| dc.contributor.author | Bagheri, Hamid | |
| dc.contributor.author | Kang, Eunsuk | |
| dc.contributor.author | Jackson, Daniel N. | |
| dc.contributor.author | Malek, Sam | |
| dc.date.accessioned | 2019-06-10T19:16:16Z | |
| dc.date.available | 2019-06-10T19:16:16Z | |
| dc.date.issued | 2015 | |
| dc.identifier.isbn | 978-3-319-19248-2 | |
| dc.identifier.isbn | 978-3-319-19249-9 | |
| dc.identifier.uri | https://hdl.handle.net/1721.1/121239 | |
| dc.description.abstract | The ever increasing expansion of mobile applications into nearly every aspect of modern life, from banking to healthcare systems, is making their security more important than ever. Modern smartphone operating systems (OS) rely substantially on the permission-based security model to enforce restrictions on the operations that each application can perform. In this paper, we perform an analysis of the permission protocol implemented in Android, a popular OS for smartphones. We propose a formal model of the Android permission protocol in Alloy, and describe a fully automatic analysis that identifies potential flaws in the protocol. A study of real-world Android applications corroborates our finding that the flaws in the Android permission protocol can have severe security implications, in some cases allowing the attacker to bypass the permission checks entirely. Keywords: Protection Level, Content Provider, Design Flaw, Custom Permission, Alloy Analyzer | en_US |
| dc.description.sponsorship | United States. Defense Advanced Research Projects Agency (Award D11AP00282) | en_US |
| dc.description.sponsorship | United States. National Security Agency (H98230-14-C-0140) | en_US |
| dc.description.sponsorship | United States. Department of Homeland Security (HSHQDC-14-C-B0040) | en_US |
| dc.description.sponsorship | National Science Foundation (U.S.) (CCF-1252644) | en_US |
| dc.language.iso | en | |
| dc.publisher | Springer Nature America, Inc | en_US |
| dc.relation.isversionof | http://dx.doi.org/10.1007/978-3-319-19249-9_6 | en_US |
| dc.rights | Creative Commons Attribution-Noncommercial-Share Alike | en_US |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-sa/4.0/ | en_US |
| dc.source | MIT web domain | en_US |
| dc.title | Detection of Design Flaws in the Android Permission Protocol Through Bounded Verification | en_US |
| dc.type | Article | en_US |
| dc.identifier.citation | Bagheri, Hamid, et al. “Detection of Design Flaws in the Android Permission Protocol Through Bounded Verification.” Proceedings of FM 2015: Formal Methods, edited by Nikolaj Bjørner and Frank de Boer, vol. 9109, Springer International Publishing, 2015, pp. 73–89. | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | en_US |
| dc.relation.journal | Proceedings of FM 2015: Formal Methods | en_US |
| dc.eprint.version | Author's final manuscript | en_US |
| dc.type.uri | http://purl.org/eprint/type/ConferencePaper | en_US |
| eprint.status | http://purl.org/eprint/status/NonPeerReviewed | en_US |
| dc.date.updated | 2019-05-31T17:16:22Z | |
| dspace.date.submission | 2019-05-31T17:16:23Z | |
