PHRiMA: A permission-based hybrid risk management framework for android apps

Abstract

Android applications (apps) are ubiquitous, operate in complex environment. Managing their risk at the early stage of software development can effectively reduce potential security flaws, testing and maintenance cost, thus becomes an important challenge in model-based development (MBD). This paper introduces a Permission-based Hybrid Risk Management framework for Android apps (PHRiMA), which is a novel guided framework to perform risk management on Android apps by evaluating the permission-based software design. This framework customizes the standard risk management process of ISO/IEC 27005 :2018 as a hybrid of the semi-formal modeling phase and the formal analysis phase. In the semi-formal phase, a Risk Analysis and Modeling (RAM) package based on UML/MARTE is proposed to construct risk context, which can not only describe the permission-based structures, behaviors (communications) and security policies in the Android apps, but also specify criteria for managing permission-induced risks on Android apps. Semi-formal risk context can generate a RAM-based Z specification (RAMZ) by model transformation in PHRiMA formal phase, including RAMZSystem formal model and RAMZManagement formal algorithm. According to the specified risk criteria, the RAMZManagement algorithm can conduct risk management activities on the RAMZSystem model and obtain a formal model with acceptable risk values. We realized a prototype of PHRiMA : Phrima and demonstrated its effectiveness by applying it in common permission-induced risk scenarios for Android apps.