Title :
Towards Formal Analysis of the Permission-Based Security Model for Android
Author :
Shin, Wook ; Kiyomoto, Shinsaku ; Fukushima, Kazuhide ; Tanaka, Toshiaki
Author_Institution :
KDDI R&D Labs., Fujimino, Japan
Abstract :
Since the source code of Android was released to the public, people have concerned about the security of the Android system. Whereas the insecurity of a system can be easily exaggerated even with few minor vulnerabilities, the security is not easily demonstrated. Formal methods have been favorably applied for the purpose of ensuring security in different contexts to attest whether the system meets the security goals or not by relying on mathematical proofs. In order to commence the security analysis of Android, we specify the permission mechanism for the system. We represent the system in terms of a state machine, elucidate the security needs, and show that the specified system is secure over the specified states and transitions. We expect that this work will provide the basis for assuring the security of the Android system. The specification and verification were carried out using the Coq proof assistant.
Keywords :
formal specification; operating systems (computers); security of data; Android system; Coq proof assistant; Formal methods; formal analysis; mathematical proofs; permission-based security model; security analysis; Authorization; Communication system security; Hardware; Kernel; Linux; Multimedia databases; Packaging; Permission; Software libraries; Virtual manufacturing; Android; Coq; formal model; permission; security;
Conference_Titel :
Wireless and Mobile Communications, 2009. ICWMC '09. Fifth International Conference on
Conference_Location :
Cannes, La Bocca
Print_ISBN :
978-1-4244-4679-7
Electronic_ISBN :
978-0-7695-3750-4
DOI :
10.1109/ICWMC.2009.21
