@InProceedings{2016/Schmerl/AndroidSecurity,
AUTHOR = {Schmerl, Bradley and Gennari, Jeffrey and Sadeghi, Alireza and Bagheri, Hamid and Malek, Sam and C\'{a}mara, Javier and Garlan, David},
TITLE = {Architecture Modeling and Analysis of
Security in Android Systems},
YEAR = {2016},
MONTH = {30 November - 2 December},
BOOKTITLE = {Proceedings of the 10th European Conference on Software Architecture (ECSA 2016)},
VOLUME = {9839},
SERIES = {Lecture Notes in Computer Science},
ADDRESS = {Copenhagen, Denmark},
PUBLISHER = {Springer},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/architecture-modeling-analysis-cr.pdf},
ABSTRACT = {Software architecture modeling is important for analyzing system quality
attributes, particularly security. However, such analyses often assume that the
architecture is completely known in advance. In many modern domains, especially
those that use plugin-based frameworks, it is not possible to have such
a complete model because the software system continuously changes. The Android
mobile operating system is one such framework, where users can install
and uninstall apps at run time. We need ways to model and analyze such architectures
that strike a balance between supporting the dynamism of the underlying
platforms and enabling analysis, particularly throughout a system�s lifetime. In
this paper, we describe a formal architecture style that captures the modifiable
architectures of Android systems, and that supports security analysis as a system
evolves. We illustrate the use of the style with two security analyses: a predicatebased
approach defined over architectural structure that can detect some common
security vulnerabilities, and inter-app permission leakage determined by model
checking. We also show how the evolving architecture of an Android device can
be obtained by analysis of the apps on a device, and provide some performance
evaluation that indicates that the architecture can be amenable for use throughout
the system�s lifetime.},
KEYWORDS = {Acme, Architectural Analysis, Architectural Style, Science of Security} }
|
|