Implementation Using Formal Method
As mobile phones are becoming a main approachfor people to use to access internet, security is a major concernwhen people are using their mobile phones. Different from theweb browser which has mature isolation mechanisms to protectusers’ information such as cookies and credentials, Androidapp developers have to implement the isolation mechanism suchas the Single Origin Policy (SOP) ,  themselves. Duringthe implementation process, it is highly likely that there isvulnerability in the implementation. Therefore, it is necessaryto perform analysis to the implementation before it is releasedto market. As part of an ongoing Ph.D. research project, thisdissertation inspects two scenarios. The first scenario is an appwhich provides Single Sign-on (SSO) service using FacebookSDK. The author builds formal models from the capturednetwork traffic of the app and uses a verifier Proverif to checkagainst the defined properties of the formal models. After theanalysis, one vulnerability is discovered which violates SOP. Asfor the second scenario, it is an initial analysis of informationflow leak in Android apps. CodeShoppy
This section is about the formal analysis of SSO implemen-tation on Android. It first introduces background of SingleSign-on (SSO) protocol; then a typical SSO process; afterthat is the method used in analyzing SSO implementation onAndroid and finally the outcome of the analysis.A. SSO BackgroundWith the development of information technology, more andmore websites emerge and they have demands to record users’data. User needs to register at these websites before they canuse the services from them. However, the more accounts auser has, the more reluctant the user becomes to register newaccounts as this will increase the cost of managing differentaccounts across different websites. Therefore, the user maytend to use a same password for its different accounts. Never-theless, it will inevitably increase the risk that one passwordbeing compromised endangers its identities on other websites, . The attacker can try to break user’s other accountswith brute-force attack. It even exacerbates this situation whenuser uses simple password.Single Sign-on is an authentication scheme which allowsa user to login to a third party application (service provider,SP) with the identity it registers in an identity provider (IdP).This protocol mainly involves three parties, namely, the user,the SP and the IdP. Although SSO protocol does not solve theproblem of using a same password across different websites,but it simplifies the account creation process or even skips ittotally, which eases the burden when a user uses a new website.
It will also ease the cost of managing different accounts froma use’s perspective.As SSO becomes more and more popular, the securityof SSO is one of the concerns that recent researches focuson , , . However, most prior studies only focuson SSO on desktop or web-based browser environment andfew of them have inspected the security of the concrete SSOimplementation in mobile platforms.Being a different platform other than the desktop or webbrowser, Android OS has its own attack surfaces and as-sumptions. Due to mobile device’s product orientation andthe physical limitation of a hand-held device, it is infeasibleor even impossible to deploy a real-time malware detectionsystem to protect Android from the attacks of virus or trojans. Moreover, unlike the desktop browser, Android doesnot have important security mechanisms like the Same OriginPolicy (SOP) ,  which is a standard on almost all modernbrowsers. This would let Android suffer from the vulnerabilitythat is not easy to exit in browser environment. Moreover, asmentioned above, there might be misunderstandings or hiddenassumptions regarding to the developer documentation of aprotocol which introduces more vulnerabilities to the concreteimplementation in Android apps. Therefore, it is important totake these factors into consideration and to inspect the concreteimplementation of SSO on Android OS in a systematic andrigorous manner.Formal analysis has been proved to be such an powerfulapproach which is systematic and partially automatic approachto analyze the design of a protocol or a system. Recentresearches adopting formal analysis have confirm its ability, , . It can verify properties of protocol design in amathematical and rigorous manner