Safety and security are essential properties required by network and mobile applications. The former is concerned with detection of software faults and recovery from failures, and the latter is mainly about specifying and enforcing security policies. However, how to precisely understand and formally specify essential notations in safety and security disciplines, and how to integrate these properties with functional behaviour of programs, are still open issues. For this sake, in this paper, we propose a formal framework, trying to interpret safety and security notations on a common ontology, and combine security property with functional specification in a unified formalism. Our main contributions are two-folds: first, we formally define the notions of fault, failure and error in the traditional state-based model; and secondly, formally define permission mechanism in Android security system, and represent Hoare triples for security-related actions.

• 出版日期2019-11
• 单位西安科技大学; 山东大学