Runtime Verification and Enforcement for Android Applications with RV-Droid

Falcone, Yliès; Currea, Sebastian; Jaber, Mohamad

doi:10.1007/978-3-642-35632-2_11

Runtime Verification and Enforcement for Android Applications with RV-Droid

Yliès Falcone¹⁸,
Sebastian Currea¹⁸ &
Mohamad Jaber¹⁸

Conference paper

1188 Accesses
22 Citations

Part of the Lecture Notes in Computer Science book series (LNPSE,volume 7687)

Abstract

RV-Droid is an implemented framework dedicated to runtime verification (RV) and runtime enforcement (RE) of Android applications. RV-Droid consists of an Android application that interacts closely with a cloud. Running RV-Droid on their devices, users can select targeted Android applications from Google Play (or a dedicated repository) and a property. The cloud hosts third-party RV tools that are used to synthesize AspectJ aspects from the property. According to the chosen RV tool and the specification, some appropriate monitoring code, the original application and the instrumentation aspect are woven together. Weaving can occur either on the user’s device or in the dedicated cloud. The woven application is then retrieved and executed on the user’s device and the property is runtime verified. RV-Droid is generic and currently works with two existing runtime verification frameworks for (pure) Java programs: with Java-MOP and (partially) with RuleR. RV-Droid does not require any modification to the Android kernel and targeted applications can be retrieved off-the-shelf. We carried out several experiments that demonstrated the effectiveness of RV-Droid on monitoring (security) properties.

This work was funded in part by the French-government Single Inter-Ministry Fund (FUI) through the IO32 project.

This is a preview of subscription content, access via your institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Google Inc.: Android developer site (2012), http://developer.android.com
Nouveau, T.: The Rise of Android Malware, TG Daily (November 2011)
Google Scholar
Enck, W., Gilbert, P., Gon Chun, B., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.: TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In: Arpaci-Dusseau, R.H., Chen, B. (eds.) OSDI, pp. 393–407. USENIX Association (2010)
Google Scholar
Bauer, A., Küster, J.-C., Vegliach, G.: Runtime Verification Meets Android Security. In: Goodloe, A.E., Person, S. (eds.) NFM 2012. LNCS, vol. 7226, pp. 174–180. Springer, Heidelberg (2012)
CrossRef Google Scholar
Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C.V., Loingtier, J.M., Irwin, J.: Aspect-oriented Programming. In: Aksit, M., Auletta, V. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220–242. Springer, Heidelberg (1997)
CrossRef Google Scholar
Falcone, Y., Currea, S.: Weave Droid: Aspect-Oriented Programming on Android Devices – Fully Embedded or in the Cloud. In: The 27th IEEE/ACM International Conference on Automated Software Engineering (to appear, 2012), ASE 2012: preprint available online
Google Scholar
Meredith, P.O., Jin, D., Griffith, D., Chen, F., Rosu, G.: An overview of the MOP runtime verification framework. STTT 14, 249–289 (2012)
CrossRef Google Scholar
Barringer, H., Rydeheard, D.E., Havelund, K.: Rule systems for run-time monitoring: from Eagle to RuleR. J. Log. Comput. 20, 675–706 (2010)
CrossRef MathSciNet MATH Google Scholar
Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX conference on Security, SEC 2011, p. 21. USENIX Association, Berkeley (2011)
Google Scholar
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Chen, Y., Danezis, G., Shmatikov, V. (eds.) ACM CCS, pp. 627–638. ACM (2011)
Google Scholar
Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: MobiSys 2011, pp. 239–252. ACM (2011)
Google Scholar
Hallé, S., Villemaire, R.: Browser-Based Enforcement of Interface Contracts in Web Applications with BeepBeep. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 648–653. Springer, Heidelberg (2009)
CrossRef Google Scholar
Colombo, C., Pace, G.J., Schneider, G.: LARVA — safer monitoring of real-time Java programs (tool paper). In: Hung, D.V., Krishnan, P. (eds.) SEFM, pp. 33–37. IEEE Computer Society (2009)
Google Scholar

Download references

Author information

Authors and Affiliations

Laboratoire d’Informatique de Grenoble, UJF Université Grenoble 1, France
Yliès Falcone, Sebastian Currea & Mohamad Jaber

Authors

Yliès Falcone
View author publications
You can also search for this author in PubMed Google Scholar
Sebastian Currea
View author publications
You can also search for this author in PubMed Google Scholar
Mohamad Jaber
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Microsoft Research, One Microsoft Way, 98052, Redmond, WA, USA
Shaz Qadeer
College of Engineering, Koc University, Rumeli Feneri Yolu, 34450, Sariyer, Istanbul, Turkey
Serdar Tasiran

Rights and permissions

Reprints and Permissions

Copyright information

About this paper

Cite this paper

Falcone, Y., Currea, S., Jaber, M. (2013). Runtime Verification and Enforcement for Android Applications with RV-Droid. In: Qadeer, S., Tasiran, S. (eds) Runtime Verification. RV 2012. Lecture Notes in Computer Science, vol 7687. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35632-2_11

Download citation

DOI: https://doi.org/10.1007/978-3-642-35632-2_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35631-5
Online ISBN: 978-3-642-35632-2
eBook Packages: Computer ScienceComputer Science (R0)