Skip to main content
SpringerLink
Log in

Verifying Android’s Permission Model

  • Conference paper
  • First Online:
Theoretical Aspects of Computing - ICTAC 2015 (ICTAC 2015)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9399))

Included in the following conference series:

Abstract

In the Android platform application security is built primarily upon a system of permissions which specify restrictions on the operations a particular process can perform. Several analyses have recently been carried out concerning the security of the Android system. Few of them, however, pay attention to the formal aspects of the permission enforcing framework. In this work we present a comprehensive formal specification of an idealized formulation of Android’s permission model and discuss several security properties that have been verified using the proof assistant Coq.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We omit the formal definition of validState due to space constraints.

  2. 2.

    In particular, ic can read/write the resource pointed by u in cp if ic has permission due to a delegation via intents.

  3. 3.

    In [20] we prove a similar result for action \(\mathtt {write}\).

References

  1. Android Developers. Android KitKat. https://developer.android.com/about/versions/kitkat.html. Accessed on August 2015

  2. Android Developers. Application Fundamentals. http://developer.android.com/guide/components/fundamentals.html. Accessed on August 2015

  3. Android Developers. Application Manifest. http://developer.android.com/guide/topics/manifest/manifest-intro.html. Accessed on August 2015

  4. Android Developers. Context. http://developer.android.com/reference/android/content/Context.html. Accessed on August 2015

  5. Android Developers. manifest. http://developer.android.com/guide/topics/manifest/manifest-element.html#uid. Accessed on August 2015

  6. Android Developers. Permissions. http://developer.android.com/guide/topics/security/permissions.html. Accessed on August 2015

  7. Android Developers. R.styleable. http://developer.android.com/reference/android/R.styleable.html. Accessed on August 2015

  8. Android Developers. Security Tips. http://developer.android.com/training/articles/security-tips.html. Accessed on August 2015

  9. Android Developers. Services. http://developer.android.com/guide/components/services.html. Accessed on August 2015

  10. Armando, A., Costa, G., Merlo, A.: Formal modeling and reasoning about the android security framework. In: 7th International Symposium on Trustworthy Global Computing (2012)

    Google Scholar 

  11. Zanella Béguelin, S., Betarte, G., Luna, C.: A formal specification of the MIDP 2.0 security model. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2006. LNCS, vol. 4691, pp. 220–234. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  12. Bertot, Y., Castran, P.: Interactive Theorem Proving and Program Development. Coq’Art: The Calculus of Inductive Constructions. Texts in theoretical computer science. Springer, Berlin (2004)

    Book  Google Scholar 

  13. Bugliesi, M., Calzavara, S., Spanò, A.: Lintent: towards security type-checking of android applications. In: Beyer, D., Boreale, M. (eds.) FORTE 2013 and FMOODS 2013. LNCS, vol. 7892, pp. 289–304. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  14. Chaudhuri, A.: Language-based security on android. In: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, PLAS 2009, pp. 1–7. ACM, New York, NY, USA (2009)

    Google Scholar 

  15. Conti, M., Nguyen, V.T.N., Crispo, B.: CRePE: context-related policy enforcement for android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilic, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 331–345. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  16. Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege escalation attacks on android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilic, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 346–360. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  17. Felt, A.P., Chin, E., Hanna, S., Dawn Song, and David Wagner. Android permissions demystified. In: Proceedings of the 18th ACM conference on Computer and communications security, CCS 2011, pages 627–638. ACM, New York, NY, USA (2011)

    Google Scholar 

  18. Felt, A.P., Wang, H.J., Moshchuk, A., Hanna, S., Chin, E.: Permission re-delegation: Attacks and defenses. In: USENIX Security Symposium. USENIX Association (2011)

    Google Scholar 

  19. Fragkaki, E., Bauer, L., Jia, L., Swasey, D.: Modeling and enhancing android’s permission system. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 1–18. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  20. GSI. Formal verification of the security model of Android: Coq code. https://www.fing.edu.uy/inco/grupos/gsi. Accessed on August 2015

  21. Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2010, pp. 328–332. ACM, New York, NY, USA (2010)

    Google Scholar 

  22. Open Handset Alliance. Android project. http://source.android.com/. Accessed on August 2015

  23. Paulin-Mohring, C.: Inductive definitions in the system Coq rules and properties. In: Bezem, M., Groote, J.F. (eds.) TLCA 1993. LNCS, vol. 664, pp. 328–345. Springer, Heidelberg (1993)

    Chapter  Google Scholar 

  24. Shin, W., Kiyomoto, S., Fukushima, K., Tanaka,T.: A formal model to analyze the permission authorization and enforcement in the android framework. In: Proceedings of the 2010 IEEE Second International Conference on Social Computing, pp. 944–951, Washington, DC, USA, 2010. IEEE Computer Society

    Google Scholar 

  25. Six, J.: Application Security for the Android Platform. O’Reilly Media, San Francisco (2011)

    Google Scholar 

  26. Team, The Coq Development: The Coq Proof Assistant Reference Manual - Version V8, 4 (2012)

    Google Scholar 

Download references

Acknowledgments

Work partially funded by project ANII-Clemente Estable FCE_1_2014_1_103803: Mecanismos autónomos de seguridad certificados para sistemas computacionales móviles.

Author information

Authors and Affiliations

  1. InCo, Facultad de Ingeniería, Universidad de la República, Montevideo, Uruguay

    Gustavo Betarte, Juan Diego Campo & Carlos Luna

  2. FCEIA, Universidad Nacional de Rosario, Rosario, Argentina

    Agustín Romano

Authors
  1. Gustavo Betarte
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Juan Diego Campo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Carlos Luna
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Agustín Romano
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Carlos Luna .

Editor information

Editors and Affiliations

  1. University of Lübeck, Lübeck, Schleswig-Holstein, Germany

    Martin Leucker

  2. Pontificia Universidad Javeriana-Cali, Cali, Colombia

    Camilo Rueda

  3. Pontificia Universidad Javeriana-Cali, CNRS LIX École Polytechnique de Paris, Palaiseau Cedex, France

    Frank D. Valencia

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Betarte, G., Campo, J.D., Luna, C., Romano, A. (2015). Verifying Android’s Permission Model. In: Leucker, M., Rueda, C., Valencia, F. (eds) Theoretical Aspects of Computing - ICTAC 2015. ICTAC 2015. Lecture Notes in Computer Science(), vol 9399. Springer, Cham. https://doi.org/10.1007/978-3-319-25150-9_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25150-9_28

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25149-3

  • Online ISBN: 978-3-319-25150-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation