Architecture Modeling and Analysis of Security in Android Systems

  • Bradley Schmerl
  • Jeff Gennari
  • Alireza Sadeghi
  • Hamid Bagheri
  • Sam Malek
  • Javier Cámara
  • David Garlan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9839)


Software architecture modeling is important for analyzing system quality attributes, particularly security. However, such analyses often assume that the architecture is completely known in advance. In many modern domains, especially those that use plugin-based frameworks, it is not possible to have such a complete model because the software system continuously changes. The Android mobile operating system is one such framework, where users can install and uninstall apps at run time. We need ways to model and analyze such architectures that strike a balance between supporting the dynamism of the underlying platforms and enabling analysis, particularly throughout a system’s lifetime. In this paper, we describe a formal architecture style that captures the modifiable architectures of Android systems, and that supports security analysis as a system evolves. We illustrate the use of the style with two security analyses: a predicate-based approach defined over architectural structure that can detect some common security vulnerabilities, and inter-app permission leakage determined by model checking. We also show how the evolving architecture of an Android device can be obtained by analysis of the apps on a device, and provide some performance evaluation that indicates that the architecture can be amenable for use throughout the system’s lifetime.


Security Analysis Security Property Content Provider Architecture Style Security Vulnerability 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This work is supported in part by awards H98230-14-C-0140 from the National Security Agency, CCF-1252644 from the National Science Foundation, FA95501610030 from the Air Force Office of Scientific Research, and HSHQDC-14-C-B0040 from the Department of Homeland Security. The views and conclusions contained herein are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the National Security Agency or the U.S. government.


  1. 1.
    Abi-Antoun, M., Barnes, J.M.: Analyzing security architectures. In: Proceedings of the IEEE/ACM International Conference on Automated Software Engineering, ASE 2010, pp. 3–12. ACM, New York (2010)Google Scholar
  2. 2.
    Almorsy, M., Grundy, J., Ibrahim, A.S.: Automated software architecture security risk analysis using formalized signatures. In: 2013 35th International Conference on Software Engineering (ICSE), pp. 662–671, May 2013Google Scholar
  3. 3.
    Bagheri, H., Garcia, J., Sadeghi, A., Malek, S., Medvidovic, N.: Software architectural principles in contemporary mobile software: from conception to practice. J. Syst. Softw. 119, 31–44 (2016)CrossRefGoogle Scholar
  4. 4.
    Bagheri, H., Kang, E., Malek, S., Jackson, D.: Detection of design flaws in the Android permission protocol through bounded verification. In: Bjørner, N., de Boer, F. (eds.) FM 2015. LNCS, vol. 9109, pp. 73–89. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-19249-9_6 CrossRefGoogle Scholar
  5. 5.
    Bagheri, H., Kang, E., Malek, S., Jackson, D.: A formal approach for detection of security flaws in the Android permission system. Formal Aspects Comput. (2016)Google Scholar
  6. 6.
    Bagheri, H., Sadeghi, A., Garcia, J., Malek, S.: COVERT: compositional analysis of Android inter-app permission leakage. IEEE Trans. Software Eng. 41(9), 866–886 (2015)CrossRefGoogle Scholar
  7. 7.
    Bagheri, H., Sadeghi, A., Jabbarvand, R., Malek, S.: Practical, formal synthesis and automatic enforcement of security policies for Android. In: Proceedings of the 46th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 514–525 (2016)Google Scholar
  8. 8.
    Bodei, C., Degano, P., Nielson, F., Nelson, H.R.: Security analysis using flow logics. In: Current Trends in Theoretical Computer Science, pp. 525–542. World Scientific (2000)Google Scholar
  9. 9.
    Cheng, S.-W.: Rainbow: cost-effective software architecture-based self-aaptation. PhD thesis, Carnegie Mellon University, Institute for Software Research Technical Report CMU-ISR-08-113, May 2008Google Scholar
  10. 10.
    Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, MobiSys 2011, pp. 239–252. ACM, New York (2011)Google Scholar
  11. 11.
    Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege escalation attacks on Android. In: Proceedings of the 13th International Conference on Information Security (ISC) (2010)Google Scholar
  12. 12.
    Deng, Y., Wang, J., Tsai, J.J.P., Beznosov, K.: An approach for modeling, analysis of security system architectures. IEEE Trans. Knowl., Data Eng. 15(5), 1099–1119 (2003)CrossRefGoogle Scholar
  13. 13.
    Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20(7), 504–513 (1977)CrossRefzbMATHGoogle Scholar
  15. 15.
    Fernandez, E.B., Larrondo-Petrie, M.M., Sorgente, T., Vannhist, M.: A methodology to develop secure systems using patterns. In: Integrating Security and Software Engineering: Advances and Future Visions. Idea Group Inc. (2007)Google Scholar
  16. 16.
    Garg, K., Garlan, D., Schmerl, B.: Architecture based information flow analysis for software security (2008).
  17. 17.
    Garlan, D., Cheng, S.-W., Huang, A.-C., Schmerl, B., Steenkiste, P.: Rainbow: Architecture-based self adaptation with reusable infrastructure. IEEE Comput. 37(10), 46–54 (2004)CrossRefGoogle Scholar
  18. 18.
    Garlan, D., Monroe, R.T., Wile, D.: Acme: architectural description of component-based systems. In: Foundations of Component-Based Systems, pp. 47–67. Cambridge University Press, New York (2000)Google Scholar
  19. 19.
    Jackson, D., Abstractions, S.: Logic, Language, and Analysis, 2nd edn. MIT Press, London (2012)Google Scholar
  20. 20.
    Ren, J., Taylor, R.: A secure software architecture description language. In: Workshop on Software Security Assurance Tools, Techniques, and Metrics, pp. 82–89 (2005)Google Scholar
  21. 21.
    Sadeghi, A., Bagheri, H., Malek, S.: Analysis of Android inter-app security vulnerabilities using COVERT. In: Proceedings of the 37th International Conference on Software Engineering, ICSE 2015, vol. 2, pp. 725–728. IEEE Press, Piscataway (2015)Google Scholar
  22. 22.
    Shaw, M., Garlan, D.: Software Architecture: Perspectives on and Emerging Discipline. Prentice Hall, Englewood Cliffs, NJ (1996)zbMATHGoogle Scholar
  23. 23.
    Swiderski, F., Snyder, W.: Threat Modeling. Microsoft Press, Redmond (2004)Google Scholar
  24. 24.
    Vallée-Rai, R., Co, P., Gagnon, E., Hendren, L., Lam, P., Sundaresan, V.: Soot-a Java bytecode optimization framework. In: Proceedings of the Conference of the Centre for Advanced Studies on Collaborative Research, p. 13. IBM Press (1999)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Bradley Schmerl
    • 1
  • Jeff Gennari
    • 1
  • Alireza Sadeghi
    • 2
  • Hamid Bagheri
    • 3
  • Sam Malek
    • 2
  • Javier Cámara
    • 1
  • David Garlan
    • 1
  1. 1.Institute for Software ResearchCarnegie Mellon UniversityPittsburghUSA
  2. 2.School of Information and Computer SciencesUniversity of CaliforniaIrvineUSA
  3. 3.Department of Computer Science and EngineeringUniversity of NebraskaLincolnUSA

Personalised recommendations