Runtime Verification and Enforcement for Android Applications with RV-Droid

  • Yliès Falcone
  • Sebastian Currea
  • Mohamad Jaber
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7687)


RV-Droid is an implemented framework dedicated to runtime verification (RV) and runtime enforcement (RE) of Android applications. RV-Droid consists of an Android application that interacts closely with a cloud. Running RV-Droid on their devices, users can select targeted Android applications from Google Play (or a dedicated repository) and a property. The cloud hosts third-party RV tools that are used to synthesize AspectJ aspects from the property. According to the chosen RV tool and the specification, some appropriate monitoring code, the original application and the instrumentation aspect are woven together. Weaving can occur either on the user’s device or in the dedicated cloud. The woven application is then retrieved and executed on the user’s device and the property is runtime verified. RV-Droid is generic and currently works with two existing runtime verification frameworks for (pure) Java programs: with Java-MOP and (partially) with RuleR. RV-Droid does not require any modification to the Android kernel and targeted applications can be retrieved off-the-shelf. We carried out several experiments that demonstrated the effectiveness of RV-Droid on monitoring (security) properties.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Google Inc.: Android developer site (2012),
  2. 2.
    Nouveau, T.: The Rise of Android Malware, TG Daily (November 2011)Google Scholar
  3. 3.
    Enck, W., Gilbert, P., Gon Chun, B., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.: TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In: Arpaci-Dusseau, R.H., Chen, B. (eds.) OSDI, pp. 393–407. USENIX Association (2010)Google Scholar
  4. 4.
    Bauer, A., Küster, J.-C., Vegliach, G.: Runtime Verification Meets Android Security. In: Goodloe, A.E., Person, S. (eds.) NFM 2012. LNCS, vol. 7226, pp. 174–180. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  5. 5.
    Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C.V., Loingtier, J.M., Irwin, J.: Aspect-oriented Programming. In: Aksit, M., Auletta, V. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220–242. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  6. 6.
    Falcone, Y., Currea, S.: Weave Droid: Aspect-Oriented Programming on Android Devices – Fully Embedded or in the Cloud. In: The 27th IEEE/ACM International Conference on Automated Software Engineering (to appear, 2012), ASE 2012: preprint available onlineGoogle Scholar
  7. 7.
    Meredith, P.O., Jin, D., Griffith, D., Chen, F., Rosu, G.: An overview of the MOP runtime verification framework. STTT 14, 249–289 (2012)CrossRefGoogle Scholar
  8. 8.
    Barringer, H., Rydeheard, D.E., Havelund, K.: Rule systems for run-time monitoring: from Eagle to RuleR. J. Log. Comput. 20, 675–706 (2010)MathSciNetzbMATHCrossRefGoogle Scholar
  9. 9.
    Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX conference on Security, SEC 2011, p. 21. USENIX Association, Berkeley (2011)Google Scholar
  10. 10.
    Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Chen, Y., Danezis, G., Shmatikov, V. (eds.) ACM CCS, pp. 627–638. ACM (2011)Google Scholar
  11. 11.
    Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: MobiSys 2011, pp. 239–252. ACM (2011)Google Scholar
  12. 12.
    Hallé, S., Villemaire, R.: Browser-Based Enforcement of Interface Contracts in Web Applications with BeepBeep. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 648–653. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Colombo, C., Pace, G.J., Schneider, G.: LARVA — safer monitoring of real-time Java programs (tool paper). In: Hung, D.V., Krishnan, P. (eds.) SEFM, pp. 33–37. IEEE Computer Society (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Yliès Falcone
    • 1
  • Sebastian Currea
    • 1
  • Mohamad Jaber
    • 1
  1. 1.Laboratoire d’Informatique de GrenobleUJF Université Grenoble 1France

Personalised recommendations