More projects by:

Hamid Bagheri
Sam Malek

More projects in categories:

Security
Privacy
Android
Analysis

A Temporal Permission Analysis and Enforcement Framework for Android

Principal Investigators: 
Sam Malek
Hamid Bagheri
Project Dates: 
July 2017
For more information: 
https://www.ics.uci.edu/~seal/projects/terminator/
Research Area(s): 
Security
Privacy
Android
Analysis
Researchers and Staff: 
Alireza Sadeghi
Reyhaneh Jabbarvand
Negar Ghorbani
Project Description: 

Permission-induced attacks, i.e., security breaches enabled by permission misuse, are among the most critical and frequent issues threatening the security of Android devices. By ignoring the temporal aspects of an attack during the analysis and enforcement, the state-of-the-art approaches aimed at protecting the users against such attacks are prone to have low-coverage in detection and high-disruption in prevention of permission-induced attacks. To address the aforementioned shortcomings, we present Terminator, a temporal permission analysis and enforcement framework for Android.

How Terminator Works

Leveraging temporal logic model checking, Terminator's analyzer identifies permission-induced threats with respect to dynamic permission states of the apps. At runtime, Terminator's enforcer selectively leases (i.e., temporarily grants) permissions to apps when the system is in a safe state, and revokes the permissions when the system moves to an unsafe state realizing the identified threats.