| dc.contributor.author | Bagheri, Hamid | |
| dc.contributor.author | Kang, Eunsuk | |
| dc.contributor.author | Malek, Sam | |
| dc.contributor.author | Jackson, Daniel | |
| dc.date.accessioned | 2018-08-22T15:20:52Z | |
| dc.date.available | 2018-09-02T05:00:05Z | |
| dc.date.issued | 2017-11 | |
| dc.identifier.issn | 0934-5043 | |
| dc.identifier.issn | 1433-299X | |
| dc.identifier.uri | http://hdl.handle.net/1721.1/117468 | |
| dc.description.abstract | The ever increasing expansion of mobile applications into nearly every aspect of modern life, from banking to healthcare systems, is making their security more important than ever. Modern smartphone operating systems (OS) rely substantially on the permission-based security model to enforce restrictions on the operations that each application can perform. In this paper, we perform an analysis of the permission protocol implemented in Android, a popular OS for smartphones. We propose a formal model of the Android permission protocol in Alloy, and describe a fully automatic analysis that identifies potential flaws in the protocol. A study of real-world Android applications corroborates our finding that the flaws in the Android permission protocol can have severe security implications, in some cases allowing the attacker to bypass the permission checks entirely. Keywords: Android, Permission protocol, Alloy, Verification | en_US |
| dc.description.sponsorship | United States. Defense Advanced Research Projects Agency (Award D11AP00282) | en_US |
| dc.description.sponsorship | United States. National Security Agency (H98230-14-C-0140) | en_US |
| dc.description.sponsorship | United States. Department of Homeland Security (HSHQDC-14-C-B0040) | en_US |
| dc.description.sponsorship | United States. Air Force. Office of Scientific Research (FA95501610030) | en_US |
| dc.description.sponsorship | National Science Foundation (U.S.) (CCF1252644) | en_US |
| dc.description.sponsorship | National Science Foundation (U.S.) (CCF-1618132) | en_US |
| dc.publisher | Springer London | en_US |
| dc.relation.isversionof | https://doi.org/10.1007/s00165-017-0445-z | en_US |
| dc.rights | Creative Commons Attribution-Noncommercial-Share Alike | en_US |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-sa/4.0/ | en_US |
| dc.source | Springer London | en_US |
| dc.title | A formal approach for detection of security flaws in the android permission system | en_US |
| dc.type | Article | en_US |
| dc.identifier.citation | Bagheri, Hamid, et al. “A Formal Approach for Detection of Security Flaws in the Android Permission System.” Formal Aspects of Computing, vol. 30, no. 5, Sept. 2018, pp. 525–44. | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | en_US |
| dc.contributor.mitauthor | Kang, Eunsuk | |
| dc.contributor.mitauthor | Jackson, Daniel | |
| dc.relation.journal | Formal Aspects of Computing | en_US |
| dc.eprint.version | Author's final manuscript | en_US |
| dc.type.uri | http://purl.org/eprint/type/JournalArticle | en_US |
| eprint.status | http://purl.org/eprint/status/PeerReviewed | en_US |
| dc.date.updated | 2018-08-18T03:40:18Z | |
| dc.language.rfc3066 | en | |
| dc.rights.holder | British Computer Society | |
| dspace.orderedauthors | Bagheri, Hamid; Kang, Eunsuk; Malek, Sam; Jackson, Daniel | en_US |
| dspace.embargo.terms | N | en |
| dc.identifier.orcid | https://orcid.org/0000-0002-0194-3989 | |
| dc.identifier.orcid | https://orcid.org/0000-0003-4864-078X | |
| mit.license | OPEN_ACCESS_POLICY | en_US |
