Skip to main content
SpringerLink
Log in

Software Model Checking for Mobile Security – Collusion Detection in \(\mathbb {K}\)

  • Conference paper
  • First Online:
Model Checking Software (SPIN 2018)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 10869))

Included in the following conference series:

  • 623 Accesses

Abstract

Mobile devices pose a particular security risk because they hold personal details and have capabilities potentially exploitable for eavesdropping. The Android operating system is designed with a number of built-in security features such as application sandboxing and permission-based access control. Unfortunately, these restrictions can be bypassed, without the user noticing, by colluding apps whose combined permissions allow them to carry out attacks that neither app is able to execute by itself. In this paper, we develop a software model-checking approach within the \(\mathbb {K}\) framework that is capable to detect collusion. This involves giving an abstract, formal semantics to Android applications and proving that the applied abstraction principles lead to a finite state space.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://acidproject.org.uk.

  2. 2.

    All experiments are carried out on a Macbook Pro with an Intel i7 2.2 GHz quad-core processor and 16 GB of memory.

References

  1. Android API reference. https://developer.android.com/reference/classes. Accessed 01 May 2018

  2. Android bytecode. https://source.android.com/devices/tech/dalvik/dalvik-bytecode. Accessed 01 May 2018

  3. Alam, M.I., Halder, R., Goswami, H., Pinto, J.S.: K-taint: an executable rewriting logic semantics for taint analysis in the k-framework. In: ENASE, pp. 359–366. SciTePress (2018)

    Google Scholar 

  4. Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Traon, Y.L., Octeau, D., McDaniel, P.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: PLDI 2014, p. 29. ACM (2014)

    Google Scholar 

  5. Asavoae, I.M., Blasco, J., Chen, T.M., Kalutarage, H.K., Muttik, I., Nguyen, H.N., Roggenbach, M., Shaikh, S.A.: Detecting malicious collusion between mobile software applications: the Android\(^{TM}\) case. In: Carrascosa, I.P., Kalutarage, H.K., Huang, Y. (eds.) Data Analytics and Decision Support for Cybersecurity. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59439-2_3

    Chapter  Google Scholar 

  6. Asavoae, I.M., Blasco, J., Chen, T.M., Kalutarage, H.K., Muttik, I., Nguyen, H.N., Roggenbach, M., Shaikh, S.A.: Distinguishing between malicious app collusion and benign app collaboration: a machine learning approach. Virus Bulletin (2018)

    Google Scholar 

  7. Asavoae, I.M., Nguyen, H.N., Roggenbach, M., Shaikh, S.A.: Utilising \(\mathbb{K}\) semantics for collusion detection in Android applications. In: ter Beek, M.H., Gnesi, S., Knapp, A. (eds.) FMICS-AVoCS 2016, pp. 142–149 (2016)

    Google Scholar 

  8. Asavoae, I.M., Nguyen, H.N., Roggenbach, M., Shaikh, S.A.: Software model checking: a promising approach to verify mobile app security. CoRR abs/1706.04741 (2017). http://arxiv.org/abs/1706.04741

  9. Beyer, D., Gulwani, S., Schmidt, D.: Combining model checking and data-flow analysis. In: Clarke, E.M., Henzinger, T.A., Veith, H. (eds.) Handbook on Model Checking. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-10575-8_16

    Chapter  Google Scholar 

  10. Biere, A., Cimatti, A., Clarke, E., Zhu, Y.: Symbolic model checking without BDDs. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol. 1579, pp. 193–207. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-49059-0_14

    Chapter  Google Scholar 

  11. Blasco, J., Chen, T.M., Muttik, I., Roggenbach, M.: Detection of app collusion potential using logic programming. J. Netw. Comput. Appl. 105, 88–104 (2018). https://doi.org/10.1016/j.jnca.2017.12.008

    Article  Google Scholar 

  12. Blasco, J., Muttik, I., Roggenbach, M.: Wild android collusions (2016). https://www.virusbulletin.com/conference/vb2016/

  13. Bogdănaş, D., Roşu, G.: K-Java: a complete semantics of Java. In: POPL 2015. ACM (2015)

    Article  Google Scholar 

  14. Bugiel, S., Davi, L., Dmitrienko, A., Heuser, S., Sadeghi, A.R., Shastry, B.: Practical and lightweight domain isolation on Android. In: SPSM 2011. ACM (2011)

    Google Scholar 

  15. Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71999-1

    Book  MATH  Google Scholar 

  16. Şerbănuţă, T.F., Roşu, G.: K-Maude: a rewriting based tool for semantics of programming languages. In: Ölveczky, P.C. (ed.) WRLA 2010. LNCS, vol. 6381, pp. 104–122. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16310-4_8

    Chapter  MATH  Google Scholar 

  17. Dicker, C.: Android security: delusion to collusion. B.Sc. dissertation, Swansea University (2015)

    Google Scholar 

  18. Hathhorn, C., Ellison, C., Roşu, G.: Defining the undefinedness of C. In: PLDI 2015. ACM (2015)

    Google Scholar 

  19. Kalutarage, H.K., Nguyen, H.N., Shaikh, S.A.: Towards a threat assessment framework for apps collusion. Telecommun. Syst. 66(3), 417–430 (2017). https://doi.org/10.1007/s11235-017-0296-1

    Article  Google Scholar 

  20. Kovacs, E.: Malware abuses Android accessibility feature to steal data (2015). http://www.securityweek.com/malware-abuses-android-accessibility-feature-steal-data

  21. Leroy, X.: Formal verification of a realistic compiler. Commun. ACM 52(7), 107–115 (2009)

    Article  Google Scholar 

  22. Li, L., Bartel, A., Bissyandé, T.F., Klein, J., Le Traon, Y.: ApkCombiner: combining multiple android apps to support inter-app analysis. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IAICT, vol. 455, pp. 513–527. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18467-8_34

    Chapter  Google Scholar 

  23. Lipovsky, R.: ESET analyzes first Android file-encrypting, TOR-enabled ransomware (2014). http://www.welivesecurity.com/2014/06/04/simplocker/

  24. Lunden, I.: 6.1B Smartphone Users Globally By 2020, Overtaking Basic Fixed Phone Subscriptions. http://techcrunch.com/2015/06/02/6-1b-smartphone-users-globally-by-2020-overtaking-basic-fixed-phone-subscriptions/#.pkatr9:RPIH. Accessed 10 Nov 2015

  25. Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer, Heidelberg (1999). https://doi.org/10.1007/978-3-662-03811-6

    Book  MATH  Google Scholar 

  26. Octeau, D., Luchaup, D., Dering, M., Jha, S., McDaniel, P.: Composite constant propagation: application to Android inter-component communication analysis. In: ICSE 2015. IEEE Computer Society (2015)

    Google Scholar 

  27. Octeau, D., Luchaup, D., Jha, S., McDaniel, P.D.: Composite constant propagation and its application to Android program analysis. IEEE Trans. Softw. Eng. 42(11), 999–1014 (2016)

    Article  Google Scholar 

  28. Octeau, D., McDaniel, P., Jha, S., Bartel, A., Bodden, E., Klein, J., Traon, Y.L.: Effective inter-component communication mapping in Android: an essential step towards holistic security analysis. In: Security Symposium. USENIX Association (2013)

    Google Scholar 

  29. Page, C.: MKero: Android malware secretly subscribes victims to premium SMS services (2015). http://www.theinquirer.net/inquirer/news/2425201/mkero-android-malware-secretly-subscribes-victims-to-premium-sms-services

  30. Ravitch, T., Creswick, E.R., Tomb, A., Foltzer, A., Elliott, T., Casburn, L.: Multi-app security analysis with FUSE: statically detecting Android app collusion. In: ACSAC 2014. ACM (2014)

    Google Scholar 

  31. Roşu, G.: From rewriting logic, to programming language semantics, to program verification. In: Martí-Oliet, N., Ölveczky, P.C., Talcott, C. (eds.) Logic, Rewriting, and Concurrency. LNCS, vol. 9200, pp. 598–616. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-23165-5_28

    Chapter  MATH  Google Scholar 

  32. Roşu, G.: Matching logic. In: RTA 2015. LIPIcs, vol. 36, pp. 5–21. SchlossDagstuhl–Leibniz-Zentrum fuer Informatik, July 2015

    Google Scholar 

  33. Roşu, G., Şerbănuţă, T.F.: An overview of the K semantic framework. J. Logic Algebraic Program. 79(6), 397–434 (2010)

    Article  MathSciNet  Google Scholar 

  34. Schlegel, R., Zhang, K., Zhou, X.y., Intwala, M., Kapadia, A., Wang, X.: Soundcomber: a stealthy and context-aware sound Trojan for smartphones. In: NDSS, vol. 11, pp. 17–33 (2011)

    Google Scholar 

  35. Suarez-Tangil, G., Tapiador, J.E., Peris-Lopez, P., Ribagorda, A.: Evolution, detection and analysis of malware for smart devices. IEEE Commun. Surv. Tutor. 16(2), 961–987 (2014)

    Article  Google Scholar 

Download references

Acknowledgments

We would like to thank our colleagues and friends Magne Haveraaen, Alexander Knapp, and Bernd-Holger Schlingloff who commented on early drafts and helped us shape this paper; a special thanks goes to Erwin R. Catesbeijana (Jr.) for pointing out that not all inter app communication leads to collusion.

Author information

Authors and Affiliations

  1. Swansea University, Swansea, UK

    Irina Măriuca Asăvoae & Markus Roggenbach

  2. Coventry University, Coventry, UK

    Hoang Nga Nguyen

Authors
  1. Irina Măriuca Asăvoae
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hoang Nga Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Markus Roggenbach
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Markus Roggenbach .

Editor information

Editors and Affiliations

  1. University of Málaga, Málaga, Spain

    María del Mar Gallardo

  2. University of Málaga, Málaga, Spain

    Pedro Merino

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Asăvoae, I.M., Nguyen, H.N., Roggenbach, M. (2018). Software Model Checking for Mobile Security – Collusion Detection in \(\mathbb {K}\). In: Gallardo, M., Merino, P. (eds) Model Checking Software. SPIN 2018. Lecture Notes in Computer Science(), vol 10869. Springer, Cham. https://doi.org/10.1007/978-3-319-94111-0_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-94111-0_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-94110-3

  • Online ISBN: 978-3-319-94111-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation