Abstract
The tremendous success of the mobile application paradigm is due to the ease with which new applications are uploaded by developers, distributed through the application markets (e.g. Google Play), and finally installed by the users. Yet, the very same model is causing serious security concerns, since users have no or little means to ascertain the trustworthiness of the applications they install on their devices. To protect their customers, Poste Italiane has defined the Mobile Application Verification Cluster (MAVERIC), a process for the systematic security analysis of third-party mobile apps that leverage the online services provided by the company (e.g. home banking, parcel tracking). We present SAM, a toolkit that supports this process by automating a number of operations including reverse engineering, privilege analysis, and automatic verification of security properties. We introduce the functionalities of SAM through a demonstration of the platform applied to real Android applications.
Chapter PDF
Similar content being viewed by others
References
Aktug, I., Naliuka, K.: ConSpec – A formal language for policy specification. Science of Computer Programming 74(1-2), 2–12 (2008) Special Issue on Security and Trust
Armando, A., Costa, G., Merlo, A., Verderame, L.: Enabling BYOD Through Secure Meta-market. In: Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless & Mobile Networks, WiSec 2014, pp. 219–230. ACM, New York (2014)
Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-Aware Malware Detection. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, SP 2005, pp. 32–46. IEEE Computer Society, Washington, DC (2005)
Clarke, E.M., Emerson, E.A., Sistla, A.P.: Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Trans. Program. Lang. Syst. 8(2), 244–263 (1986)
Denning, P.J.: Fault tolerant operating systems. ACM Comput. Surv. 8(4), 359–389 (1976)
Idika, M.: A Survey of Malware Detection Techniques. Technical report, Purdue University (February 2007)
McGraw, G.: Automated Code Review Tools for Security. Computer 41(12), 108–111 (2008)
McGraw, G., Morrisett, G.: Attacking malicious code: A report to the infosec research council. IEEE Softw. 17(5), 33–41 (2000)
Quirolgico, S., Voas, J., Kuhn, R.: Vetting Mobile Apps. IT Professional 13(4), 9–11 (2011)
Sekar, R., Gupta, A., Frullo, J., Shanbhag, T., Tiwari, A., Yang, H., Zhou, S.: Specification-based Anomaly Detection: A New Approach for Detecting Network Intrusions. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp. 265–274. ACM, New York (2002)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Armando, A. et al. (2015). SAM: The Static Analysis Module of the MAVERIC Mobile App Security Verification Platform. In: Baier, C., Tinelli, C. (eds) Tools and Algorithms for the Construction and Analysis of Systems. TACAS 2015. Lecture Notes in Computer Science(), vol 9035. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-46681-0_19
Download citation
DOI: https://doi.org/10.1007/978-3-662-46681-0_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-46680-3
Online ISBN: 978-3-662-46681-0
eBook Packages: Computer ScienceComputer Science (R0)