RV-Android: Efficient Parametric Android Runtime Verification, a Brief Tutorial

RV-Android is a new freely available open source runtime library for monitoring formal safety properties on Android. RV-Android uses the commercial RV-Monitor technology as its core monitoring library generation technology, allowing for the verification of safety properties during execution and operating entirely in userspace with no kernel or operating system modifications required. RV-Android improves on previous Android monitoring work by replacing the JavaMOP framework with RV-Monitor, a more advanced monitoring library generation tool with core algorithmic improvements that greatly improve resource consumption, efficiency, and battery life considerations. We demonstrate the developer usage of RV-Android with the standard Android build process, using instrumentation mechanisms effective on both Android binaries and source code. Our method allows for both property development and advanced application testing through runtime verification. We showcase the user frontend of RV-Monitor, which is available for public demo use and requires no knowledge of RV concepts. We explore the extra expressiveness the MOP paradigm provides over simply writing properties as aspects through two sample security properties, and show an example of a real security violation mitigated by RV-Android on-device. Lastly, we propose RV as an extension to the next-generation Android permissions system debuting in Android M.

[1]  Yi Zhang,et al.  RV-Monitor: Efficient Parametric Runtime Verification with Simultaneous Properties , 2014, RV.

[2]  Patrick D. McDaniel,et al.  Understanding Android Security , 2009, IEEE Security & Privacy Magazine.

[3]  Yuval Elovici,et al.  Google Android: A Comprehensive Security Assessment , 2010, IEEE Security & Privacy.

[4]  Jan-Christoph Küster,et al.  Runtime Verification Meets Android Security , 2012, NASA Formal Methods.

[5]  Ondrej Lhoták,et al.  Collaborative Runtime Verification with Tracematches , 2010, J. Log. Comput..

[6]  Yliès Falcone,et al.  Weave droid: aspect-oriented programming on Android devices: fully embedded or in the cloud , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[7]  Porfirio Tramontana,et al.  Using GUI ripping for automated testing of Android applications , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[8]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[9]  Jacques Klein,et al.  Highly precise taint analysis for Android applications , 2013 .

[10]  Yliès Falcone,et al.  Runtime Verification and Enforcement for Android Applications with RV-Droid , 2012, RV.

[11]  Steve Vestal,et al.  Domain-Specific Software Architectures for Guidance, Navigation and Control , 1996, Int. J. Softw. Eng. Knowl. Eng..