Motivation Introduction Specification Verification A certified reference validation mechanism for the permission model of Android Gustavo Betarte Juan Campo Felipe Gorostiaga Carlos Luna InCo, Facultad de Ingenier´ ıa, Universidad de la Rep´ ublica, Uruguay. IMDEA Software Institute, Spain. October 16, 2017 Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Table of contents Motivation 1 Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Table of contents Motivation 1 Introduction 2 Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Table of contents Motivation 1 Introduction 2 Specification 3 Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Table of contents Motivation 1 Introduction 2 Specification 3 Verification 4 Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Summary Motivation 1 Introduction 2 Specification 3 Verification 4 Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Why Android? Present in more than a billion mobile devices. Target of many attacks. Informal and incomplete documentation. Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Summary Motivation 1 Introduction 2 Specification 3 Verification 4 Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Introduction to Android Open-source operating system for mobile devices. Developed by Google and the Open Handset Alliance (OHA) Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Introduction to Android Two kinds of applications: System applications shipped with the Android distribution 1 Eg. Clock, Contacts User applications developed by third parties 2 Eg. WhatsApp, Facebook Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Introduction to Android Two kinds of applications: System applications shipped with the Android distribution 1 Eg. Clock, Contacts User applications developed by third parties 2 Eg. WhatsApp, Facebook Both kinds of applications have access to the device’s resources/services, as well as to other applications’ resources. Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Application components Activities They comprise the application screens They handle the user’s interaction with the application Content Providers They handle data sharing between applications Interface between data and external applications Services Broadcast Receivers Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Application components Activities They comprise the application screens They handle the user’s interaction with the application Content Providers They handle data sharing between applications Interface between data and external applications Services Broadcast Receivers Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Application components Activities They comprise the application screens They handle the user’s interaction with the application Content Providers They handle data sharing between applications Interface between data and external applications Services Broadcast Receivers Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Attachments Motivation Introduction Specification Verification Application components: an example Activities Inbox New mail Content Providers Attachments Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Comunication between Components Access to Content Providers: Queries to URI s Access to any other component: Intents Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Android’s security model Access to device and external applications must be regulated to keep: Data integrity and confidentiality Costs control by the user System’s proper functioning . . . Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Principle Of Least Privilege Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Principle Of Least Privilege Application sandbox Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Principle Of Least Privilege Application sandbox Permission system Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification AndroidManifest XML file which every Android application must provide It includes static declarations like: Requested permissions 1 Custom permissions 2 Application’s components 3 . . . 4 Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification AndroidManifest : Example <manifest package="com.cpexample" ... > . . . <uses-permission android:name="android.permission.SEND SMS" /> <application android:permission="android.permission.SET WALLPAPER" ... > <activity android:name="com.cpexample.MainActivity" android:permission="android.permission.CALL PHONE" ... > </activity> <provider android:name="com.cpexample.MiProvider" android:permission="android.permission.SEND SMS" ... > </provider> . . . </application> </manifest> Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Permission delegation Permission delegation between components Permissions granted until revocation Two delegation mechanisms: Pending intents URI permissions Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Permission delegation: URI permissions uri1 App 1 uri2 CProvider uri3 App 2 Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Permission delegation: URI permissions uri1 App 1 uri2 CProvider uri3 App 2 Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Permission delegation: URI permissions uri1 App 1 uri2 CProvider uri3 App 2 Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification Summary Motivation 1 Introduction 2 Specification 3 Verification 4 Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
State i Motivation Introduction Specification Verification General characteristics Formalization of Android’s security system Developed using the proof assistant Coq Specially focused on: Permission system Interaction between components and the system High order specification based on state machines Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
State i Motivation Introduction Specification Verification General characteristics Formalization of Android’s security system Developed using the proof assistant Coq Specially focused on: Permission system Interaction between components and the system High order specification based on state machines Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Current permission delegations Installed applications Motivation Introduction Specification Verification General characteristics Formalization of Android’s security system Developed using the proof assistant Coq Specially focused on: Permission system Interaction between components and the system High order specification based on state machines Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Motivation Introduction Specification Verification General characteristics Formalization of Android’s security system Developed using the proof assistant Coq Specially focused on: Permission system Interaction between components and the system High order specification based on state machines Gustavo Betarte, Juan Campo, Felipe Gorostiaga, Carlos Luna LOPSTR 2017
Recommend
More recommend
