A formal approach for detection of security flaws in the android permission system

Bagheri Hamid; Kang Eunsuk; Malek Sam; Jackson Daniel

首页> 外文期刊>Formal Aspects of Computing >A formal approach for detection of security flaws in the android permission system

【24h】

A formal approach for detection of security flaws in the android permission system

机译：检测android权限系统中安全漏洞的正式方法

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

The ever increasing expansion of mobile applications into nearly every aspect of modern life, from banking to healthcare systems, is making their security more important than ever. Modern smartphone operating systems (OS) rely substantially on the permission-based security model to enforce restrictions on the operations that each application can perform. In this paper, we perform an analysis of the permission protocol implemented in Android, a popular OS for smartphones. We propose a formal model of the Android permission protocol in Alloy, and describe a fully automatic analysis that identifies potential flaws in the protocol. A study of real-world Android applications corroborates our finding that the flaws in the Android permission protocol can have severe security implications, in some cases allowing the attacker to bypass the permission checks entirely.

机译：从银行到医疗保健系统，移动应用程序几乎不断扩展到现代生活的各个方面，这使得它们的安全性比以往任何时候都更加重要。现代智能手机操作系统（OS）基本上依赖于基于权限的安全模型来对每个应用程序可以执行的操作施加限制。在本文中，我们对在Android（智能手机的流行操作系统）中实现的许可协议进行了分析。我们在Alloy中提出了Android许可协议的正式模型，并描述了一种识别协议中潜在缺陷的全自动分析。对现实世界中的Android应用程序的研究证实了我们的发现，即Android权限协议中的漏洞可能会带来严重的安全隐患，在某些情况下，攻击者可以完全绕过权限检查。

著录项

来源
《Formal Aspects of Computing》 |2018年第5期|525-544|共20页
作者
Bagheri Hamid; Kang Eunsuk; Malek Sam; Jackson Daniel;
展开▼
作者单位

Univ Nebraska, Dept Comp Sci & Engn, Lincoln, NE 68588 USA;

MIT, Comp Sci & Artificial Intelligence Lab, 77 Massachusetts Ave, Cambridge, MA 02139 USA;

Univ Calif Irvine, Sch Informat & Comp Sci, Irvine, CA USA;

MIT, Comp Sci & Artificial Intelligence Lab, 77 Massachusetts Ave, Cambridge, MA 02139 USA;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
Android; Permission protocol; Alloy; Verification;

机译：Android;权限协议;合金;验证;
入库时间 2022-08-17 13:04:30

相似文献

外文文献
中文文献
专利

1. A novel permission ranking system for android malware detection-the permission grader [J] . Dharmalingam Varna Priya, Palanisamy Visalakshi Journal of ambient intelligence and humanized computing . 2021,第5期

机译：用于Android恶意软件检测的新型许可排名系统 - 许可年级学生
2. AppPerm Analyzer: Malware Detection System Based on Android Permissions and Permission Groups [J] . Ibrahim Alper Dogru, Murat OEnder International journal of software engineering and knowledge engineering . 2020,第3期

机译：AppPerm Analyzer：基于Android权限和权限组的恶意软件检测系统
3. A Formal Approach to Detecting Security Flaws in Obiect-Oriented Databases [J] . Toshiyuki MORITA, Yasunori ISHIHARA, Hiroyuki SEKI IEICE Transactions on Information and Systems . 1999,第1期

机译：在面向对象的数据库中检测安全缺陷的一种正式方法
4. Detection of Design Flaws in the Android Permission Protocol Through Bounded Verification [C] . Hamid Bagheri, Eunsuk Kang, Sam Malek, International symposium on formal methods . 2015

机译：通过边界验证检测Android许可协议中的设计缺陷
5. A Trusted and Efficient Security Approach for the Detection of Hardware Trojans and Authentication of FPGA-Based Systems [D] . Amsaad, Fathi. 2017

机译：一种可靠且高效的安全方法，用于检测硬件木马和基于FPGA的系统的身份验证
6. An IoT-Focused Intrusion Detection System Approach Based on Preprocessing Characterization for Cybersecurity Datasets [O] . Xavier Larriva-Novo, Víctor A. Villagrá, Mario Vega-Barbas, 2021

机译：基于网络安全数据集的预处理表征的IOT聚焦的入侵检测系统方法
7. A formal approach for detection of security flaws in the android permission system [O] . Hamid Bagheri, Eunsuk Kang, Sam Malek, 2017

机译：在Android许可系统中检测安全漏洞的正式方法
8. Modeling and Enhancing Android's Permission System. [R] . Fragkaki, E., Bauer, L., Jia, L., 2012

机译：建模和增强android的权限系统。

A formal approach for detection of security flaws in the android permission system

摘要

著录项

相似文献

相关主题

期刊订阅