发布求助
文献互助 智能选刊 最新文献

Towards a Formal Approach for Detection of Vulnerabilities in the Android Permissions System

ISC Int. J. Inf. Secur. Pub Date : 2022-08-23 DOI:10.48550/arXiv.2208.11062
Amirhosein Sayyadabdi, B. T. Ladani, B. Zamani
{"title":"Towards a Formal Approach for Detection of Vulnerabilities in the Android Permissions System","authors":"Amirhosein Sayyadabdi, B. T. Ladani, B. Zamani","doi":"10.48550/arXiv.2208.11062","DOIUrl":null,"url":null,"abstract":"— Android is a widely used operating system that employs a permission-based access control model. The Android Permissions System (APS) is responsible for mediating application resource requests. APS is a critical component of the Android security mechanism; hence, a failure in the design of APS can potentially lead to vulnerabilities that grant unauthorized access to resources by malicious applications. In this paper, we present a formal approach for modeling and verifying the security properties of APS. We demonstrate the usability of the proposed approach by showcasing the detection of a well-known vulnerability found in Android’s custom permissions.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"134 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ISC Int. J. Inf. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.48550/arXiv.2208.11062","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

— Android is a widely used operating system that employs a permission-based access control model. The Android Permissions System (APS) is responsible for mediating application resource requests. APS is a critical component of the Android security mechanism; hence, a failure in the design of APS can potentially lead to vulnerabilities that grant unauthorized access to resources by malicious applications. In this paper, we present a formal approach for modeling and verifying the security properties of APS. We demonstrate the usability of the proposed approach by showcasing the detection of a well-known vulnerability found in Android’s custom permissions.
分享
查看原文 本刊更多论文
Android权限系统漏洞检测的形式化方法研究
—Android是应用广泛的操作系统,采用基于权限的访问控制模式。Android权限系统(APS)负责调解应用程序资源请求。APS是Android安全机制的关键组成部分;因此,APS设计的失败可能会导致恶意应用程序授予对资源的未经授权访问的漏洞。在本文中,我们提出了一种形式化方法来建模和验证APS的安全属性。我们通过展示对Android自定义权限中发现的一个众所周知的漏洞的检测来演示所提出方法的可用性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
ISC Int. J. Inf. Secur.
ISC Int. J. Inf. Secur.
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信