Towards Unified Authorization for Android

May, Michael J.; Bhargavan, Karthikeyan

doi:10.1007/978-3-642-36563-8_4

Cited by 4 publications

(1 citation statement)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, an exhaustive formal comparison between both JME-MIDP and Android security models is proposed as further work. We have begun developing a formal specification of the Android security model in Coq, considering [82,87,88,89,90,91,92], which focuses on the analysis of the permission system in general, and in the scheme of permission re-delegation, in particular [93].…”

Section: Summary and Future Workmentioning

confidence: 99%

Formal Analysis of Security Models for Mobile Devices, Virtualization Platforms, and Domain Name Systems

Betarte

Luna

2015

CLEIej

View full text Add to dashboard Cite

In this work we investigate the security of security-critical applications, i.e. applications in which a failure may produce consequences that are unacceptable. We consider three areas: mobile devices, virtualization platforms, and domain name systems.The Java Micro Edition platform defines the Mobile Information Device Profile (MIDP) to facilitate the development of applications for mobile devices, like cell phones and PDAs. We first study and compare formally several variants of the security model specified by MIDP to access sensitive resources of a mobile device.Hypervisors allow multiple guest operating systems to run on shared hardware, and offer a compelling means of improving the security and the flexibility of software systems. In this work we present a formalization of an idealized model of a hypervisor. We establish (formally) that the hypervisor ensures strong isolation properties between the different operating systems, and guarantees that requests from guest operating systems are eventually attended. We show also that virtualized platforms are transparent, i.e. a guest operating system cannot distinguish whether it executes alone or together with other guest operating systems on the platform.The Domain Name System Security Extensions (DNSSEC) is a suite of specifications that provides origin authentication and integrity assurance services for DNS data. We finally introduce a minimalistic specification of a DNSSEC model which provides the grounds needed to formally state and verify security properties concerning the chain of trust of the DNSSEC tree.We develop all our formalizations in the Calculus of Inductive Constructions —formal language that combines a higher-order logic and a richly-typed functional programming language— using the Coq proof assistant.

show abstract

Section: Summary and Future Workmentioning

confidence: 99%

Formal Analysis of Security Models for Mobile Devices, Virtualization Platforms, and Domain Name Systems

Betarte

Luna

2015

CLEIej

View full text Add to dashboard Cite

show abstract

Secure Storage on Android with Context-Aware Access Control

Boukayoua

Lapon

Decker

et al. 2014

Advanced Information Systems Engineering

View full text Add to dashboard Cite

Android devices are increasingly used in corporate settings. Although openness and cost-effectiveness are key factors to opt for the platform, its level of data protection is often inadequate for corporate use. This paper presents a strategy for secure credential and data storage in Android. It is supplemented by a context-aware mechanism that restricts data availability according to predefined policies. Our approach protects stored data better than iOS in case of device theft. Contrary to other Android-based solutions, we do not depend on device brand, hardware specs, price range or platform version. No modifications to the operating system are required. The proposed concepts are validated by a contextaware file management prototype.

show abstract