Formal Analysis of Android's Permission-Based Security Model

G. Betarte; J. Campo; C. Luna; A. Romano

doi:10.7561/SACS.2016.1.27

Scientific Annals of Computer Science (Jun 2016)

Formal Analysis of Android's Permission-Based Security Model

G. Betarte,
J. Campo,
C. Luna,
A. Romano

Affiliations

G. Betarte
J. Campo
C. Luna
A. Romano

DOI: https://doi.org/10.7561/SACS.2016.1.27
Journal volume & issue: Vol. XXVI, no. 1
pp. 27 – 68

Abstract

Read online

In this work we present a comprehensive formal specification of an idealized formulation of Android?s permission model. Permissions in Android are basically tags that developers declare in their applications, more precisely in the so-called application manifest, to gain access to sensitive resources. Several analyses have recently been carried out concerning the security of the Android system. Few of them, however, pay attention to the formal aspects of the permission enforcing framework. We provide a complete and uniform formulation of several security properties using the higher order logic of the Calculus of Inductive Constructions and sketch the proofs that have been developed and verified using the Coq proof assistant. We also analyze how the changes introduced in the latest version of Android, that allows to manage permissions at runtime, impact the presented model.

Published in Scientific Annals of Computer Science

ISSN: 1843-8121 (Print); 2248-2695 (Online)
Publisher: Alexandru Ioan Cuza University of Iasi
Country of publisher: Romania
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: https://www.info.uaic.ro/en/scientific-annals-of-computer-science/about/

About the journal