CrashSafe: a formal model for proving crash-safety of Android applications

Khan, Wilayat; Ullah, Habib; Ahmad, Aakash; Sultan, Khalid; Alzahrani, Abdullah J.; Khan, Sultan Daud; Alhumaid, Mohammad; Abdulaziz, Sultan

doi:10.1186/s13673-018-0144-7

Cited by 12 publications

(8 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Tools based on model checking can be used to check equivalence of two functions (models); however, they are constrained by the popular state explosion [37,38] problem. ere is a body of research works in the literature on formal verification of software systems [63][64][65]; however, literature review of hardware verification and simulation tools for checking Boolean functions equivalence is included in this section.…”

Section: Related Workmentioning

confidence: 99%

Formal Verification of Hardware Components in Critical Systems

Khan

Kamran

Naqvi

et al. 2020

Wireless Communications and Mobile Computing

Self Cite

View full text Add to dashboard Cite

Hardware components, such as memory and arithmetic units, are integral part of every computer-controlled system, for example, Unmanned Aerial Vehicles (UAVs). The fundamental requirement of these hardware components is that they must behave as desired; otherwise, the whole system built upon them may fail. To determine whether or not a component is behaving adequately, the desired behaviour of the component is often specified in the Boolean algebra. Boolean algebra is one of the most widely used mathematical tools to analyse hardware components represented at gate level using Boolean functions. To ensure reliable computer-controlled system design, simulation and testing methods are commonly used to detect faults; however, such methods do not ensure absence of faults. In critical systems’ design, such as UAVs, the simulation-based techniques are often augmented with mathematical tools and techniques to prove stronger properties, for example, absence of faults, in the early stages of the system design. In this paper, we define a lightweight mathematical framework in computer-based theorem prover Coq for describing and reasoning about Boolean algebra and hardware components (logic circuits) modelled as Boolean functions. To demonstrate the usefulness of the framework, we (1) define and prove the correctness of principle of duality mechanically using a computer tool and all basic theorems of Boolean algebra, (2) formally define the algebraic manipulation (step-by-step procedure of proving functional equivalence of functions) used in Boolean function simplification, and (3) verify functional correctness and reliability properties of two hardware components. The major advantage of using mechanical theorem provers is that the correctness of all definitions and proofs can be checked mechanically using the type checker and proof checker facilities of the proof assistant Coq.

show abstract

Section: Related Workmentioning

confidence: 99%

Formal Verification of Hardware Components in Critical Systems

Khan

Kamran

Naqvi

et al. 2020

Wireless Communications and Mobile Computing

Self Cite

View full text Add to dashboard Cite

show abstract

“…Interactive proof assistants have been applied in the past to investigate Android systems security. In a recent work by one of the co-authors [24], they formally analyzed the security of Andriod inter-component communication based on intent messages. A formal model, dubbed as Crash-Safe, was defined in Coq and used in formal verification of crash safety property of Android applications.…”

Section: Related Workmentioning

confidence: 99%

“…In a similar work, Betarte et al [27], [28] developed a comprehensive formal specification of the permissions in Coq and verified several security properties. These formal models either do not address security issues related to Android permissions [24] or capture only specific security vulnerabilities in Android permissions systems [25]- [28]. The type checker developed in this paper, on the other hand, enforces best practices, which capture classes of security vulnerabilities.…”

Section: Related Workmentioning

confidence: 99%

Formal Analysis of Language-Based Android Security Using Theorem Proving Approach

et al. 2019

Self Cite

View full text Add to dashboard Cite

Mobile devices are an indispensable part of modern-day lives to support portable computations and context-aware communication. Android applications within a mobile device share data to support application operations and better user experience, which also increases security risks to device's data integrity and confidentiality. To analyze the security provided by the Android permissions, modern security techniques, based on the programming languages, have been used to enforce best practices for developing the secure Android applications. Android security assessment, based on the language-based techniques in an informal setting without formal tool support, is tedious and error-prone. Furthermore, the lack of proof of the soundness of the language-based techniques raises questions about the validity of the analysis. To enable computer-aided formal verification in Android security domain, we have developed a mathematical model of language-based Android security using computer-based proof assistant Coq. One of the main challenges for mechanizing the language-based security in theorem prover relates to the complexity of variable bindings in language-based security techniques. As the main contributions of the paper: 1) the language-based security, including variable binding, is formalized in theorem prover Coq; 2) a formal type checker is built to type check (capture safe data flows within) Android applications using computer; and 3) the soundness of the language-based security technique (type system) is mechanically verified. The formal model of the Android type system and their proof of soundness are machine-readable, and their correctness can be checked in the computer using Coq proof and type checkers.

show abstract

“…Most of the broadcast messages are generated by the system. Intent messages are used by applications to request functions from other services or activities [9,16].…”

Section: Componentmentioning

confidence: 99%

Vulnerability Evaluation Method through Correlation Analysis of Android Applications

Yeom

Won

2019

Sustainability

View full text Add to dashboard Cite

Due to people in companies use mobile devices to access corporate data, attackers targeting corporate data use vulnerabilities in mobile devices. Most vulnerabilities in applications are caused by the carelessness of developers, and confused deputy attacks and data leak attacks using inter-application vulnerabilities are possible. These vulnerabilities are difficult to find through the single-application diagnostic tool that is currently being studied. This paper proposes a process to automate the decompilation of all the applications on a user’s mobile device and a mechanism to find inter-application vulnerabilities. The mechanism generates a list and matrix, detailing the vulnerabilities in the mobile device. The proposed mechanism is validated through an experiment on an actual mobile device with four installed applications, and the results show that the mechanism can accurately capture all application risks as well as inter-application risks. Through this mechanism, users can expect to find the risks in their mobile devices in advance and prevent damage.

show abstract

CrashSafe: a formal model for proving crash-safety of Android applications

Cited by 12 publications

References 23 publications

Formal Verification of Hardware Components in Critical Systems

Formal Verification of Hardware Components in Critical Systems

Formal Analysis of Language-Based Android Security Using Theorem Proving Approach

Vulnerability Evaluation Method through Correlation Analysis of Android Applications

Contact Info

Product

Resources

About