A formal approach for detection of security flaws in the android permission system

被引：37

作者：

Bagheri, Hamid ^{[1
]}

Kang, Eunsuk ^{[2
]}

Malek, Sam ^{[3
]}

Jackson, Daniel ^{[2
]}

机构：

[1] Univ Nebraska, Dept Comp Sci & Engn, Lincoln, NE 68588 USA

[2] MIT, Comp Sci & Artificial Intelligence Lab, 77 Massachusetts Ave, Cambridge, MA 02139 USA

[3] Univ Calif Irvine, Sch Informat & Comp Sci, Irvine, CA USA

来源：

FORMAL ASPECTS OF COMPUTING | 2018年 / 30卷 / 05期

基金：

美国国家科学基金会;

关键词：

Android; Permission protocol; Alloy; Verification;

D O I：

10.1007/s00165-017-0445-z

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

The ever increasing expansion of mobile applications into nearly every aspect of modern life, from banking to healthcare systems, is making their security more important than ever. Modern smartphone operating systems (OS) rely substantially on the permission-based security model to enforce restrictions on the operations that each application can perform. In this paper, we perform an analysis of the permission protocol implemented in Android, a popular OS for smartphones. We propose a formal model of the Android permission protocol in Alloy, and describe a fully automatic analysis that identifies potential flaws in the protocol. A study of real-world Android applications corroborates our finding that the flaws in the Android permission protocol can have severe security implications, in some cases allowing the attacker to bypass the permission checks entirely.

引用

页码：525 / 544

页数：20

共 50 条

[1] Detection of Design Flaws in the Android Permission Protocol Through Bounded Verification
Bagheri, Hamid
Kang, Eunsuk
Malek, Sam
Jackson, Daniel
[J]. FM 2015: FORMAL METHODS, 2015, 9109 : 73 - 89
[2] Towards Formal Analysis of the Permission-based Security Model for Android
Shin, Wook
Kiyomoto, Shinsaku
Fukushima, Kazuhide
Tanaka, Toshiaki
[J]. ICWMC: 2009 FIFTH INTERNATIONAL CONFERENCE ON WIRELESS AND MOBILE COMMUNICATIONS, 2009, : 87 - 92
[3] Formal Analysis of Android's Permission-Based Security Model
Betarte, Gustavo
Campo, Juan
Luna, Carlos
Romano, Agustin
[J]. SCIENTIFIC ANNALS OF COMPUTER SCIENCE, 2016, 26 (01) : 27 - 68
[4] Permission based detection system for android malware
Utku A.
Doǧru I.A.
[J]. Utku, Anil (anilutku@gazi.edu.tr), 1600, Gazi Universitesi (32): : 1015 - 1024
[5] Permission based detection system for android malware
Utku, Anil
Dogru, Ibrahim Alper
[J]. JOURNAL OF THE FACULTY OF ENGINEERING AND ARCHITECTURE OF GAZI UNIVERSITY, 2017, 32 (04): : 1015 - 1024
[6] Android Security: Permission Based Attacks
Jain, Arushi
Prachi
[J]. PROCEEDINGS OF THE 10TH INDIACOM - 2016 3RD INTERNATIONAL CONFERENCE ON COMPUTING FOR SUSTAINABLE GLOBAL DEVELOPMENT, 2016, : 2754 - 2759
[7] Enhancing android application security: A novel approach using DroidXGB for malware detection based on permission analysis
Kumar, Pawan
Singh, Sukhdip
[J]. SECURITY AND PRIVACY, 2024, 7 (02)
[8] RETRACTED ARTICLE: A novel permission ranking system for android malware detection—the permission grader
Varna Priya Dharmalingam
Visalakshi Palanisamy
[J]. Journal of Ambient Intelligence and Humanized Computing, 2021, 12 : 5071 - 5081
[9] Retraction Note to: A novel permission ranking system for android malware detection—the permission grader
Varna Priya Dharmalingam
Visalakshi Palanisamy
[J]. Journal of Ambient Intelligence and Humanized Computing, 2023, 14 (Suppl 1) : 105 - 105
[10] Permission based Android security: Issues and countermeasures
Fang, Zheran
Han, Weili
Li, Yingjiu
[J]. COMPUTERS & SECURITY, 2014, 43 : 205 - 218

← 1 2 3 4 5 →