Software Model Checking for Mobile Security – Collusion Detection in \(\mathbb {K}\)

  • Irina Măriuca Asăvoae
  • Hoang Nga Nguyen
  • Markus RoggenbachEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10869)


Mobile devices pose a particular security risk because they hold personal details and have capabilities potentially exploitable for eavesdropping. The Android operating system is designed with a number of built-in security features such as application sandboxing and permission-based access control. Unfortunately, these restrictions can be bypassed, without the user noticing, by colluding apps whose combined permissions allow them to carry out attacks that neither app is able to execute by itself. In this paper, we develop a software model-checking approach within the \(\mathbb {K}\) framework that is capable to detect collusion. This involves giving an abstract, formal semantics to Android applications and proving that the applied abstraction principles lead to a finite state space.


Mobile-security Android Model-checking \(\mathbb {K}\)-framework 



We would like to thank our colleagues and friends Magne Haveraaen, Alexander Knapp, and Bernd-Holger Schlingloff who commented on early drafts and helped us shape this paper; a special thanks goes to Erwin R. Catesbeijana (Jr.) for pointing out that not all inter app communication leads to collusion.


  1. 1.
    Android API reference. Accessed 01 May 2018
  2. 2.
  3. 3.
    Alam, M.I., Halder, R., Goswami, H., Pinto, J.S.: K-taint: an executable rewriting logic semantics for taint analysis in the k-framework. In: ENASE, pp. 359–366. SciTePress (2018)Google Scholar
  4. 4.
    Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Traon, Y.L., Octeau, D., McDaniel, P.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: PLDI 2014, p. 29. ACM (2014)Google Scholar
  5. 5.
    Asavoae, I.M., Blasco, J., Chen, T.M., Kalutarage, H.K., Muttik, I., Nguyen, H.N., Roggenbach, M., Shaikh, S.A.: Detecting malicious collusion between mobile software applications: the Android\(^{TM}\) case. In: Carrascosa, I.P., Kalutarage, H.K., Huang, Y. (eds.) Data Analytics and Decision Support for Cybersecurity. Springer, Cham (2017). Scholar
  6. 6.
    Asavoae, I.M., Blasco, J., Chen, T.M., Kalutarage, H.K., Muttik, I., Nguyen, H.N., Roggenbach, M., Shaikh, S.A.: Distinguishing between malicious app collusion and benign app collaboration: a machine learning approach. Virus Bulletin (2018)Google Scholar
  7. 7.
    Asavoae, I.M., Nguyen, H.N., Roggenbach, M., Shaikh, S.A.: Utilising \(\mathbb{K}\) semantics for collusion detection in Android applications. In: ter Beek, M.H., Gnesi, S., Knapp, A. (eds.) FMICS-AVoCS 2016, pp. 142–149 (2016)Google Scholar
  8. 8.
    Asavoae, I.M., Nguyen, H.N., Roggenbach, M., Shaikh, S.A.: Software model checking: a promising approach to verify mobile app security. CoRR abs/1706.04741 (2017).
  9. 9.
    Beyer, D., Gulwani, S., Schmidt, D.: Combining model checking and data-flow analysis. In: Clarke, E.M., Henzinger, T.A., Veith, H. (eds.) Handbook on Model Checking. Springer, Cham (2018). Scholar
  10. 10.
    Biere, A., Cimatti, A., Clarke, E., Zhu, Y.: Symbolic model checking without BDDs. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol. 1579, pp. 193–207. Springer, Heidelberg (1999). Scholar
  11. 11.
    Blasco, J., Chen, T.M., Muttik, I., Roggenbach, M.: Detection of app collusion potential using logic programming. J. Netw. Comput. Appl. 105, 88–104 (2018). Scholar
  12. 12.
    Blasco, J., Muttik, I., Roggenbach, M.: Wild android collusions (2016).
  13. 13.
    Bogdănaş, D., Roşu, G.: K-Java: a complete semantics of Java. In: POPL 2015. ACM (2015)CrossRefGoogle Scholar
  14. 14.
    Bugiel, S., Davi, L., Dmitrienko, A., Heuser, S., Sadeghi, A.R., Shastry, B.: Practical and lightweight domain isolation on Android. In: SPSM 2011. ACM (2011)Google Scholar
  15. 15.
    Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350. Springer, Heidelberg (2007). Scholar
  16. 16.
    Şerbănuţă, T.F., Roşu, G.: K-Maude: a rewriting based tool for semantics of programming languages. In: Ölveczky, P.C. (ed.) WRLA 2010. LNCS, vol. 6381, pp. 104–122. Springer, Heidelberg (2010). Scholar
  17. 17.
    Dicker, C.: Android security: delusion to collusion. B.Sc. dissertation, Swansea University (2015)Google Scholar
  18. 18.
    Hathhorn, C., Ellison, C., Roşu, G.: Defining the undefinedness of C. In: PLDI 2015. ACM (2015)Google Scholar
  19. 19.
    Kalutarage, H.K., Nguyen, H.N., Shaikh, S.A.: Towards a threat assessment framework for apps collusion. Telecommun. Syst. 66(3), 417–430 (2017). Scholar
  20. 20.
    Kovacs, E.: Malware abuses Android accessibility feature to steal data (2015).
  21. 21.
    Leroy, X.: Formal verification of a realistic compiler. Commun. ACM 52(7), 107–115 (2009)CrossRefGoogle Scholar
  22. 22.
    Li, L., Bartel, A., Bissyandé, T.F., Klein, J., Le Traon, Y.: ApkCombiner: combining multiple android apps to support inter-app analysis. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IAICT, vol. 455, pp. 513–527. Springer, Cham (2015). Scholar
  23. 23.
    Lipovsky, R.: ESET analyzes first Android file-encrypting, TOR-enabled ransomware (2014).
  24. 24.
    Lunden, I.: 6.1B Smartphone Users Globally By 2020, Overtaking Basic Fixed Phone Subscriptions. Accessed 10 Nov 2015
  25. 25.
    Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer, Heidelberg (1999). Scholar
  26. 26.
    Octeau, D., Luchaup, D., Dering, M., Jha, S., McDaniel, P.: Composite constant propagation: application to Android inter-component communication analysis. In: ICSE 2015. IEEE Computer Society (2015)Google Scholar
  27. 27.
    Octeau, D., Luchaup, D., Jha, S., McDaniel, P.D.: Composite constant propagation and its application to Android program analysis. IEEE Trans. Softw. Eng. 42(11), 999–1014 (2016)CrossRefGoogle Scholar
  28. 28.
    Octeau, D., McDaniel, P., Jha, S., Bartel, A., Bodden, E., Klein, J., Traon, Y.L.: Effective inter-component communication mapping in Android: an essential step towards holistic security analysis. In: Security Symposium. USENIX Association (2013)Google Scholar
  29. 29.
    Page, C.: MKero: Android malware secretly subscribes victims to premium SMS services (2015).
  30. 30.
    Ravitch, T., Creswick, E.R., Tomb, A., Foltzer, A., Elliott, T., Casburn, L.: Multi-app security analysis with FUSE: statically detecting Android app collusion. In: ACSAC 2014. ACM (2014)Google Scholar
  31. 31.
    Roşu, G.: From rewriting logic, to programming language semantics, to program verification. In: Martí-Oliet, N., Ölveczky, P.C., Talcott, C. (eds.) Logic, Rewriting, and Concurrency. LNCS, vol. 9200, pp. 598–616. Springer, Cham (2015). Scholar
  32. 32.
    Roşu, G.: Matching logic. In: RTA 2015. LIPIcs, vol. 36, pp. 5–21. SchlossDagstuhl–Leibniz-Zentrum fuer Informatik, July 2015Google Scholar
  33. 33.
    Roşu, G., Şerbănuţă, T.F.: An overview of the K semantic framework. J. Logic Algebraic Program. 79(6), 397–434 (2010)MathSciNetCrossRefGoogle Scholar
  34. 34.
    Schlegel, R., Zhang, K., Zhou, X.y., Intwala, M., Kapadia, A., Wang, X.: Soundcomber: a stealthy and context-aware sound Trojan for smartphones. In: NDSS, vol. 11, pp. 17–33 (2011)Google Scholar
  35. 35.
    Suarez-Tangil, G., Tapiador, J.E., Peris-Lopez, P., Ribagorda, A.: Evolution, detection and analysis of malware for smart devices. IEEE Commun. Surv. Tutor. 16(2), 961–987 (2014)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Irina Măriuca Asăvoae
    • 1
  • Hoang Nga Nguyen
    • 2
  • Markus Roggenbach
    • 1
    Email author
  1. 1.Swansea UniversitySwanseaUK
  2. 2.Coventry UniversityCoventryUK

Personalised recommendations