration: a machine learning approach. Virus Bulletin (2018)
Asavoae, I.M., Nguyen, H.N., Roggenbach, M., Shaikh, S.A.: Utilising \(\mathbb{K}\) semantics for collusion detection in Android applications. In: ter Beek, M.H., Gnesi, S., Knapp, A. (eds.) FMICS-AVoCS 2016, pp. 142–149 (2016)
Asavoae, I.M., Nguyen, H.N., Roggenbach, M., Shaikh, S.A.: Software model checking: a promising approach to verify mobile app security. CoRR abs/1706.04741 (2017). http://arxiv.org/abs/1706.04741
Beyer, D., Gulwani, S., Schmidt, D.: Combining model checking and data-flow analysis. In: Clarke, E.M., Henzinger, T.A., Veith, H. (eds.) Handbook on Model Checking. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-10575-8_16
Biere, A., Cimatti, A., Clarke, E., Zhu, Y.: Symbolic model checking without BDDs. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol. 1579, pp. 193–207. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-49059-0_14
Blasco, J., Chen, T.M., Muttik, I., Roggenbach, M.: Detection of app collusion potential using logic programming. J. Netw. Comput. Appl. 105, 88–104 (2018). https://doi.org/10.1016/j.jnca.2017.12.008
Blasco, J., Muttik, I., Roggenbach, M.: Wild android collusions (2016). https://www.virusbulletin.com/conference/vb2016/
Bogdănaş, D., Roşu, G.: K-Java: a complete semantics of Java. In: POPL 2015. ACM (2015)
Bugiel, S., Davi, L., Dmitrienko, A., Heuser, S., Sadeghi, A.R., Shastry, B.: Practical and lightweight domain isolation on Android. In: SPSM 2011. ACM (2011)
Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71999-1
Şerbănuţă, T.F., Roşu, G.: K-Maude: a rewriting based tool for semantics of programming languages. In: Ölveczky, P.C. (ed.) WRLA 2010. LNCS, vol. 6381, pp. 104–122. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16310-4_8
Dicker, C.: Android security: delusion to collusion. B.Sc. dissertation, Swansea University (2015)
Hathhorn, C., Ellison, C., Roşu, G.: Defining the undefinedness of C. In: PLDI 2015. ACM (2015)
Kalutarage, H.K., Nguyen, H.N., Shaikh, S.A.: Towards a threat assessment framework for apps collusion. Telecommun. Syst. 66(3), 417–430 (2017). https://doi.org/10.1007/s11235-017-0296-1
Kovacs, E.: Malware abuses Android accessibility feature to steal data (2015). http://www.securityweek.com/malware-abuses-android-accessibility-feature-steal-data
Leroy, X.: Formal verification of a realistic compiler. Commun. ACM 52(7), 107–115 (2009)
Li, L., Bartel, A., Bissyandé, T.F., Klein, J., Le Traon, Y.: ApkCombiner: combining multiple android apps to support inter-app analysis. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IAICT, vol. 455, pp. 513–527. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18467-8_34
Lipovsky, R.: ESET analyzes first Android file-encrypting, TOR-enabled ransomware (2014). http://www.welivesecurity.com/2014/06/04/simplocker/
Lunden, I.: 6.1B Smartphone Users Globally By 2020, Overtaking Basic Fixed Phone Subscriptions. http://techcrunch.com/2015/06/02/6-1b-smartphone-users-globally-by-2020-overtaking-basic-fixed-phone-subscriptions/#.pkatr9:RPIH. Accessed 10 Nov 2015
Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer, Heidelberg (1999). https://doi.org/10.1007/978-3-662-03811-6
Octeau, D., Luchaup, D., Dering, M., Jha, S., McDaniel, P.: Composite constant propagation: application to Android inter-component communication analysis. In: ICSE 2015. IEEE Computer Society (2015)
Octeau, D., Luchaup, D., Jha, S., McDaniel, P.D.: Composite constant propagation and its application to Android program analysis. IEEE Trans. Softw. Eng. 42(11), 999–1014 (2016)
Octeau, D., McDaniel, P., Jha, S., Bartel, A., Bodden, E., Klein, J., Traon, Y.L.: Effective inter-component communication mapping in Android: an essential step towards holistic security analysis. In: Security Symposium. USENIX Association (2013)
Page, C.: MKero: Android malware secretly subscribes victims to premium SMS services (2015). http://www.theinquirer.net/inquirer/news/2425201/mkero-android-malware-secretly-subscribes-victims-to-premium-sms-services
Ravitch, T., Creswick, E.R., Tomb, A., Foltzer, A., Elliott, T., Casburn, L.: Multi-app security analysis with FUSE: statically detecting Android app collusion. In: ACSAC 2014. ACM (2014)
Roşu, G.: From rewriting logic, to programming language semantics, to program verification. In: Martí-Oliet, N., Ölveczky, P.C., Talcott, C. (eds.) Logic, Rewriting, and Concurrency. LNCS, vol. 9200, pp. 598–616. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-23165-5_28
Roşu, G.: Matching logic. In: RTA 2015. LIPIcs, vol. 36, pp. 5–21. SchlossDagstuhl–Leibniz-Zentrum fuer Informatik, July 2015
Roşu, G., Şerbănuţă, T.F.: An overview of the K semantic framework. J. Logic Algebraic Program. 79(6), 397–434 (2010)
Schlegel, R., Zhang, K., Zhou, X.y., Intwala, M., Kapadia, A., Wang, X.: Soundcomber: a stealthy and context-aware sound Trojan for smartphones. In: NDSS, vol. 11, pp. 17–33 (2011)
Suarez-Tangil, G., Tapiador, J.E., Peris-Lopez, P., Ribagorda, A.: Evolution, detection and analysis of malware for smart devices. IEEE Commun. Surv. Tutor. 16(2), 961–987 (2014)
Acknowledgments
We would like to thank our colleagues and friends Magne Haveraaen, Alexander Knapp, and Bernd-Holger Schlingloff who commented on early drafts and helped us shape this paper; a special thanks goes to Erwin R. Catesbeijana (Jr.) for pointing out that not all inter app communication leads to collusion.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Asăvoae, I.M., Nguyen, H.N., Roggenbach, M. (2018). Software Model Checking for Mobile Security – Collusion Detection in \(\mathbb {K}\). In: Gallardo, M., Merino, P. (eds) Model Checking Software. SPIN 2018. Lecture Notes in Computer Science(), vol 10869. Springer, Cham. https://doi.org/10.1007/978-3-319-94111-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-94111-0_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-94110-3
Online ISBN: 978-3-319-94111-0
eBook Packages: Computer ScienceComputer Science (R0)