A Formal Android Permission Model Based on the B Method

Ren, Lu; Chang, Rui; Yin, Qing; Man, Yujia

doi:10.1007/978-3-319-72389-1_31

Lu Ren¹⁷,
Rui Chang¹⁷,
Qing Yin¹⁷ &
…
Yujia Man¹⁷

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10656))

Included in the following conference series:

International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage

1687 Accesses
1 Citations

Abstract

The rapid development of Android devices brings the increase of security requirements, especially for access control. Recently, many enhancements have been put forward towards the Android permission mechanism. However, few researches focus on the formalization and verification of security schemes. In this paper, we propose a formal Android permission model based on the B method, describing mechanism specifications and proving security properties. All model components are type checked by AtelierB, with 87% (154 out of 178) of generated proof obligations proved yet. The model is fully animated and checked by ProB. The results show that all specifications are well-defined without any deadlock and invariant violation. The proposed B model is for not only security analysis, but also system animation and extension. It presents a feasible approach to specify and verify the security scheme in the embedded system, which is able to translate into executable codes and implement practical module as well.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
The value of a state variable is displayed in italic front in this paper.

References

Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege escalation attacks on Android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 346–360. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-18178-8_30
Chapter Google Scholar
Shin, W., Kiyomoto, S. Fukushima, K., Tanaka, T.: A formal model to analyze the permission authorization and enforcement in the Android framework. In: IEEE Second International Conference on Social Computing, pp. 944–951. IEEE Computer Society, Washington, DC, USA (2010). https://doi.org/10.1109/SocialCom.2010.140
Betarte, G., Campo, J.D., Luna, C., Romano, A.: Verifying Android’s permission model. In: Leucker, M., Rueda, C., Valencia, F.D. (eds.) ICTAC 2015. LNCS, vol. 9399, pp. 485–504. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25150-9_28
Chapter Google Scholar
Fragkaki, E., Bauer, L., Jia, L., Swasey, D.: Modeling and enhancing Android’s permission system. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 1–18. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33167-1_1
Chapter Google Scholar
Android Developers: https://developer.android.com/guide/platform/index.html. Accessed 27 June 2017
Android Permission: https://developer.android.com/guide/topics/security/permissions.html. Accessed 27 June 2017
Abrial, J.R.: The B-book: Assigning Programs to Meanings. Cambridge University Press, Cambridge (1996)
Book MATH Google Scholar
Presentation of the B method | Méthode B: http://www.methode-b.com/en/b-method/. Accessed 01 Jul 2017
The ProB Animator and Modelchecker: https://www3.hhu.de/stups/prob/. Accessed 01 Jul 2017
Hoffmann, S., Haugou, G., Gabriele, S., Burdy, L.: The B-Method for the construction of microkernel-based systems. In: Julliand, J., Kouchnarenko, O. (eds.) B 2007. LNCS, vol. 4355, pp. 257–259. Springer, Heidelberg (2006). https://doi.org/10.1007/11955757_23
Chapter Google Scholar
Chen, D., Sun, Y., Chen, Z.: A Formal Specification in B of an Operating System. Open Cybern. Syst. J. 9(1), 1125–1129 (2015). https://doi.org/10.2174/1874110X01509011125
Article MathSciNet Google Scholar

Download references

Acknowledgments

Thanks to project supported by the National Natural Science Foundation of China (No. 61572516).

Author information

Authors and Affiliations

State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, 450001, China
Lu Ren, Rui Chang, Qing Yin & Yujia Man

Authors

Lu Ren
View author publications
You can also search for this author in PubMed Google Scholar
Rui Chang
View author publications
You can also search for this author in PubMed Google Scholar
Qing Yin
View author publications
You can also search for this author in PubMed Google Scholar
Yujia Man
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rui Chang .

Editor information

Editors and Affiliations

Guangzhou University , Guangzhou, China
Guojun Wang
Edith Kinney Gaylord Presidential Professor, University of Oklahoma, Norman, Oklahoma, USA
Mohammed Atiquzzaman
Aalto University, Espoo, Finland
Zheng Yan
University of Texas at San Antonio, San Antonio, Texas, USA
Kim-Kwang Raymond Choo

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Ren, L., Chang, R., Yin, Q., Man, Y. (2017). A Formal Android Permission Model Based on the B Method. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10656. Springer, Cham. https://doi.org/10.1007/978-3-319-72389-1_31

Download citation

DOI: https://doi.org/10.1007/978-3-319-72389-1_31
Published: 07 December 2017
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72388-4
Online ISBN: 978-3-319-72389-1
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics