View article

Since the source code of Android was released to the public, people have concerned about the security of the Android system. Whereas the insecurity of a system can be easily exaggerated even with few minor vulnerabilities, the security is not easily demonstrated. Formal methods have been favorably applied for the purpose of ensuring security in different contexts to attest whether the system meets the security goals or not by relying on mathematical proofs. In order to commence the security analysis of Android, we specify the permission mechanism for the system. We represent the system in terms of a state machine, elucidate the security needs, and show that the specified system is secure over the specified states and transitions. We expect that this work will provide the basis for assuring the security of the Android system. The specification and verification were carried out using the Coq proof assistant.