Runtime Verification Meets Android Security

  • Andreas Bauer
  • Jan-Christoph Küster
  • Gil Vegliach
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7226)

Abstract

A dynamic security mechanism for Android-powered devices based on runtime verification is introduced, which lets users monitor the behaviour of installed applications. The general idea and a prototypical implementation are outlined, an application to real-world security threats shown, and the underlying logical foundations, relating to the employed specification formalism, sketched.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bauer, A., Leucker, M., Schallhart, C.: Runtime verification for LTL and TLTL. ACM Trans. Softw. Eng. Methodol. (TOSEM) 20(4), 14 (2011)CrossRefGoogle Scholar
  2. 2.
    Bose, A., Hu, X., Shin, K.G., Park, T.: Behavioral detection of malware on mobile handsets. In: Proc. 6th Int. Conf. Mobile Systems, Applications, and Services (MobiSys), pp. 225–238. ACM (2008)Google Scholar
  3. 3.
    Chen, F., Roşu, G.: Java-MOP: A Monitoring Oriented Programming Environment for Java. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 546–550. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proc. 9th USENIX Symp. on OS Design and Implementation (OSDI). USENIX (2010)Google Scholar
  5. 5.
    Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proc. 18th ACM Conf. Comp. and Comm. Security (CCS), pp. 627–638. ACM (2011)Google Scholar
  6. 6.
    Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions. In: Proc. 2nd USENIX Conf. on Web Application Development, pp. 7–19. USENIX (2011)Google Scholar
  7. 7.
    Goldberg, A., Havelund, K., Mcgann, C.: Runtime verification for autonomous spacecraft software. In: IEEE 2005 Aerospace Conference (IEEEAC), pp. 507–516. IEEE (2005)Google Scholar
  8. 8.
    Google Inc., Android development site, http://developer.android.com/
  9. 9.
  10. 10.
    Jacob, G., Debar, H., Filiol, E.: Behavioral detection of malware: from a survey towards an established taxonomy. Journal in Computer Virology 4(3), 251–266 (2008)CrossRefGoogle Scholar
  11. 11.
    Leyden, J.: First SMS Trojan for Android is in the wild. Web site, The Register (August 2010)Google Scholar
  12. 12.
    Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in Android. In: Proc. Annual Comp. Sec. Applications Conference (ACSAC), pp. 340–349. IEEE (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Andreas Bauer
    • 1
    • 2
  • Jan-Christoph Küster
    • 1
    • 2
  • Gil Vegliach
    • 1
  1. 1.NICTA Software Systems Research GroupAustralia
  2. 2.The Australian National UniversityAustralia

Personalised recommendations