Banking Trojans APK Detection using Formal Methods

“…Another widespread security threat in banking is malware. In this area the authors of [155] analysed Android banking applications using Krakatau byte-code tool 6 to generate the Java byte-code of the application, further translating it to Calculus of Communicating Systems (CCS) [183]. The authors then dispatched the CCS model to the Concurrency Workbench of New Century (CWB-NC) model checker [72] searching for malware properties.…”

“…Specification languages. AADL (Architecture Analysis & Design Language) [18,73], ASF (Anonymous Secure Framework) [156], ASLan++ (AVANTSSAR Specification Language) [21], BAN logic [54,232], Boogie [34], Boxed Ambients [138], CASM (ASM-based SL for compilers) [257], CCS (Calculus of Communicating Systems) [155], COVERT (compositional analysis of Android apps) [29], CSP (Communicating Sequential Systems) [123], CSP# (shared variables CSP) [241], CTL (Computation tree temporal logic) [233], Cloud Calculus [138], Cryptol [92], Dynamic State Machine [189], ERC20 token contracts [203], Event-B [85], HLPSL (High Level Protocol Specification Language) [46], Hoare logic [111], LS2 (Logic of Secure Systems) [30], LTL (linear-time temporal logic) [271], Markov Decision Process [184], Petri nets [15], π -calculus [43], PlusCal [9], Promela [175], RTL (real-time logic) [113], SPDL (Security Protocol Description Language) [171], SysML-Sec [18], TLA+ (Temporal Logic of Actions) [75], Trusted CSP# [30], überSpark [257], VDM [101], Verilog [167], VHDL [114], VML [230], vTRUST [120], XMHF (eXtensible and Modular Hypervisor Framework)…”

“…Model checkers. AVISPA (Automated Validation of Internet Security Protocols and Applications) [22], Alloy [85], CBMC (Bounded Model Checker for C and C++) [61], CWB-NC (Concurrency Workbench of New Century) [155], Cadence IFV (RTL block-level verifier) [114], FDR [106], GROOVE [105], jKind [102], NuSMV [68], OFMC (on-the-fly model checker) [37], PAT (Process Analysis Toolkit for CSP#) [241], PRISM (probabilistic model checker) [184], SATMC (SAT-based model checker for security protocols) [46], SPIN [252], TRUSTFOUND [30], UPPAAL [179], UVHM (formal analysis scheme for hypervisors) [256].…”

“…Verification tools and frameworks. AndroBugs (Framework For Android Vulnerability Scanning) [245], Cl-Atse (protocol analyser) [144], FUDGE (Fuzz driver generator) [26], Frama-C [257], Krakatau [155], Maude (rewrite engine) [195], MobSF (mobile security framework) [130], phpSAFE [197], ProVerif [43], Quark [137], SAW (Software Analysis Workbench) [75], SMACK [75], SecGuru [139], SecVeriLog [95], Sugar (SAT-based) [172], TTool (translator from SysML-Sec to π -calculus) [18], Z3 [24].…”

A Survey of Practical Formal Methods for Security

“…Another widespread security threat in banking is malware. In this area the authors of [155] analysed Android banking applications using Krakatau byte-code tool 6 to generate the Java byte-code of the application, further translating it to Calculus of Communicating Systems (CCS) [183]. The authors then dispatched the CCS model to the Concurrency Workbench of New Century (CWB-NC) model checker [72] searching for malware properties.…”

“…Specification languages. AADL (Architecture Analysis & Design Language) [18,73], ASF (Anonymous Secure Framework) [156], ASLan++ (AVANTSSAR Specification Language) [21], BAN logic [54,232], Boogie [34], Boxed Ambients [138], CASM (ASM-based SL for compilers) [257], CCS (Calculus of Communicating Systems) [155], COVERT (compositional analysis of Android apps) [29], CSP (Communicating Sequential Systems) [123], CSP# (shared variables CSP) [241], CTL (Computation tree temporal logic) [233], Cloud Calculus [138], Cryptol [92], Dynamic State Machine [189], ERC20 token contracts [203], Event-B [85], HLPSL (High Level Protocol Specification Language) [46], Hoare logic [111], LS2 (Logic of Secure Systems) [30], LTL (linear-time temporal logic) [271], Markov Decision Process [184], Petri nets [15], π -calculus [43], PlusCal [9], Promela [175], RTL (real-time logic) [113], SPDL (Security Protocol Description Language) [171], SysML-Sec [18], TLA+ (Temporal Logic of Actions) [75], Trusted CSP# [30], überSpark [257], VDM [101], Verilog [167], VHDL [114], VML [230], vTRUST [120], XMHF (eXtensible and Modular Hypervisor Framework)…”

“…Model checkers. AVISPA (Automated Validation of Internet Security Protocols and Applications) [22], Alloy [85], CBMC (Bounded Model Checker for C and C++) [61], CWB-NC (Concurrency Workbench of New Century) [155], Cadence IFV (RTL block-level verifier) [114], FDR [106], GROOVE [105], jKind [102], NuSMV [68], OFMC (on-the-fly model checker) [37], PAT (Process Analysis Toolkit for CSP#) [241], PRISM (probabilistic model checker) [184], SATMC (SAT-based model checker for security protocols) [46], SPIN [252], TRUSTFOUND [30], UPPAAL [179], UVHM (formal analysis scheme for hypervisors) [256].…”

“…Verification tools and frameworks. AndroBugs (Framework For Android Vulnerability Scanning) [245], Cl-Atse (protocol analyser) [144], FUDGE (Fuzz driver generator) [26], Frama-C [257], Krakatau [155], Maude (rewrite engine) [195], MobSF (mobile security framework) [130], phpSAFE [197], ProVerif [43], Quark [137], SAW (Software Analysis Workbench) [75], SMACK [75], SecGuru [139], SecVeriLog [95], Sugar (SAT-based) [172], TTool (translator from SysML-Sec to π -calculus) [18], Z3 [24].…”

A Survey of Practical Formal Methods for Security

Analysis of Malware Inserted in APK Files in the Case of “Undangan Nikah.apk” Using Reverse Engineering