Visible to the public Practical, Formal Synthesis and Automatic Enforcement of Security Policies for AndroidConflict Detection Enabled

TitlePractical, Formal Synthesis and Automatic Enforcement of Security Policies for Android
Publication TypeConference Proceedings
Year of Publication2016
AuthorsHamid Bagheri, Alireza Sadeghi, Reyhaneh Jabbarvand, Sam Malek
Conference Name2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
Date Published06/2016
PublisherIEEE
Conference LocationToulouse, France
ISBN978-1-4673-8891-7
KeywordsCMU, July'16
Abstract

As the dominant mobile computing platform, Android has become a prime target for cyber-security attacks. Many of these attacks are manifested at the application level, and through the exploitation of vulnerabilities in apps downloaded from the popular app stores. Increasingly, sophisticated attacks exploit the vulnerabilities in multiple installed apps, making it extremely difficult to foresee such attacks, as neither the app developers nor the store operators know a priori which apps will be installed together. This paper presents an approach that allows the end-users to safeguard a given bundle of apps installed on their device from such attacks. The approach, realized in a tool, called SEPAR, combines static analysis with lightweight formal methods to automatically infer security-relevant properties from a bundle of apps. It then uses a constraint solver to synthesize possible security exploits, from which fine-grained security policies are derived and automatically enforced to protect a given device. In our experiments with over 4,000 Android apps, SEPAR has proven to be highly effective at detecting previously unknown vulnerabilities as well as preventing their exploitation.

DOI10.1109/DSN.2016.53
Citation Keynode-30214

Other available formats:

Bagheri_Practical_Formal_Synthesis_DG.pdf
AttachmentTaxonomyKindSize
Bagheri_Practical_Formal_Synthesis_DG.pdfPDF document656.98 KBDownloadPreview
AttachmentSize
bytes