Tools‎ > ‎

COVERT

Welcome to  COVERT homepage. COVERT is a tool for compositional verification of Android inter-application vulnerabilities. It automatically identifies vulnerabilities that occur due to the interaction of apps comprising a system. Subsequently, it determines whether it is safe for a bundle of apps, requiring certain permissions and potentially interacting with each other, to be installed together. 

Architecture

COVERT tool is implemented in two layers: the back-end that performs analysis on the apps to find potential vulnerabilities, and the front-end that provides an interactive environment intended for use by the end users. 
 
COVERT Architecute


Back-end Tool (COVERT Engine)

The core components of COVERT tool that analyze the apps to detect security vulnerability issues are implemented in the back-end layer. As depicted in Figure above, this layer consists of two modules: Model Extractor that leverages static analysis techniques to automatically extract an abstract formal model of Android apps, and Formal Analyzer that is intended to use lightweight formal analysis techniques to find vulnerabilities in the extracted app models.

This part is described in COVERT's technical report and web page.

Front-end Tools


In order to facilitate the end-user interactions with COVERT back-end engine, we implemented client applications for different platforms: Desktop Application, which is a stand- alone tool that calls back-end components and visualizes the generated results. Mobile and Web-based applications that work together to analyze the installed apps in a mobile device and show the vulnerability report on web browsers. 

Demo

This video demonstrates the main features of COVERT tool.

COVERT Demo


Download and Installation

COVERT Back-end as well as the desktop Front-end tool for Windows and Mac are available here for download.The user manual is also downloadable from this link

 

Publications

Alireza Sadeghi, Hamid Bagheri, and Sam Malek. "Analysis of Android Inter-App Security Vulnerabilities Using COVERT." In proceedings of the 37th International Conference on Software Engineering (ICSE 2015), Demonstrations track, Florence, Italy, May 2015. [bib]