5 research outputs found
An Automatically Verified Prototype of the Tokeneer ID Station Specification
The Tokeneer project was an initiative set forth by the National Security
Agency (NSA, USA) to be used as a demonstration that developing highly secure
systems can be made by applying rigorous methods in a cost effective manner.
Altran Praxis (UK) was selected by NSA to carry out the development of the
Tokeneer ID Station. The company wrote a Z specification later implemented in
the SPARK Ada programming language, which was verified using the SPARK Examiner
toolset. In this paper, we show that the Z specification can be easily and
naturally encoded in the {log} set constraint language, thus generating a
functional prototype. Furthermore, we show that {log}'s automated proving
capabilities can discharge all the proof obligations concerning state
invariants as well as important security properties. As a consequence, the
prototype can be regarded as correct with respect to the verified properties.
This provides empirical evidence that Z users can use {log} to generate correct
prototypes from their Z specifications. In turn, these prototypes enable or
simplify some verificatio activities discussed in the paper
Declarative Programming with Intensional Sets in Java Using JSetL
Intensional sets are sets given by a property rather than by enumerating
their elements. In previous work, we have proposed a decision procedure for a
first-order logic language which provides Restricted Intensional Sets (RIS),
i.e., a sub-class of intensional sets that are guaranteed to denote
finite---though unbounded---sets. In this paper we show how RIS can be
exploited as a convenient programming tool also in a conventional setting,
namely, the imperative O-O language Java. We do this by considering a Java
library, called JSetL, that integrates the notions of logical variable, (set)
unification and constraints that are typical of constraint logic programming
languages into the Java language. We show how JSetL is naturally extended to
accommodate for RIS and RIS constraints, and how this extension can be
exploited, on the one hand, to support a more declarative style of programming
and, on the other hand, to effectively enhance the expressive power of the
constraint language provided by the library
Hacia un prototipo certificado del sistema de permisos de Android 10
Android es un sistema operativo para dispositivos celulares que actualmente, acapara más del 85% del mercado. Permite a sus usuarios realizar múltiples tareas a través del uso de apps. Sin embargo, el fácil uso de las mismas y de la plataforma en general, se ve contrarrestado por una escalada en los riesgos en cuanto a confidencialidad de los datos y a la falta de garantÃas a la hora de proteger información delicada. Por este motivo, el sistema encargado de arbitrar los accesos a la información del usuario se convierte en un objetivo principal para la verificación de software usando métodos formales.
En este trabajo, extendemos una formalización existente del sistema de permisos de Android 6, incorporando nuevas funcionalidades y demostrando nuevas propiedades para las versiones 7, 8, 9 y 10 de la plataforma. El resultado es un framework sobre el cual es posible razonar, de manera formal, sobre propiedades de safety y security de Android 10
A formal approach for the verification of the permission-based security model of Android
This article reports on our experiences in applying formal methods to verify the security mechanisms of Android. We have developed a comprehensive formal specification of Android's permission model, which has been used to state and prove properties that establish expected behavior of the procedures that enforce the defined access control policy. We are also interested in providing guarantees concerning actual implementations of the mechanisms. Therefore we are following a verification approach that combines the use of idealized models, on which fundamental properties are formally verified, with testing of actual implementations using lightweight model-based techniques. We describe the formalized model, present security properties that have been proved using the Coq proof assistant and propose the use of a certified algorithm for performing verification activities such as monitoring of actual implementations of the platform and also as a testing oracle