Android Platform Modeling and Android App Verification in the ACL2 Theorem Prover
نویسندگان
چکیده
We present our work in using the ACL2 theorem prover to formally model the Android platform and to formally verify Android apps. Our approach allows the verification of the full functional correctness of apps as well as security properties. It also lets us detect or prove the absence of “functional malware”, malicious app functionality that is triggered by complex conditions on state and that causes the app to calculate the wrong results or otherwise behave incorrectly. Our formal Android model is an executable simulator of a growing subset of the Android platform, and app proofs are done by automated symbolic execution of the app’s event handlers using the formal model. By induction, we prove that an app satisfies an invariant, including the correctness properties of interest, for all possible sequences of events.
منابع مشابه
An Android Application for Estimating Muscle Onset Latency using Surface EMG Signal
Background: Electromyography (EMG) signal processing and Muscle Onset Latency (MOL) are widely used in rehabilitation sciences and nerve conduction studies. The majority of existing software packages provided for estimating MOL via analyzing EMG signal are computerized, desktop based and not portable; therefore, experiments and signal analyzes using them should be completed locally. Moreover, a...
متن کاملA Parallelized Theorem Prover for a Logic with Parallel Execution
In order to take best advantage of modern multi-core systems, interactive theorem provers need to parallelize execution effectively. We describe our modification to a particular theorem prover, ACL2, to use parallel execution automatically in its proof process. Since the ACL2 prover is written primarily in the ACL2 programming language, our approach to parallelization takes advantage of ACL2 la...
متن کاملCOVERT: Compositional Analysis of Android Inter-App Vulnerabilities
Android is the most popular platform for mobile devices. It facilitates sharing of data and services among applications using a rich inter-app communication system. While access to resources can be controlled by the Android permission system, enforcing permissions is not sufficient to prevent security violations, as permissions may be mismanaged, intentionally or unintentionally. Android’s enfo...
متن کاملDEMO: Enabling Trusted Stores for Android
In the Android ecosystem, the process of verifying the integrity of downloaded apps is left to the user. Different from other systems, e.g., Apple App Store, Google does not provide any certified vetting process for the Android apps. This choice has a lot of advantages but it is also the open door to possible attacks as the recent one shown by Bluebox [4]. To address this issue, this demo prese...
متن کاملFormal Verification of Floating-Point RTL at AMD Using the ACL2 Theorem Prover
We describe a methodology for the formal verification of the correctness, including IEEE-compliance, of register-transfer level models of floating-point hardware designs, and its application to the floating-point units of a series of commercial microprocessors produced by Advanced Micro Devices, Inc. The methodology is based on a mechanical translator from a synthesizable subset of the Verilog ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2015