2017 24th Asia-Pacific Software Engineering Conference (APSEC) (2017)
Nanjing, Jiangsu, China
Dec. 4, 2017 to Dec. 8, 2017
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/APSEC.2017.89
With the popularity of Android, a huge number of Android apps appear in different markets. As some apps pose significant security risks, it is important to support runtime monitoring and verification on Android. Existing runtime verification frameworks only focus on verifying the events within a single process, ignoring that Android is a multi-process system where different components communicate frequently, and thus lack the ability to analyze and monitor behaviors across app processes. In this paper, we introduce our new runtime verification framework for Android, capable of performing runtime verification across multiple Android components in different processes. Our approach features an extended regular expression formalism, allowing one to specify complete analyses covering the whole Android system. We illustrate the use of our framework with an Android service characterization study and a monitor for permission (mis) use in apps.
Android (operating system), mobile computing, program verification, security of data, system monitoring
H. Sun, A. North and W. Binder, "Multi-Process Runtime Verification for Android," 2017 24th Asia-Pacific Software Engineering Conference (APSEC), Nanjing, Jiangsu, China, 2018, pp. 701-706.