Abstract
Android embodies security mechanisms at both OS and application level. In this platform application security is built primarily upon a system of permissions which specify restrictions on the operations a particular process can perform. The critical role of these security mechanisms makes them a prime target for (formal) verification. We present an idealized model of a reference monitor of the novel mechanisms of Android 6 (and further), where it is possible to grant permissions at run time. Using the programming language of the proof-assistant Coq we have developed a functional implementation of the reference validation mechanism and certified its correctness with respect to the specified reference monitor. Several properties concerning the permission model of Android 6 and its security mechanisms have been formally formulated and proved. Applying the program extraction mechanism provided by Coq we have also derived a certified Haskell prototype of the reference validation mechanism.
Partially funded by project ANII-FCE_1_2014_1_103803: Mecanismos autónomos de seguridad certificados para sistemas computacionales móviles, Uruguay, and by the EU H2020 project Elastest under num. 731535.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A permanent delegated permission represents that an app has delegated permission to perform an operation on the resource identified by an URI. A temporary delegated permission refers to a permission that has been delegated to a component instance.
- 2.
Given a state s, an action a and an error code ec, \( ErrorMsg (s,a,ec)\) holds iff error ec is an acceptable response when the execution of a is requested on state s.
- 3.
Mechanism to trigger actions, on a state, according to the type of event considered.
- 4.
We omit here the formal definition of these functions due to space constraints.
- 5.
We implement the sets in the model with lists of Coq.
References
Anderson, J.P.: Computer Security technology planning study. Technical report, Deputy for Command and Management System, USA (1972)
Android Developers: Application Fundamentals. http://developer.android.com/guide/components/fundamentals.html. Accessed Feb 2018
Android Developers: Requesting Permissions at Run Time. https://developer.android.com/intl/es/training/permissions/requesting.html. Accessed Feb 2018
Android Developers: R.styleable. http://developer.android.com/reference/android/R.styleable.html. Accessed Feb 2018
Armando, A., Carbone, R., Costa, G., Merlo, A.: Android permissions unleashed. In: Fournet, C., Hicks, M., Viganò, L. (eds.) IEEE 28th Computer Security Foundations Symposium, pp. 320–333. IEEE Computer Society (2015)
Balaa, A., Bertot, Y.: Fix-point equations for well-founded recursion in type theory. In: Aagaard, M., Harrison, J. (eds.) TPHOLs 2000. LNCS, vol. 1869, pp. 1–16. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44659-1_1
Barthe, G., Forest, J., Pichardie, D., Rusu, V.: Defining and reasoning about recursive functions: a practical tool for the Coq proof assistant. In: Hagiya, M., Wadler, P. (eds.) FLOPS 2006. LNCS, vol. 3945, pp. 114–129. Springer, Heidelberg (2006). https://doi.org/10.1007/11737414_9
Berghofer, S., Bulwahn, L., Haftmann, F.: Turning inductive into equational specifications. In: Berghofer, S., Nipkow, T., Urban, C., Wenzel, M. (eds.) TPHOLs 2009. LNCS, vol. 5674, pp. 131–146. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03359-9_11
Betarte, G., Campo, J.D., Luna, C., Romano, A.: Verifying Android’s permission model. In: Leucker, M., Rueda, C., Valencia, F.D. (eds.) ICTAC 2015. LNCS, vol. 9399, pp. 485–504. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25150-9_28
Betarte, G., Campo, J.D., Luna, C., Romano, A.: Formal analysis of Android’s permission-based security model. Sci. Ann. Comp. Sci. 26(1), 27–68 (2016)
Bugliesi, M., Calzavara, S., Spanò, A.: Lintent: towards security type-checking of Android applications. In: Beyer, D., Boreale, M. (eds.) FMOODS/FORTE 2013. LNCS, vol. 7892, pp. 289–304. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38592-6_20
Conti, M., Nguyen, V.T.N., Crispo, B.: CRePE: context-related policy enforcement for Android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 331–345. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-18178-8_29
De Angelis, E., Fioravanti, F., Pettorossi, A., Proietti, M.: Program verification via iterated specialization. Sci. Comput. Program. 95, 149–175 (2014)
Felt, A., Wang, H., Moshchuk, A., Hanna, S., Chin, E.: Permission re-delegation: attacks and defenses. In: USENIX Security Symposium. USENIX Association (2011)
Fragkaki, E., Bauer, L., Jia, L., Swasey, D.: Modeling and enhancing Android’s permission system. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 1–18. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33167-1_1
Gartner: Gartner says worldwide sales of smartphones grew 9 percent in first quarter of 2017. Technical report. Gartner Inc. (2017)
GSI: Formal verification of the security model of Android: Coq code. http://www.fing.edu.uy/inco/grupos/gsi/documentos/proyectos/Android6-Coq-model.tar.gz. Accessed Feb 2018
Letouzey, P.: Programmation fonctionnelle certifiée - L’extraction de programmes dans l’assistant Coq. Ph.D. thesis, Université Paris-Sud, July 2004
Letouzey, P.: A new extraction for Coq. In: Geuvers, H., Wiedijk, F. (eds.) TYPES 2002. LNCS, vol. 2646, pp. 200–219. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39185-1_12
Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission model and enforcement with user-defined runtime constraints. In: Proceedings of ASIACCS 2010 (2011)
Open Handset Alliance: Android project. https://source.android.com/. Accessed Feb 2018
Shin, W., Kiyomoto, S., Fukushima, K., Tanaka, T.: A formal model to analyze the permission authorization and enforcement in the android framework. In: SocialCom 2010, pp. 944–951. IEEE Computer Society, Washington, DC (2010)
Shin, W., Kiyomoto, S., Fukushima, K., Tanaka, T.: A first step towards automated permission-enforcement analysis of the android framework. In: SAM 2010, pp. 323–329. CSREA Press (2010)
The Coq Team: The Coq Proof Assistant Reference Manual - Version V8.6 (2016)
Tollitte, P.-N., Delahaye, D., Dubois, C.: Producing certified functional code from inductive specifications. In: Hawblitzel, C., Miller, D. (eds.) CPP 2012. LNCS, vol. 7679, pp. 76–91. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35308-6_9
Utting, M., Legeard, B.: Practical Model-Based Testing: A Tools Approach. Morgan Kaufmann Publishers Inc., San Francisco (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Betarte, G., Campo, J., Gorostiaga, F., Luna, C. (2018). A Certified Reference Validation Mechanism for the Permission Model of Android. In: Fioravanti, F., Gallagher, J. (eds) Logic-Based Program Synthesis and Transformation. LOPSTR 2017. Lecture Notes in Computer Science(), vol 10855. Springer, Cham. https://doi.org/10.1007/978-3-319-94460-9_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-94460-9_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-94459-3
Online ISBN: 978-3-319-94460-9
eBook Packages: Computer ScienceComputer Science (R0)