Runtime Verification and Enforcement for Android Applications with RV-Droid
RV-Droid is an implemented framework dedicated to runtime verification (RV) and runtime enforcement (RE) of Android applications. RV-Droid consists of an Android application that interacts closely with a cloud. Running RV-Droid on their devices, users can select targeted Android applications from Google Play (or a dedicated repository) and a property. The cloud hosts third-party RV tools that are used to synthesize AspectJ aspects from the property. According to the chosen RV tool and the specification, some appropriate monitoring code, the original application and the instrumentation aspect are woven together. Weaving can occur either on the user’s device or in the dedicated cloud. The woven application is then retrieved and executed on the user’s device and the property is runtime verified. RV-Droid is generic and currently works with two existing runtime verification frameworks for (pure) Java programs: with Java-MOP and (partially) with RuleR. RV-Droid does not require any modification to the Android kernel and targeted applications can be retrieved off-the-shelf. We carried out several experiments that demonstrated the effectiveness of RV-Droid on monitoring (security) properties.
Unable to display preview. Download preview PDF.
- 1.Google Inc.: Android developer site (2012), http://developer.android.com
- 2.Nouveau, T.: The Rise of Android Malware, TG Daily (November 2011)Google Scholar
- 3.Enck, W., Gilbert, P., Gon Chun, B., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.: TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In: Arpaci-Dusseau, R.H., Chen, B. (eds.) OSDI, pp. 393–407. USENIX Association (2010)Google Scholar
- 6.Falcone, Y., Currea, S.: Weave Droid: Aspect-Oriented Programming on Android Devices – Fully Embedded or in the Cloud. In: The 27th IEEE/ACM International Conference on Automated Software Engineering (to appear, 2012), ASE 2012: preprint available onlineGoogle Scholar
- 9.Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX conference on Security, SEC 2011, p. 21. USENIX Association, Berkeley (2011)Google Scholar
- 10.Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Chen, Y., Danezis, G., Shmatikov, V. (eds.) ACM CCS, pp. 627–638. ACM (2011)Google Scholar
- 11.Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: MobiSys 2011, pp. 239–252. ACM (2011)Google Scholar
- 13.Colombo, C., Pace, G.J., Schneider, G.: LARVA — safer monitoring of real-time Java programs (tool paper). In: Hung, D.V., Krishnan, P. (eds.) SEFM, pp. 33–37. IEEE Computer Society (2009)Google Scholar