Abstract
We present our work in using the ACL2 theorem prover to formally model the Android platform and to formally verify Android apps. Our approach allows the verification of the full functional correctness of apps as well as security properties. It also lets us detect or prove the absence of “functional malware”, malicious app functionality that is triggered by complex conditions on state and that causes the app to calculate the wrong results or otherwise behave incorrectly. Our formal Android model is an executable simulator of a growing subset of the Android platform, and app proofs are done by automated symbolic execution of the app’s event handlers using the formal model. By induction, we prove that an app satisfies an invariant, including the correctness properties of interest, for all possible sequences of events.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Armando, A., Costa, G., Merlo, A.: Formal modeling and reasoning about the Android security framework. In: Palamidessi, C., Ryan, M.D. (eds.) TGC 2012. LNCS, vol. 8191, pp. 64–81. Springer, Heidelberg (2013)
Armando, A., Merlo, A., Migliardi, M., Verderame, L.: Would you mind forking this process? A denial of service attack on Android (and some countermeasures). In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 13–24. Springer, Heidelberg (2012)
Bläsing, T., Batyuk, L., Schmidt, A.-D., Camtepe, S.A., Albayrak, S.: An Android application sandbox system for suspicious software detection. In: Proceedings of 5th International Conference on Malicious and Unwanted Software (Malware) (2010)
Boyer, R.S., Moore, J.S.: A Computational Logic. Academic Press, New York (1979)
Chaudhuri, A.: Language-based security on Android. In: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security (PLAS) (2009)
Chen, K.Z., Johnson, N., D’Silva, V., Dai, S., MacNamara, K., Magrino, T., Wu, E., Rinard, M., Song, D.: Contextual policy enforcement in Android applications with permission event graphs. In: Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS) (2013)
Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services (MobiSys) (2011)
Clarkson, M., Schneider, F.: Hyperproperties. J. Comput. Secur. 18(6), 1157–1210 (2010)
DARPA Information Innovation Office. Automated program analysis for cybersecurity (APAC) program. http://www.darpa.mil/program/automated-program-analysis-for-cybersecurity
Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N., TaintDroid, : An information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5:1–5:29 (2014)
Enck, W., Ongtang, M., McDaniel, P.: Understanding Android security. IEEE Secur. Priv. Mag. 7(1), 50–57 (2009)
Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of the ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (2011)
Fragkaki, E., Bauer, L., Jia, L., Swasey, D.: Modeling and enhancing Android’s permission system. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 1–18. Springer, Heidelberg (2012)
Fuchs, A., Chaudhuri, A., Foster, J.: SCanDroid: automated security certication of Android applications. Technical report CS-TR-4991, Department of Computer Science, University of Maryland, College Park (2009)
Goguen, J., Meseguer, J.: Security policies and security models. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 11–20 (1982)
Gordon, M.I., Kim, D., Perkins, J., Gilham, L., Nguyen, N., Rinard, M.: Information-flow analysis of Android applications in DroidSafe. In: Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSS) (2014)
Harel, D., Kozen, D., Tiuryn, J.: Dynamic Logic. MIT Press, Cambridge (2000)
Hoare, C.A.R.: Proof of correctness of data representations. Acta Informatica 1(4), 271–281 (1972)
Jeon, J., Micinski, K., Foster, J.: SymDroid: symbolic execution for Dalvik bytecode. Technical report CS-TR-5022, University of Maryland, College Park (2012)
The Java Modeling Language (JML). http://jmlspecs.org
The KeY project. http://www.key-project.org
Lange, M., Liebergeld, S., Lackorzynski, A., Warg, A., Peter, M.: L4Android: a generic operating system framework for secure smartphones. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) (2011)
Lindholm, T., Yellin, F., Bracha, G., Buckley, A.: The Java Virtual Machine Specification - Java SE 8 Edition, March 2014. http://docs.oracle.com/javase/specs/jvms/se8/html
Lineberry, A., Richardson, D.L., Wyatt, T.: These aren’t the permissions you’re looking for. In: DEFCON 18 (2010)
Manolios, P., Moore, J.S.: Partial functions in ACL2. J. Autom. Reasoning 31, 107–127 (2003)
Haghighi Mobarhan, M.A.: Formal specification of selected Android core applications and library functions. Master’s thesis, Chalmers University of Technology, University of Gothenburg (2011)
McCarthy, J.: A formal description of a subset of Algol. Technical report Stanford Artificial Intelligence Project Memo No. 24, Stanford University (1964)
Milner, R.: An algebraic definition of simulation between programs. Technical report CS-205, Stanford University (1971)
Moore, J.: Proving Theorems about Java and the JVM with ACL2. http://www.cs.utexas.edu/users/moore/publications/marktoberdorf-02/index.html
Nauman, M., Khan, S., Zhang, X.: Apex: extending Android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS) (2010)
Open Handset Alliance. Android Development Resources. http://developer.android.com
Open Handset Alliance. Android Open Source Project. http://source.android.com
Payet, E., Spoto, F.: An operational semantics for Android activities. In: Proceedings of the ACM SIGPLAN Workshop on Partial Evaluation and Program Manipulation (PEPM) (2014)
Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google Android: A comprehensive security assessment. IEEE Secur. Priv. Mag. 8(2), 35–44 (2010)
Shamili, A.S., Bauckhage, C., Alpcan, T.: Malware detection on mobile devices using distributed machine learning. In: Proceedings of the 20th International Conference on Pattern Recognition (ICPR) (2011)
Shin, W., Kiyomoto, S., Fukushima, K., Tanaka, T.: A formal model to analyze the permission authorization and enforcement in the Android framework. In: Proceedings of the IEEE Second International Conference on Social Computing (SOCIALCOM) (2010)
Smalley, S., Craig, R.: Security enhanced (SE) Android: bringing flexible MAC to Android. In: Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS) (2013)
Smith, E.W.: Axe: an Automated Formal Equivalence Checking Tool for Programs. Ph.D. dissertation, Stanford University (2011)
University of Texas at Austin. The ACL2 theorem prover. http://www.cs.utexas.edu/moore/acl2
Vidas, T., Votipka, D., Christin, N.: All your droid are belong to us: a survey of current Android attacks. In: Proceedings of the 5th USENIX Workshop on Offensive Technologies (WOOT) (2011)
Rubin, X., Saïdi, H., Anderson, R.: Aurasium: practical policy enforcement for Android applications. In: Proceedings of the USENIX Security Symposium (2012)
Acknowledgments
This material is based on research sponsored by DARPA under agreement number FA8750-12-X-0110. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon.
We would also like to thank Garrin Kimmell, James McDonald, and Allen Goldberg for their helpful reviews of this paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Smith, E., Coglio, A. (2016). Android Platform Modeling and Android App Verification in the ACL2 Theorem Prover. In: Gurfinkel, A., Seshia, S.A. (eds) Verified Software: Theories, Tools, and Experiments. VSTTE 2015. Lecture Notes in Computer Science(), vol 9593. Springer, Cham. https://doi.org/10.1007/978-3-319-29613-5_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-29613-5_11
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-29612-8
Online ISBN: 978-3-319-29613-5
eBook Packages: Computer ScienceComputer Science (R0)