Cluster Computing

, Volume 22, Supplement 6, pp 14049–14059 | Cite as

A formal framework for software faults and permissions based on unified theory of programming

  • Zhilin Zhu
  • Xiaojian LiuEmail author


Safety and security are essential properties required by network and mobile applications. The former is concerned with detection of software faults and recovery from failures, and the latter is mainly about specifying and enforcing security policies. However, how to precisely understand and formally specify essential notations in safety and security disciplines, and how to integrate these properties with functional behaviour of programs, are still open issues. For this sake, in this paper, we propose a formal framework, trying to interpret safety and security notations on a common ontology, and combine security property with functional specification in a unified formalism. Our main contributions are two-folds: first, we formally define the notions of fault, failure and error in the traditional state-based model; and secondly, formally define permission mechanism in Android security system, and represent Hoare triples for security-related actions.


Safety Security Faults Semantics Permission Android Formal methods 



The authors acknowledge the Shaanxi Province Natural Science Foundation research project (Grant No. 2017JM6105) for support.


  1. 1.
    Tabuada, P., Caliskan, S.Y., Rungger, M., et al.: Towards robustness for cyber-physical systems. IEEE Trans. Autom. Control 59(12), 3151–3163 (2014)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Suareztangil, G., Tapiador, J.E., Perislopez, P., et al.: Evolution, detection and analysis of malware for smart devices. IEEE Commun. Surv. Tutor. 16(2), 961–987 (2014)CrossRefGoogle Scholar
  3. 3.
    Sufatrio, T.D.J., Chua, T., et al.: Securing android: a survey, taxonomy, and challenges. ACM Comput. Surv. 47(4), 58–102 (2015)CrossRefGoogle Scholar
  4. 4.
    Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., et al.: Taintdroid: an information flow tracking system for real-time privacy monitoring on smartphones. Commun. ACM 57(3), 99–106 (2014)CrossRefGoogle Scholar
  5. 5.
    Zhu, H., He, J., Qin, S., et al.: Denotational semantics and its algebraic derivation for an event-driven system-level language. Formal Aspects Comput. 27(1), 133–166 (2015)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Avizienis, A., Laprie, J.C., Randell, B., et al.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Depend. Secur. Comput. 1(1), 11–33 (2004)CrossRefGoogle Scholar
  7. 7.
    Cristian, F.: A rigorous approach to fault-tolerant programming]. IEEE Trans. Softw. Eng. 11(1), 23–31 (1985)CrossRefGoogle Scholar
  8. 8.
    Sari, A., Akkaya, M.: Fault tolerance mechanisms in distributed systems. Int. J. Commun. Netw. Syst. Sci. 8(12), 471–482 (2015)Google Scholar
  9. 9.
    Chen, J., Ebnenasir, A., Kulkarni, S.S., et al.: The complexity of adding multitolerance. ACM Trans. Auton. Adapt. Syst. 9(3), 15–48 (2014)Google Scholar
  10. 10.
    Natella, R., Cotroneo, D., Madeira, H., et al.: Assessing dependability with software fault injection: a survey. ACM Comput. Surv. 48(3), 44–98 (2016)CrossRefGoogle Scholar
  11. 11.
    Zheng, P., Qi, Y., Zhou, Y., et al.: An automatic framework for detecting and characterizing performance degradation of software systems. IEEE Trans. Reliab. 63(4), 927–943 (2014)CrossRefGoogle Scholar
  12. 12.
    Cotroneo, D., Natella, R., Pietrantuono, R., et al.: A survey of software aging and rejuvenation studies. ACM J. Emerg. Technol. Comput. Syst. 10(1), 8–42 (2014)CrossRefGoogle Scholar
  13. 13.
    Hajisheykhi, R., Roohitavaf, M., Kulkarni, S.S., et al.: Bounded auditable restoration of distributed systems. IEEE Trans. Comput. 66(2), 240–255 (2017)MathSciNetzbMATHGoogle Scholar
  14. 14.
    Dubey, A., Karsai, G.: Software health management. Innov. Syst. Softw. Eng. 9(4), 217–217 (2013)CrossRefGoogle Scholar
  15. 15.
    Schneider, C., Barker, A., Dobson, S., et al.: A survey of self-healing systems frameworks. Softw. Pract. Exp. 45(10), 1375–1398 (2015)CrossRefGoogle Scholar
  16. 16.
    Peng, M., Wang, C., Li, J., et al.: Recent advances in underlay heterogeneous networks: interference control, resource allocation, and self-organization. IEEE Commun. Surv. Tutor. 17(2), 700–729 (2015)CrossRefGoogle Scholar
  17. 17.
    Long, F., Sidirogloudouskos, S., Rinard, M.C., et al.: Automatic runtime error repair and containment via recovery shepherding. Program. Lang. Des. Implement. 49(6), 227–238 (2014)Google Scholar
  18. 18.
    Sheen, S., Anitha, R., Natarajan, V., et al.: Android based malware detection using a multifeature collaborative decision fusion approach. Neurocomputing 151(3), 905–912 (2015)CrossRefGoogle Scholar
  19. 19.
    Arzt, S., Rasthofer, S., Fritz, C., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. Program. Lang. Des. Implement. 49(6), 259–269 (2014)Google Scholar
  20. 20.
    Ham, Y.J., Lee, H.-W.: Detection of malicious android mobile applications based on aggregated system call events. Int. J. Comput. Commun. Eng. 3(2), 149–154 (2014)CrossRefGoogle Scholar
  21. 21.
    Dijkstra, E.W.: Guarded commands, nondeterminacy and formal derivation of programs. Commun. ACM 18(8), 453–457 (1975)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.School of Information and Electronic EngineeringShandong Technology and Business University (Key Laboratory of Sensing Technology and Control in Universities of Shandong)YantaiChina
  2. 2.School of Computer Science and TechnologyXi’an University of Science and TechnologyXi’anChina

Personalised recommendations