Kazuhide Fukushima

A Formal Model to Analyze the Permission Authorization and Enforcement in the Android Framework

This paper proposes a formal model of the Android permission scheme. We describe the scheme specifying entities and relationships, and provide a state-based model which includes the behavior specification of permission authorization and the interactions between application components. We also show how we can logically confirm the security of the specified system. Utilizing a theorem prover, we can verify security with given security requirements based on mechanically checked proofs. The proposed model can be used as a reference model when the scheme is implemented in a different embedded platform, or when we extend the current scheme with additional constraints or elements. We demonstrate the use of the verifiable specification through finding a security vulnerability in the Android system. To our knowledge, this is the first formalization of the permission scheme enforced by the Android framework.

A New (k,n)-Threshold Secret Sharing Scheme and Its Extension

In Shamirs (k,n)-threshold secret sharing scheme (threshold scheme), a heavy computational cost is required to make nshares and recover the secret. As a solution to this problem, several fast threshold schemes have been proposed. This paper proposes a new (k,n)-threshold scheme. For the purpose to realize high performance, the proposed scheme uses just EXCLUSIVE-OR(XOR) operations to make shares and recover the secret. We prove that the proposed scheme is a perfectsecret sharing scheme, every combination of kor more participants can recover the secret, but every group of less than kparticipants cannot obtain any information about the secret. Moreover, we show that the proposed scheme is an idealsecret sharing scheme similar to Shamirs scheme, which is a perfectscheme such that every bit-size of shares equals that of the secret. We also evaluate the efficiency of the scheme, and show that our scheme realizes operations that are much faster than Shamirs. Furthermore, from the aspect of both computational cost and storage usage, we also introduce how to extend the proposed scheme to a new (k,L,n)-threshold rampscheme similar to the existing rampscheme based on Shamirs scheme.

A Small But Non-negligible Flaw in the Android Permission Scheme

This paper presents a flaw in the permission scheme of Android. The Android framework enforces a permission-based security policy where an application can access the other parts of the system only when the application is explicitly permitted. The security of the framework depends to a large extent on the owner of a device since the authorization decisions are mainly made by the user. As a result, the permission scheme imposes much of the administrative burden on the user instead of keeping it simple. Moreover, the framework does not impose enough controls nor support dynamic adjustment in the following respects: No naming rule or constraint is applied for a new permission declaration; once an application acquires a permission, the permission is never revoked during the lifetime of the application, two different permissions can be in use having the same name. These features of the framework can result in a security flaw. We explain how we found the flaw, demonstrate an exploit example, and discuss the solution.

Towards Formal Analysis of the Permission-Based Security Model for Android

Since the source code of Android was released to the public, people have concerned about the security of the Android system. Whereas the insecurity of a system can be easily exaggerated even with few minor vulnerabilities, the security is not easily demonstrated. Formal methods have been favorably applied for the purpose of ensuring security in different contexts to attest whether the system meets the security goals or not by relying on mathematical proofs. In order to commence the security analysis of Android, we specify the permission mechanism for the system. We represent the system in terms of a state machine, elucidate the security needs, and show that the specified system is secure over the specified states and transitions. We expect that this work will provide the basis for assuring the security of the Android system. The specification and verification were carried out using the Coq proof assistant.

Run-Time Enforcement of Information-Flow Properties on Android

Recent years have seen a dramatic increase in the number and importance of mobile devices. The security properties that these devices provide to their applications, however, are inadequate to protect against many undesired behaviors. A broad class of such behaviors is violations of simple information-flow properties. This paper proposes an enforcement system that permits Android applications to be concisely annotated with information-flow policies, which the system enforces at run time. Information-flow constraints are enforced both between applications and between components within applications, aiding developers in implementing least privilege. We model our enforcement system in detail using a process calculus, and use the model to prove noninterference. Our system and model have a number of useful and novel features, including support for Android’s single- and multiple-instance components, floating labels, declassification and endorsement capabilities, and support for legacy applications. We have developed a prototype of our system on Android 4.0.4 and tested it on a Nexus S phone, verifying that it can enforce practically useful policies that can be implemented with minimal modification to off-the-shelf applications.

A Fast (3,n)-Threshold Secret Sharing Scheme Using Exclusive-OR Operations

In Shamirs (k,n)-threshold secret sharing scheme [1], a heavy computational cost is required to make n shares and recover the secret from k shares. As a solution to this problem, several fast threshold schemes have been proposed. However, there is no fast ideal (k,n)-threshold scheme, where k ≥ 3 and n is arbitrary. This paper proposes a new fast (3,n)-threshold scheme by using just EXCLUSIVE-OR(XOR) operations to make shares and recover the secret, which is an ideal secret sharing scheme similar to Shamirs scheme. Furthermore, we evaluate the efficiency of the scheme, and show that it is more efficient than Shamirs in terms of computational cost. Moreover, we suggest a fast (k,n)-threshold scheme can be constructed in a similar way by increasing the sets of random numbers constructing pieces of shares.

On a Fast (k,n)-Threshold Secret Sharing Scheme

In Shamirs (k, n)-threshold secret sharing scheme (threshold scheme) [1], a heavy computational cost is required to make n shares and recover the secret from k shares. As a solution to this problem, several fast threshold schemes have been proposed. However, there is no fast ideal (k, n)-threshold scheme, where k and n are arbitrary. This paper proposes a new fast (k, n)-threshold scheme which uses just EXCLUSIVE-OR(XOR) operations to make n shares and recover the secret from k shares. We prove that every combination of k or more participants can recover the secret, but every group of less than k participants cannot obtain any information about the secret in the proposed scheme. Moreover, the proposed scheme is an ideal secret sharing scheme similar to Shamirs scheme, in which every bit-size of shares equals that of the secret. We also evaluate the efficiency of the scheme, and show that our scheme realizes operations that are much faster than Shamirs.

Obfuscation Mechanism in Conjunction with Tamper-Proof Module

This paper proposes a software obfuscation mechanism in conjunction with a tamper-proof module.The proposed mechanism overcomes the limitation of software-based obfuscation techniques where an obfuscated program contains critical parameters in itself.We divide a program into two parts: an obfuscated program and secret parameters.The obfuscated program is executed on a mobile phone or a computer, and it cannot be solely analyzed.An applet in the tamper-proof module securely stores the secret parameters and assists the execution of the obfuscation program. We implemented the proposed mechanism on a mobile phone and user identify module.The experiment results provide criteria for leveraging our obfuscation mechanism to protect both small-sized and large-sized programs.

A software fingerprinting scheme for java using classfiles obfuscation

Embedding a personal identifier as a watermark to Java classfile is effective in order to protect copyrights of them. Monden et al. [1] proposed watermarking scheme that embeds arbitrary character sequence to the target method in a Java classfiles. But the scheme can be only used to embed the same watermark to each user’s classfiles. Therefore, if we apply this scheme for embedding each user’s personal identifier, the watermarks can be specified by comparing two or more users’ Java classfiles. In this paper solve the problem by using “Classfiles Obfuscation” which is our obfuscation scheme for Java sourcecodes. By the scheme, we distribute all the methods among the all the Java classfiles at random. Evrey user’s Java classfiles will have different structures respectively by appling “Clasfiles Obfuscation”. As the result, to specify watermark by compareing classfiles will be difficult.

Security issues on IT systems during disasters: a survey

Developing emergency and disaster management systems is an important issue in our “computer society”. The primary issue is how to share information about a current disaster and the status of resource allocation for emergency management. System continuity management is another important issue on disaster-related issue. Furthermore, we should consider a solution for constructing a trust network in a disaster situation. In this paper, we focus on security issues that confront IT systems during disasters. The security issues include privacy breach in a disaster situation. We summarize these security and privacy issues in the context of three major areas of operation: information gathering, network access, and system continuity management. Then we provide the results of a survey on techniques for solving these issues.