SEAndroid is deployed on almost all modern Android devices to enforce mandatory access control. The Android Open Source Project regularly publishes a predefined SEAndroid policy that each vendor customises for its devices. These customisations and policy updates may cause security regressions: even small misconfigurations may introduce new information flows leading to exploitable vulnerabilities. We propose a differential verification framework that determines whether security-relevant changes between two SEAndroid configurations affect information-flow properties as intended. Our verification framework is based on the novel comparative modal logic CML interpreted over pairs of Kripke structures. We formalise SEAndroid policies within this logic and define a suitable model-checking algorithm for differential reasoning. We implement our framework in the tool Mordente, and evaluate it on real-world SEAndroid policies.
Differential Verification of Information Flow in SEAndroid Policies / Ceragioli, Lorenzo; Galletta, Letterio; Lunati, Edoardo. - (In corso di stampa).
Differential Verification of Information Flow in SEAndroid Policies
Lorenzo Ceragioli;Letterio Galletta;Edoardo Lunati
In corso di stampa
Abstract
SEAndroid is deployed on almost all modern Android devices to enforce mandatory access control. The Android Open Source Project regularly publishes a predefined SEAndroid policy that each vendor customises for its devices. These customisations and policy updates may cause security regressions: even small misconfigurations may introduce new information flows leading to exploitable vulnerabilities. We propose a differential verification framework that determines whether security-relevant changes between two SEAndroid configurations affect information-flow properties as intended. Our verification framework is based on the novel comparative modal logic CML interpreted over pairs of Kripke structures. We formalise SEAndroid policies within this logic and define a suitable model-checking algorithm for differential reasoning. We implement our framework in the tool Mordente, and evaluate it on real-world SEAndroid policies.| File | Dimensione | Formato | |
|---|---|---|---|
|
Comparing_SEAndroid_Policies-6.pdf
accesso aperto
Tipologia:
Documento in Pre-print
Licenza:
Non specificato
Dimensione
809.16 kB
Formato
Adobe PDF
|
809.16 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
