Security-by-contract is a paradigm proposed for the secure installation, usage, and monitoring of apps into mobile devices, with the aim of establishing, controlling, and, if necessary, enforcing security-critical behaviors. In this paper, we extend this paradigm with new functionalities allowing for a quantitative estimation of such behaviors, in order to reveal in real time the more and more challenging subtleties of new-generation malware and repackaged apps. The novel paradigm is based on formal means and techniques ranging from statistical analysis to probabilistic model checking. The framework, deployed in the Android environment, is evaluated by examining both its effectiveness with respect to a benchmark of real-world malware and its effect on the execution of genuine, secure apps.

合同安全性是为将应用程序安全安装，使用和监视到移动设备中而提出的范例，目的是建立，控制并在必要时强制执行安全关键行为。在本文中，我们使用新功能扩展了该范式，允许对此类行为进行定量估计，以便实时揭示新一代恶意软件和重新打包的应用程序越来越具有挑战性的细微差别。新范式基于从统计分析到概率模型检查的形式化手段和技术。通过检查该框架相对于实际恶意软件基准的有效性以及其对执行真正安全应用程序的影响，来评估在Android环境中部署的框架。