Abstract
In this paper, we survey the problem of mobile security. Therefore, we introduce a formal technique allowing the enforcement of security policy on this parallel system. The main idea was to give the end-user the possibility to choose his mobile security level and to control it by choosing a risk level. So we adapted this notion to the syntax as well as the semantic of the used languages. We use an extended version of process algebra ACP (Algebra of Communicating Process) to specify the program and we define a logic that goes well with this language, to specify security policy. An example is given at the end to illustrate the approach and apply it with a real Android application from Google Play.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Johnson, R., Wang, Z., Gagnon, C., Stavrou, A.: Analysis of Android Applications’ Permissions, Software Security and Reliability Companion (SERE-C). In: Software Security and Reliability Companion (SERE-C), pp. 45–46 (2012)
Baeten, J.C.M.: A brief history of process algebra. Theoretical Computer Science 335, 131–146 (2005)
Langar, M., Mejri, M.: Optimized enforcement of security policies. Foundations of Computer Security, 37–42 (2005)
Langar, M., Mejri, M., Adi, K.: Formal enforcement of security policies on concurrent systems. Journal of Symbolic Computation 46, 997–1016 (2011)
Jay, L., Lujo, B., David, W.: Edit automata: Enforcement mechanisms for run-time security policies. International Journal of Information Security 4, 2–16 (2011)
Khoury, R., Tawbi, N.: Corrective enforcement of security policies. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 176–190. Springer, Heidelberg (2011)
Ould-Slimane, H., Mejri, M., Adi, K.: Using edit automata for rewriting-based security enforcement. In: Gudes, E., Vaidya, J. (eds.) Data and Applications Security XXIII. LNCS, vol. 5645, pp. 175–190. Springer, Heidelberg (2009)
Chabot, H., Khoury, R., Tawbi, N.: Extending the enforcement power of truncation monitors using static analysis. Computers & Security 30, 194–207 (2011)
Schneider, F.B.: Enforceable Security Policies. ACM Trans. Inf. Syst. Secur. 3, 30–50 (2000)
Sui, G., Mejri, M.: FASER Formal and Automatic Security Enforcement by Rewriting by BPA Algebra with Test. Int. J. Grid Util. Comput. 4, 204–211 (2013)
Mejri, M., Fujita, H.: Enforcing Security Policies Using Algebraic Approach. New Trends in Software Methodologies, Tools and Techniques 182, 84–98 (2008)
Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: Behavior-based Malware Detection System for Android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, vol. 12, pp. 15–26 (2011)
Permission. Android Developer -API Guides- Android Manifest, http://developer.android.com/guide/topics/manifest/permission-element.html
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Ziadia, M., Mejri, M. (2015). Formal Enforcement of Security Policies on Parallel Systems with Risk Integration. In: El Hajji, S., Nitaj, A., Carlet, C., Souidi, E. (eds) Codes, Cryptology, and Information Security. C2SI 2015. Lecture Notes in Computer Science(), vol 9084. Springer, Cham. https://doi.org/10.1007/978-3-319-18681-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-18681-8_11
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-18680-1
Online ISBN: 978-3-319-18681-8
eBook Packages: Computer ScienceComputer Science (R0)