Abstract
The rapid development of Android devices brings the increase of security requirements, especially for access control. Recently, many enhancements have been put forward towards the Android permission mechanism. However, few researches focus on the formalization and verification of security schemes. In this paper, we propose a formal Android permission model based on the B method, describing mechanism specifications and proving security properties. All model components are type checked by AtelierB, with 87% (154 out of 178) of generated proof obligations proved yet. The model is fully animated and checked by ProB. The results show that all specifications are well-defined without any deadlock and invariant violation. The proposed B model is for not only security analysis, but also system animation and extension. It presents a feasible approach to specify and verify the security scheme in the embedded system, which is able to translate into executable codes and implement practical module as well.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The value of a state variable is displayed in italic front in this paper.
References
Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege escalation attacks on Android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 346–360. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-18178-8_30
Shin, W., Kiyomoto, S. Fukushima, K., Tanaka, T.: A formal model to analyze the permission authorization and enforcement in the Android framework. In: IEEE Second International Conference on Social Computing, pp. 944–951. IEEE Computer Society, Washington, DC, USA (2010). https://doi.org/10.1109/SocialCom.2010.140
Betarte, G., Campo, J.D., Luna, C., Romano, A.: Verifying Android’s permission model. In: Leucker, M., Rueda, C., Valencia, F.D. (eds.) ICTAC 2015. LNCS, vol. 9399, pp. 485–504. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25150-9_28
Fragkaki, E., Bauer, L., Jia, L., Swasey, D.: Modeling and enhancing Android’s permission system. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 1–18. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33167-1_1
Android Developers: https://developer.android.com/guide/platform/index.html. Accessed 27 June 2017
Android Permission: https://developer.android.com/guide/topics/security/permissions.html. Accessed 27 June 2017
Abrial, J.R.: The B-book: Assigning Programs to Meanings. Cambridge University Press, Cambridge (1996)
Presentation of the B method | Méthode B: http://www.methode-b.com/en/b-method/. Accessed 01 Jul 2017
The ProB Animator and Modelchecker: https://www3.hhu.de/stups/prob/. Accessed 01 Jul 2017
Hoffmann, S., Haugou, G., Gabriele, S., Burdy, L.: The B-Method for the construction of microkernel-based systems. In: Julliand, J., Kouchnarenko, O. (eds.) B 2007. LNCS, vol. 4355, pp. 257–259. Springer, Heidelberg (2006). https://doi.org/10.1007/11955757_23
Chen, D., Sun, Y., Chen, Z.: A Formal Specification in B of an Operating System. Open Cybern. Syst. J. 9(1), 1125–1129 (2015). https://doi.org/10.2174/1874110X01509011125
Acknowledgments
Thanks to project supported by the National Natural Science Foundation of China (No. 61572516).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Ren, L., Chang, R., Yin, Q., Man, Y. (2017). A Formal Android Permission Model Based on the B Method. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10656. Springer, Cham. https://doi.org/10.1007/978-3-319-72389-1_31
Download citation
DOI: https://doi.org/10.1007/978-3-319-72389-1_31
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72388-4
Online ISBN: 978-3-319-72389-1
eBook Packages: Computer ScienceComputer Science (R0)