Skip to main content

A formal framework for software faults and permissions based on unified theory of programming

Abstract

Safety and security are essential properties required by network and mobile applications. The former is concerned with detection of software faults and recovery from failures, and the latter is mainly about specifying and enforcing security policies. However, how to precisely understand and formally specify essential notations in safety and security disciplines, and how to integrate these properties with functional behaviour of programs, are still open issues. For this sake, in this paper, we propose a formal framework, trying to interpret safety and security notations on a common ontology, and combine security property with functional specification in a unified formalism. Our main contributions are two-folds: first, we formally define the notions of fault, failure and error in the traditional state-based model; and secondly, formally define permission mechanism in Android security system, and represent Hoare triples for security-related actions.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4

References

  1. Tabuada, P., Caliskan, S.Y., Rungger, M., et al.: Towards robustness for cyber-physical systems. IEEE Trans. Autom. Control 59(12), 3151–3163 (2014)

    MathSciNet  Article  Google Scholar 

  2. Suareztangil, G., Tapiador, J.E., Perislopez, P., et al.: Evolution, detection and analysis of malware for smart devices. IEEE Commun. Surv. Tutor. 16(2), 961–987 (2014)

    Article  Google Scholar 

  3. Sufatrio, T.D.J., Chua, T., et al.: Securing android: a survey, taxonomy, and challenges. ACM Comput. Surv. 47(4), 58–102 (2015)

    Article  Google Scholar 

  4. Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., et al.: Taintdroid: an information flow tracking system for real-time privacy monitoring on smartphones. Commun. ACM 57(3), 99–106 (2014)

    Article  Google Scholar 

  5. Zhu, H., He, J., Qin, S., et al.: Denotational semantics and its algebraic derivation for an event-driven system-level language. Formal Aspects Comput. 27(1), 133–166 (2015)

    MathSciNet  Article  Google Scholar 

  6. Avizienis, A., Laprie, J.C., Randell, B., et al.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Depend. Secur. Comput. 1(1), 11–33 (2004)

    Article  Google Scholar 

  7. Cristian, F.: A rigorous approach to fault-tolerant programming]. IEEE Trans. Softw. Eng. 11(1), 23–31 (1985)

    Article  Google Scholar 

  8. Sari, A., Akkaya, M.: Fault tolerance mechanisms in distributed systems. Int. J. Commun. Netw. Syst. Sci. 8(12), 471–482 (2015)

    Google Scholar 

  9. Chen, J., Ebnenasir, A., Kulkarni, S.S., et al.: The complexity of adding multitolerance. ACM Trans. Auton. Adapt. Syst. 9(3), 15–48 (2014)

    Google Scholar 

  10. Natella, R., Cotroneo, D., Madeira, H., et al.: Assessing dependability with software fault injection: a survey. ACM Comput. Surv. 48(3), 44–98 (2016)

    Article  Google Scholar 

  11. Zheng, P., Qi, Y., Zhou, Y., et al.: An automatic framework for detecting and characterizing performance degradation of software systems. IEEE Trans. Reliab. 63(4), 927–943 (2014)

    Article  Google Scholar 

  12. Cotroneo, D., Natella, R., Pietrantuono, R., et al.: A survey of software aging and rejuvenation studies. ACM J. Emerg. Technol. Comput. Syst. 10(1), 8–42 (2014)

    Article  Google Scholar 

  13. Hajisheykhi, R., Roohitavaf, M., Kulkarni, S.S., et al.: Bounded auditable restoration of distributed systems. IEEE Trans. Comput. 66(2), 240–255 (2017)

    MathSciNet  MATH  Google Scholar 

  14. Dubey, A., Karsai, G.: Software health management. Innov. Syst. Softw. Eng. 9(4), 217–217 (2013)

    Article  Google Scholar 

  15. Schneider, C., Barker, A., Dobson, S., et al.: A survey of self-healing systems frameworks. Softw. Pract. Exp. 45(10), 1375–1398 (2015)

    Article  Google Scholar 

  16. Peng, M., Wang, C., Li, J., et al.: Recent advances in underlay heterogeneous networks: interference control, resource allocation, and self-organization. IEEE Commun. Surv. Tutor. 17(2), 700–729 (2015)

    Article  Google Scholar 

  17. Long, F., Sidirogloudouskos, S., Rinard, M.C., et al.: Automatic runtime error repair and containment via recovery shepherding. Program. Lang. Des. Implement. 49(6), 227–238 (2014)

    Google Scholar 

  18. Sheen, S., Anitha, R., Natarajan, V., et al.: Android based malware detection using a multifeature collaborative decision fusion approach. Neurocomputing 151(3), 905–912 (2015)

    Article  Google Scholar 

  19. Arzt, S., Rasthofer, S., Fritz, C., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. Program. Lang. Des. Implement. 49(6), 259–269 (2014)

    Google Scholar 

  20. Ham, Y.J., Lee, H.-W.: Detection of malicious android mobile applications based on aggregated system call events. Int. J. Comput. Commun. Eng. 3(2), 149–154 (2014)

    Article  Google Scholar 

  21. Dijkstra, E.W.: Guarded commands, nondeterminacy and formal derivation of programs. Commun. ACM 18(8), 453–457 (1975)

    MathSciNet  Article  Google Scholar 

Download references

Acknowledgements

The authors acknowledge the Shaanxi Province Natural Science Foundation research project (Grant No. 2017JM6105) for support.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Xiaojian Liu.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Zhu, Z., Liu, X. A formal framework for software faults and permissions based on unified theory of programming. Cluster Comput 22, 14049–14059 (2019). https://doi.org/10.1007/s10586-018-2233-9

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-018-2233-9

Keywords

  • Safety
  • Security
  • Faults
  • Semantics
  • Permission
  • Android
  • Formal methods