Abstract
Safety and security are essential properties required by network and mobile applications. The former is concerned with detection of software faults and recovery from failures, and the latter is mainly about specifying and enforcing security policies. However, how to precisely understand and formally specify essential notations in safety and security disciplines, and how to integrate these properties with functional behaviour of programs, are still open issues. For this sake, in this paper, we propose a formal framework, trying to interpret safety and security notations on a common ontology, and combine security property with functional specification in a unified formalism. Our main contributions are two-folds: first, we formally define the notions of fault, failure and error in the traditional state-based model; and secondly, formally define permission mechanism in Android security system, and represent Hoare triples for security-related actions.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Tabuada, P., Caliskan, S.Y., Rungger, M., et al.: Towards robustness for cyber-physical systems. IEEE Trans. Autom. Control 59(12), 3151–3163 (2014)
Suareztangil, G., Tapiador, J.E., Perislopez, P., et al.: Evolution, detection and analysis of malware for smart devices. IEEE Commun. Surv. Tutor. 16(2), 961–987 (2014)
Sufatrio, T.D.J., Chua, T., et al.: Securing android: a survey, taxonomy, and challenges. ACM Comput. Surv. 47(4), 58–102 (2015)
Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., et al.: Taintdroid: an information flow tracking system for real-time privacy monitoring on smartphones. Commun. ACM 57(3), 99–106 (2014)
Zhu, H., He, J., Qin, S., et al.: Denotational semantics and its algebraic derivation for an event-driven system-level language. Formal Aspects Comput. 27(1), 133–166 (2015)
Avizienis, A., Laprie, J.C., Randell, B., et al.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Depend. Secur. Comput. 1(1), 11–33 (2004)
Cristian, F.: A rigorous approach to fault-tolerant programming]. IEEE Trans. Softw. Eng. 11(1), 23–31 (1985)
Sari, A., Akkaya, M.: Fault tolerance mechanisms in distributed systems. Int. J. Commun. Netw. Syst. Sci. 8(12), 471–482 (2015)
Chen, J., Ebnenasir, A., Kulkarni, S.S., et al.: The complexity of adding multitolerance. ACM Trans. Auton. Adapt. Syst. 9(3), 15–48 (2014)
Natella, R., Cotroneo, D., Madeira, H., et al.: Assessing dependability with software fault injection: a survey. ACM Comput. Surv. 48(3), 44–98 (2016)
Zheng, P., Qi, Y., Zhou, Y., et al.: An automatic framework for detecting and characterizing performance degradation of software systems. IEEE Trans. Reliab. 63(4), 927–943 (2014)
Cotroneo, D., Natella, R., Pietrantuono, R., et al.: A survey of software aging and rejuvenation studies. ACM J. Emerg. Technol. Comput. Syst. 10(1), 8–42 (2014)
Hajisheykhi, R., Roohitavaf, M., Kulkarni, S.S., et al.: Bounded auditable restoration of distributed systems. IEEE Trans. Comput. 66(2), 240–255 (2017)
Dubey, A., Karsai, G.: Software health management. Innov. Syst. Softw. Eng. 9(4), 217–217 (2013)
Schneider, C., Barker, A., Dobson, S., et al.: A survey of self-healing systems frameworks. Softw. Pract. Exp. 45(10), 1375–1398 (2015)
Peng, M., Wang, C., Li, J., et al.: Recent advances in underlay heterogeneous networks: interference control, resource allocation, and self-organization. IEEE Commun. Surv. Tutor. 17(2), 700–729 (2015)
Long, F., Sidirogloudouskos, S., Rinard, M.C., et al.: Automatic runtime error repair and containment via recovery shepherding. Program. Lang. Des. Implement. 49(6), 227–238 (2014)
Sheen, S., Anitha, R., Natarajan, V., et al.: Android based malware detection using a multifeature collaborative decision fusion approach. Neurocomputing 151(3), 905–912 (2015)
Arzt, S., Rasthofer, S., Fritz, C., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. Program. Lang. Des. Implement. 49(6), 259–269 (2014)
Ham, Y.J., Lee, H.-W.: Detection of malicious android mobile applications based on aggregated system call events. Int. J. Comput. Commun. Eng. 3(2), 149–154 (2014)
Dijkstra, E.W.: Guarded commands, nondeterminacy and formal derivation of programs. Commun. ACM 18(8), 453–457 (1975)
Acknowledgements
The authors acknowledge the Shaanxi Province Natural Science Foundation research project (Grant No. 2017JM6105) for support.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zhu, Z., Liu, X. A formal framework for software faults and permissions based on unified theory of programming. Cluster Comput 22 (Suppl 6), 14049–14059 (2019). https://doi.org/10.1007/s10586-018-2233-9
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-018-2233-9