Abstract
In this position paper we advocate software model checking as a technique suitable for security analysis of mobile apps. Our recommendation is based on promising results that we achieved on analysing app collusion in the context of the Android operating system. Broadly speaking, app collusion is when, in performing a threat, several apps are working together, i.e., they exchange information which they could not obtain on their own. In this context, we developed the K-Android tool, which provides an encoding of the Android/Smali code semantics within the K framework. K-Android allows for software model checking of Android APK files. Though our experience so far is limited to collusion, we believe the approach to be applicable to further security properties as well as other mobile operating systems.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 19th Workshop on Formal Techniques for Java-like Programs |
| Subtitle of host publication | Barcelona, Spain — June 18 - 23, 2017 |
| Publisher | Association for Computing Machinery (ACM) |
| ISBN (Electronic) | 978-1-4503-5098-3 |
| DOIs | |
| Publication status | Published - 18 Jun 2017 |
| Event | 19th Workshop on Formal Techniques for Java-like Programs - Barcelona, Spain Duration: 18 Jun 2017 → 23 Jun 2017 |
Workshop
| Workshop | 19th Workshop on Formal Techniques for Java-like Programs |
|---|---|
| Country/Territory | Spain |
| City | Barcelona |
| Period | 18/06/17 → 23/06/17 |