The Transitivity of Trust Problem in the Interaction of Android Applications

Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data. Application security policies limit the permissions of each installed application. As applications may interact, restricting single applications may create a false sense of security for the end users while data may still leave the mobile phone through other applications. Instead, the information flow needs to be policed for the composite system of applications in a transparent and usable manner. In this paper, we propose to employ static analysis based on the software architecture and focused data flow analysis to scalably detect information flows between components. Specifically, we aim to reveal transitivity of trust problems in multi-component mobile platforms. We demonstrate the feasibility of our approach with Android applications, although the generalization of the analysis to similar composition-based architectures, such as Service-oriented Architecture, can also be explored in the future

Implementing Advanced RBAC Administration Functionality with USE

Role-based access control (RBAC) is a powerful means for laying out and developing higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations still seek a flexible and effective approach to impose role-based authorization constraints in their security-critical applications. In particular, today often only basic RBAC concepts have found their way into commercial RBAC products; specifically, authorization constraints are not widely supported. In this paper, we present an RBAC administration tool that can enforce certain kinds of role-based authorization constraints such as separation of duty constraints. The authorization constraint functionality is based upon the OCL validation tool USE. We also describe our practical experience that we gained on integrating OCL functionality into a prototype of an RBAC administration tool that shall be extended to a product in the future

Integrating UML/OCL Derived Properties into Validation and Verification Processes

Abstract. UML and OCL are rich languages offering a multitude of modeling elements. They provide modelers with simple and effective tools to express and visualize models, but their complex semantics are a great challenge for validation and verification processes, which are often limited by their underlying logic. On the basis of a network topology example model, describing lower physical and logical network levels, we demonstrate applications of derived attributes and associations that help checking network security aspects. This includes finding inconsistencies in an existing network, directing to potential configuration errors and property evaluation, e.g. reachability between components within the network. In addition, a transformation of derived properties into relational logic is presented to enable the use of a modern instance finder for further verification tasks and generation of valid networks configurations

Intersection Monitoring: Situation Detection and Assessment – Chances and Limits

The avoidance or at least a significant decrease of killed and injured people and substantial material damage in traffic is an essential challenge of worldwide politics. Particularly, the protection of the non-motorized traffic participants, especially at intersections or railway crossings, is of greatest importance. In order to achieve this goal, and in the first step, to measure traffic safety as a quality parameter of traffic, road infrastructure and traffic control, several approaches are being investigated to reduce the risk and the number of accidents with critical severity. One of the currently explored methods will be introduced