AndroidCompiler. Layout Motivation Literature Review AndroidCompiler Future Works.

Slides:



Advertisements
Similar presentations
1 Verification by Model Checking. 2 Part 1 : Motivation.
Advertisements

A Survey of Runtime Verification Jonathan Amir 2004.
Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin The 7th OOPSLA Workshop on Domain-Specific Modeling October 21-22, 2007 Toward a Security Domain.
1 Mooly Sagiv and Greta Yorsh School of Computer Science Tel-Aviv University Modern Compiler Design.
Axis2 WSDL- Code Generation. Contents  Scope and Goals of the discussion.  Anticipated runtime behavior.  Proposed Architecture.  Change request for.
ECE 750 Topic 8 Meta-programming languages, systems, and applications Load-time structural reflection in Java – Shigeru Chiba, 2000 May 27, 2004 Shimin.
ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.
H Apr-01 Clark Thomborson Software Security CompSci 725 Handout 28: Report Writing #2 (Sample Titles & Abstracts) Clark Thomborson University of.
Web Applications Development Using Coldbox Platform Eddie Johnston.
The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID David Barrera, H. Güne¸s Kayacık, P.C. van Oorschot,
Model-Driven Design and Administration of Access Control in Enterprise Applications April 2005.
SEERE, Neum 2009 Runtime verification of Java programs using ITL Vladimir Valkanov, Damyan Mitev Plovdiv, Bulgaria.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.
A Type System for Expressive Security Policies David Walker Cornell University.
On the Correctness of Model Transformations Gabor Karsai ISIS/Vanderbilt University.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
Advanced Java Course Exception Handling. Throwables Class Throwable has two subclasses: –Error So bad that you never even think about trying to catch.
1.3 Executing Programs. How is Computer Code Transformed into an Executable? Interpreters Compilers Hybrid systems.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Python Mini-Course University of Oklahoma Department of Psychology Day 1 – Lesson 2 Fundamentals of Programming Languages 4/5/09 Python Mini-Course: Day.
Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.
An Introduction Chapter Chapter 1 Introduction2 Computer Systems  Programmable machines  Hardware + Software (program) HardwareProgram.
ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.
Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Static program checking and verification Slides: Based.
An Introduction to Programming and Object-Oriented Design Using Java By Jaime Niño and Fred Hosch Slides by Darwin Baines and Robert Burton.
Chapter 1 Introduction Dr. Frank Lee. 1.1 Why Study Compiler? To write more efficient code in a high-level language To provide solid foundation in parsing.
Parser-Driven Games Tool programming © Allan C. Milne Abertay University v
 To explain the importance of software configuration management (CM)  To describe key CM activities namely CM planning, change management, version management.
CS378 - Mobile Computing Intents.
Static and Dynamic Analysis at JPL Klaus Havelund.
Configuration Management (CM)
Compiler course 1. Introduction. Outline Scope of the course Disciplines involved in it Abstract view for a compiler Front-end and back-end tasks Modules.
EECS 354 Network Security Reverse Engineering. Introduction Preventing Reverse Engineering Reversing High Level Languages Reversing an ELF Executable.
CS378 - Mobile Computing Intents. Allow us to use applications and components that are part of Android System – start activities – start services – deliver.
May 31, May 31, 2016May 31, 2016May 31, 2016 Azusa, CA Sheldon X. Liang Ph. D. Computer Science at Azusa Pacific University Azusa Pacific University,
Research Topics CSC Parallel Computing & Compilers CSC 3990.
1.  10% Assignments/ class participation  10% Pop Quizzes  05% Attendance  25% Mid Term  50% Final Term 2.
Model Checking and Model-Based Design Bruce H. Krogh Carnegie Mellon University.
1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.
Compressed Abstract Syntax Trees as Mobile Code Christian H. Stork Vivek Haldar University of California, Irvine.
Hong Zhu Dept of Computing and Communication Technologies Oxford Brookes University Oxford, OX33 1HX, UK TOWARDS.
CIS 842: Specification and Verification of Reactive Systems Lecture 1: Course Overview Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The.
1. 2 Preface In the time since the 1986 edition of this book, the world of compiler design has changed significantly 3.
Introduction to Compiling
Chapter 1 Introduction Major Data Structures in Compiler
Application Ontology Manager for Hydra IST Ján Hreňo Martin Sarnovský Peter Kostelník TU Košice.
HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering.
Chapter 12: Computer Programming 1 Computer Programming Chapter 12.
1 Access Control Policies: Modeling and Validation Luigi Logrippo & Mahdi Mankai Université du Québec en Outaouais.
 Programming - the process of creating computer programs.
Protocol Derivation Assistant Matthias Anlauff Kestrel Institute
1 Compiler & its Phases Krishan Kumar Asstt. Prof. (CSE) BPRCE, Gohana.
introductory lecture on java programming
Aspect Security - RaviShekhar Gopalan - Prof. Lieberherr Software Security (CSG379)
What is a compiler? –A program that reads a program written in one language (source language) and translates it into an equivalent program in another language.
CSC 4181 Compiler Construction
1 Asstt. Prof Navjot Kaur Computer Dept PRESENTED BY.
Ch. 31 Software Engineering Principles CSC 3910 Software Engineering Time: 1:30 to 2:20Meeting Days: MWFLocation: Oxendine 1256 Textbook: Fundamentals.
A Framework for Verifying High-Assurance Transformation System (HATS) Fares Fraij December 3, 2003.
Introduction to Programming 1 1 2Introduction to Java.
Open Source Compiler Construction (for the JVM)
More Security and Programming Language Work on SmartPhones
Introduction to Compiler Construction
Project Topic 2: Migration to Java 9
State your reasons or how to keep proofs while optimizing code
Aspect Validation: Connecting Aspects and Formal Methods
Presentation transcript:

AndroidCompiler

Layout Motivation Literature Review AndroidCompiler Future Works

Movtivation Android is becoming increasingly popular now Many applications deal with sensitive data such as contact number, sms messages,...  the security of Android applications is receiving many increasing attentions  we need to find a way to verify Android applications Android application  Android Compiler  target Model (we verify on this model)

Layout Motivation Literature Review AndroidCompiler Future Works

Literature Review Malware-Code Detection for Android  Contextual Policy Enforcement in Android Applications with Permission Event Graphs (2012)  Formal Modeling and Reasoning about the Android Security Framework (2012) Model-Checking for Verifying Android:  Using Monterey Phoenix to Formalize and Verify System Architectures (2012 –NUS )

Contextual Policy Enforcement in Android Applications with Permission Event Graphs focus on detecting malicious behavior that can be characterized by the temporal order in which an application uses APIs and permissions Example:  a malicious audio application: recording audio after the stop- button pressed  a normal audio application: stop recording when user pressed stop-button   2 applications use the same permissions, APIs

Contextual Policy Enforcement in Android Applications with Permission Event Graphs

Pegasus tool:  lines of code  PEG: Permission Event Graph  Event Sequence: a counter example  Rewirting Tool: to include runtime checks cases static analysis does not succeed

Contextual Policy Enforcement in Android Applications with Permission Event Graphs Pegasus tool:  Abstraction Engine: constructing PEGs from Android applications.  Translation Tool : use Soot (A JAVA BYTECODE OPTIMIZATION FRAMEWORK)  Verification Tool: a verification algorithm to check security properties written as Java checkers

Contextual Policy Enforcement in Android Applications with Permission Event Graphs Pegasus tool – Questions?  Write model-checker by themselves : strong enough?  Translation from Java byte code : is exactly enough?  How about illegal access to resources in Code? Could they detect?  Could they deal with dynamic permission-granting?

Formal Modeling and Reasoning about the Android Security Framework (2012) propose a formal model of Android OS allows one to formally state the high-level security goals They believe that their framework can accurately describe most of the security-relevant aspects of the Android OS

Formal Modeling and Reasoning about the Android Security Framework (2012)

Contextual Policy Enforcement in Android Applications with Permission Event Graphs Questions?  Is their model totally correct?   we are trying to implement their model.

Using Monterey Phoenix to Formalize and Verify System Architectures (2012 –NUS ) NUS paper (2012) Monterey Phoenix (MP): an architecture description language  can model system and environment behaviors based on event traces  good to model Android Application A model checker for MP developed based on PAT  Safety property: check if nothing bad happened: deadock- freeness, reaching  Liveness property: check if something good eventually happend

Using Monterey Phoenix to Formalize and Verify System Architectures (2012 –NUS ) Questions?  Apply MP-model-checker for Android verification?  Liveness property MP-model-checker can verify?

Layout Movtivation Literature Review AndroidCompiler Future Works

AndroidCompiler

First goal is to use for Android programming subject at school  Student source-code -> parse: verify some property automatically, get statistic information: how students design for a specific problem, …  Test if the formal model in the paper “Formal Modeling and Reasoning about the Android Security Framework” correct or not

AndroidCompiler Implementation:  Parse AndroidManifest.xml to get configuration information: permission request, declared request, intent-binding, event handler, ….  Parse *.java files to get Abstract Syntax Tree (AST)  Traverse on AST to generate target-language, target-model

Layout Movtivation Literature Review AndroidCompiler Future Works

Add one more Compiler for bytecode -> target- Model try to retrieve as much information from Java /bytecode as possible: dynamic permission-granting, accessing resources illegally in code, … Applying model-checking to verify properties on target-Model  PAT (NUS): already support Monterey Phoenix (MP): easy to model Android application  Altarica (Labri-France): taught at PUF, similar to PAT  Altarica language, Dicky’s logic (extention of CTL), Altarica model-checker

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.