RV-Android: Efficient Parametric Android Runtime Verification, a Brief Tutorial | SpringerLink
Skip to main content
Springer Nature Link
Log in

RV-Android: Efficient Parametric Android Runtime Verification, a Brief Tutorial

  • Conference paper
  • First Online:
Runtime Verification

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 9333))

  • 1163 Accesses

Abstract

RV-Android is a new freely available open source runtime library for monitoring formal safety properties on Android. RV-Android uses the commercial RV-Monitor technology as its core monitoring library generation technology, allowing for the verification of safety properties during execution and operating entirely in userspace with no kernel or operating system modifications required. RV-Android improves on previous Android monitoring work by replacing the JavaMOP framework with RV-Monitor, a more advanced monitoring library generation tool with core algorithmic improvements that greatly improve resource consumption, efficiency, and battery life considerations. We demonstrate the developer usage of RV-Android with the standard Android build process, using instrumentation mechanisms effective on both Android binaries and source code. Our method allows for both property development and advanced application testing through runtime verification. We showcase the user frontend of RV-Monitor, which is available for public demo use and requires no knowledge of RV concepts. We explore the extra expressiveness the MOP paradigm provides over simply writing properties as aspects through two sample security properties, and show an example of a real security violation mitigated by RV-Android on-device. Lastly, we propose RV as an extension to the next-generation Android permissions system debuting in Android M.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Google Inc.: Android Developers (2014). http://developers.android.com

  2. Falcone, Y., Currea, S., Jaber, M.: Runtime verification and enforcement for Android applications with RV-Droid. In: Qadeer, S., Tasiran, S. (eds.) RV 2012. LNCS, vol. 7687, pp. 88–95. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  3. Bauer, A., Küster, J.-C., Vegliach, G.: Runtime verification meets Android security. In: Goodloe, A.E., Person, S. (eds.) NFM 2012. LNCS, vol. 7226, pp. 174–180. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  4. Falcone, Y., Currea, S.: Weave Droid: aspect-oriented programming on Android devices: fully embedded or in the cloud. In: [23], pp. 350–353

    Google Scholar 

  5. Eclipse: The AspectJ project (2014). http://eclipse.org/aspectj

  6. Luo, Q., Zhang, Y., Lee, C., Jin, D., Meredith, P.O.N., Şerbănuţă, T.F., Roşu, G.: RV-Monitor: efficient parametric runtime verification with simultaneous properties. In: Bonakdarpour, B., Smolka, S.A. (eds.) RV 2014. LNCS, vol. 8734, pp. 285–300. Springer, Heidelberg (2014)

    Google Scholar 

  7. Mulliner, C.: Dynamic binary instrumentation on Android (2012)

    Google Scholar 

  8. Bodden, E.: Instrumenting Android apps with Soot (2014). http://www.bodden.de/2013/01/08/soot-android-instrumentation/

  9. Binns, P., Englehart, M., Jackson, M., Vestal, S.: Domain specific software architectures for guidance, navigation and control. J. Softw. Eng. Knowl. Eng. 6(2), 201–227 (1996)

    Article  Google Scholar 

  10. Enck, W., Ongtang, M., McDaniel, P.: Understanding Android security. IEEE Secur. Priv. 7(1), 50–57 (2009)

    Article  Google Scholar 

  11. Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google Android: a comprehensive security assessment. IEEE Secur. Priv. 8(2), 35–44 (2010)

    Article  Google Scholar 

  12. Google Inc.: Runtime—Android Developers (2015). http://developer.android.com/reference/java/lang/Runtime.html

  13. TrendMicro Security Intelligence Blog: Android ransomware uses tor (2014). http://blog.trendmicro.com/trendlabs-security-intelligence/android-ransomware-uses-tor/

  14. PCWorld: Cybercriminals are using the Tor network to control their botnets. (2013) http://www.pcworld.com/article/2045183/

  15. Google Inc.: Google report Android security 2014 year in review (2014). https://static.googleusercontent.com/media/source.android.com/en/us/devices/tech/security/reports/Google_Android_Security_2014_Report_Final.pdf

  16. BGR: This will be the most important (and possibly most overlooked) new android m feature (2015). http://bgr.com/2015/05/28/android-m-granular-permissions-controls/

  17. Android Police: Android M will never ask users for permission to use the internet, and that’s probably okay (2015) Published on the 06 June 2015 at www.androidpolice.com

  18. Amalfitano, D., Fasolino, A.R., Tramontana, P., Carmine, S.D., Memon, A.M.: Using GUI ripping for automated testing of Android applications. In: [23], pp. 258–261. http://wpage.unina.it/ptramont/GUIRipperWiki.htm

  19. Wontae Choi on Github: Swifthand (2015). https://github.com/wtchoi/swifthand

  20. Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. ACM SIGPLAN Not. 49, 259–269 (2014). ACM

    Article  Google Scholar 

  21. Fritz, C., Arzt, S., Rasthofer, S., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: Highly precise taint analysis for Android applications. EC SPRIDE, TU Darmstadt, Technical report (2013)

    Google Scholar 

  22. Bodden, E., Hendren, L., Lam, P., Lhoták, O., Naeem, N.A.: Collaborative runtime verification with tracematches. In: Sokolsky, O., Taşıran, S. (eds.) RV 2007. LNCS, vol. 4839, pp. 22–37. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  23. Goedicke, M., Menzies, T., Saeki, M. (eds.): IEEE/ACM International Conference on Automated Software Engineering, ASE 2012, Essen, Germany, 3–7 September. ACM (2012)

    Google Scholar 

Download references

Acknowledgements

We would like to thank Patrick Meredith for developing the initial prototype of RV-Monitor applied to Android applications and continued feedback, as well as our partners at ITC and Denso for their continued support in the investigation of Android-related work for the automotive domain. We would also like to thank the miSecurity application team, for providing a basis for the graphical user frontend we describe.

Author information

Authors and Affiliations

  1. Runtime Verification Inc., Urbana, USA

    Philip Daian, Patrick Meredith, Traian Florin Şerbănuţă & Grigore Rosu

  2. Toyota InfoTechnology Center U.S.A., Mountain View, USA

    Shin’ichi Shiriashi

  3. Denso International America Inc., San Jose, USA

    Akihito Iwai

  4. University of Illinois at Urbana-Champaign, Champaign, USA

    Yliès Falcone & Grigore Rosu

Authors
  1. Philip Daian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yliès Falcone
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Patrick Meredith
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Traian Florin Şerbănuţă
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Shin’ichi Shiriashi
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Akihito Iwai
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Grigore Rosu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yliès Falcone .

Editor information

Editors and Affiliations

  1. TU Wien, Vienna, Austria

    Ezio Bartocci

  2. Max Planck Institute for Software Systems, Kaiserslautern, Germany

    Rupak Majumdar

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Daian, P. et al. (2015). RV-Android: Efficient Parametric Android Runtime Verification, a Brief Tutorial. In: Bartocci, E., Majumdar, R. (eds) Runtime Verification. Lecture Notes in Computer Science(), vol 9333. Springer, Cham. https://doi.org/10.1007/978-3-319-23820-3_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-23820-3_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-23819-7

  • Online ISBN: 978-3-319-23820-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation