Formal Modeling of Security Concerns in Android

Lahore Garrison University Research Journal of Computer Science and Information Technology Pub Date : 2020-03-26 DOI:10.54692/lgurjcsit.2020.0401142

Khadija Javed

{"title":"Formal Modeling of Security Concerns in Android","authors":"Khadija Javed","doi":"10.54692/lgurjcsit.2020.0401142","DOIUrl":null,"url":null,"abstract":"The need of providing a secure environment to the users of technology is necessary to keep it going. Android devices are used by most of the population worldwide, to keep it working and developing it should be secure for the users. Applications are installed on the device by the user for specific purposes. Different applications interact with each other to perform some specific functions e.g. an application that doesn't have its built-in Calendar functionality asks for the permission to access it externally from another application/s installed on the device and this inter-application communication can result in data theft vulnerabilities because of communication with a malicious application directly or indirectly. We present a defense mechanism model named PBAD (Permission Based Attack Defense) Model, which protects the applications from interacting with malicious applications and protecting the permission protected interfaces of the innocuous applications. Our main focus is on the permission related security measures because the permission model of the Android OS is coarse-grained and it is vulnerable to attacks. The presented model is a PROMELA based model.","PeriodicalId":197260,"journal":{"name":"Lahore Garrison University Research Journal of Computer Science and Information Technology","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Lahore Garrison University Research Journal of Computer Science and Information Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.54692/lgurjcsit.2020.0401142","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

The need of providing a secure environment to the users of technology is necessary to keep it going. Android devices are used by most of the population worldwide, to keep it working and developing it should be secure for the users. Applications are installed on the device by the user for specific purposes. Different applications interact with each other to perform some specific functions e.g. an application that doesn't have its built-in Calendar functionality asks for the permission to access it externally from another application/s installed on the device and this inter-application communication can result in data theft vulnerabilities because of communication with a malicious application directly or indirectly. We present a defense mechanism model named PBAD (Permission Based Attack Defense) Model, which protects the applications from interacting with malicious applications and protecting the permission protected interfaces of the innocuous applications. Our main focus is on the permission related security measures because the permission model of the Android OS is coarse-grained and it is vulnerable to attacks. The presented model is a PROMELA based model.

查看原文本刊更多论文

Android中安全问题的形式化建模

为技术用户提供安全的环境是保持技术发展的必要条件。世界上大多数人都在使用Android设备，为了让它继续工作和发展，它应该对用户来说是安全的。应用程序是由用户为特定目的而安装在设备上的。不同的应用程序相互交互以执行一些特定的功能，例如，一个没有内置日历功能的应用程序要求从设备上安装的另一个应用程序外部访问它的权限，这种应用程序间的通信可能导致数据盗窃漏洞，因为与恶意应用程序直接或间接通信。提出了一种基于权限的攻击防御模型(PBAD, Permission Based Attack defense)，该模型既保护了应用程序与恶意应用程序的交互，又保护了无害应用程序的权限保护接口。我们主要关注与权限相关的安全措施，因为Android操作系统的权限模型是粗粒度的，容易受到攻击。提出的模型是一个基于PROMELA的模型。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Lahore Garrison University Research Journal of Computer Science and Information Technology

自引率

0.00%

发文量