android security secure meta markets
play

Android Security & Secure Meta-Markets Alessandro Armando - PowerPoint PPT Presentation

Dec 05, 2023 •138 likes •393 views

Android Security & Secure Meta-Markets Alessandro Armando (joint work with G. Costa, A. Merlo, and L. Verderame) DIBRIS, U. of Genova & Security and Trust Research Unit, FBK, Trento NeSSoS 2013, Sept. 05, 2013 Alessandro Armando (UNIGE

  1. Android Security & Secure Meta-Markets Alessandro Armando (joint work with G. Costa, A. Merlo, and L. Verderame) DIBRIS, U. of Genova & Security and Trust Research Unit, FBK, Trento NeSSoS 2013, Sept. 05, 2013 Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 1 / 21

  2. Research Threads on Mobile Security at U. of Genova Security Assessment of Android Cross-layer Architecture 1 BYODroid: a Secure Meta-Market for BYOD Policies 2 Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 2 / 21

  3. Security Assessment of Android Cross-layer Architecture Java stack built on top of Linux Kernel Combination of well-known security solutions (sandboxing + Linux DAC) Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 3 / 21

  4. Why bothering? Android security is a hot topic. Yet, most work has been focusing on the Application Framework (permissions exploitation, IPC, privilege escalation,. . . ) little/no work on the Android architecture as a whole. Kernel assumed secure. Android stack and Linux Kernel rely on different security models (namely Android Permissions and Linux DAC). Are they smoothly integrated? Interactions between layers not documented and poorly understood. Android sandboxing leads to non-standard use of Linux Kernel. Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 4 / 21

  5. Android Design Principle Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 5 / 21

  6. Android Design Principle Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 5 / 21

  7. Android Design Principle TRUE? Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 5 / 21

  8. A Fork Bomb Attack Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 6 / 21

  9. A Fork Bomb Attack A. Armando, A. Merlo, M. Migliardi, L. Verderame. Would You Mind Forking This Process? A Denial of Service attack on Android (and Some Countermeasures) . In Proc. of the 27th IFIP International Information Security and Privacy Conference (SEC 2012), Best Paper Award . A. Armando, A. Merlo, M. Migliardi, L. Verderame. Breaking and fixing the Android Launching Flow. In Computers & Security. In press. Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 6 / 21

  10. Forking in Android Application Launch Android Layer: Application StartApplication(Intent) (Binder IPC) System Server startActivityLocked Android Layer: (function call) Activity Manager Application Service New Activity / Framework New Service LAUNCH ACTIVITY/SERVICE Process.start() Zygote process Android Layer: (socket call) Application Runtime Pid Zygote VM fork() (JNI Call) attach fork command Android Layer: Pid Zygote library Libraries fork() (syscall) Zygote Linux Layer Socket listening Activity Thread New Linux Process Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 7 / 21

  11. Exploiting the vulnerability Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 8 / 21

  12. The next step Lesson learned : ASF does not discriminate the identity of the caller of the fork (i.e. malicious application vs. trusted service in the AF). Some questions arise: Is the problem related to the fork syscall only? 1 Are applications able to directly execute Kernel calls? 2 Is it acceptable from a security point of view? 3 and, above all, Are there other cross-layer vulnerabilities? Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 9 / 21

  13. Empirical Assessment of Kernel Call Invocation Relate kernel calls with trusted services in the AF through 1 experimentation ⇒ Monotoring Kernel Module (MKM) Try to reproduce the very same kernel calls from a malicious 2 unprivileged application ⇒ Kernel Call Tester (KCT) Check whether replicated kernel calls have been executed 3 successfully. Automatically analyze logs to search for vulnerabilities and 4 malicious ”flows” of kernel calls. Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 10 / 21

  14. Testing Kernel Calls Malicious behavior Standard behavior KernelCallTester Application Replay Service Application System Server Framework jni(SysCall, … ) receiveMsg jni(SysCall, … ) Application Runtime DVM DVM System Server Libraries KernelCallTester Library sys(Sys_name,par_1, … ,par_n) Linux NetLink socket sendMsg MKM Sys_call_table sys(Sys_name, par_1,..,par_n) Linux Kernel Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 11 / 21

  15. Results The ASF does not discriminate the caller of any direct kernel call. Two new vulnerabilities pave the way to: Denial-of-Service attack that exhausts memory. 1 Privacy Leakage attack of browser data. 2 The new vulnerabilities affect all Android builds. A. Armando, A. Merlo and L. Verderame. An Empirical Evaluation of the Android Security Framework. In Proc. of the 28th IFIP International Information Security and Privacy Conference (SEC 2013). Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 12 / 21

  16. Future Work Further, finer-grained analysis of MKM logs needed to discover other interplay-related vulnerabilities (if any). Extend approach to other cross-layer calls. Leverage profiling technology (e.g. MKM) for run-time monitoring and/or anomaly detection. Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 13 / 21

  17. Research Threads on Mobile Security at U. of Genova Security Assessment of Android Cross-layer Architecture 1 BYODroid: a Secure Meta-Market for BYOD Policies 2 Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 14 / 21

  18. The BYOD Paradigm The Bring Your Own Device paradigm strives to bring usage of personal devices inside organizations. BYOD solutions must allow users to freely personalize devices outside the organization 1 ensure security of corporate data accessed by personal devices. 2 Existing mobile OSes do not support the latter. Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 15 / 21

  19. Android, Security and Users App market Android applications come up with a manifest file, containing required permissions. Manifests and Apps Manifest of A X Users must accept at install time all - Internet the required permissions. - Access SD card Do users understand both the meaning and the impact of such permissions on their Manifest of A Y security/privacy? Personal Device Device owner A 1 , A 2 , , A N - Access SD card Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 16 / 21

  20. BYODroid: a Secure Meta-Market for BYOD App market Corporation Manifests and Apps Require A Y BYOD Policy Approve/reject installation Secure Meta-market Personal Device BYODroid allows for A 1 , A 2 , , A N definition and enforcement of security policies spanning all the applications installed on the device. BYODroid supports retrieval and automatic security analysis of applications from different, possibly untrusted, sources, while ensuring that the installed applications collectively comply with a global security policy. This is achieved by a fruitful combination of static analysis, model checking, and code instrumentation. Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 17 / 21

  21. Anatomy of BYODroid Model Extraction (Androguard) Policy Compliance Verification (SPIN) Policy Customization and Storage (Partial Model Checking) Application Instrumentation and Monitoring (Redexer) Alessandro Armando (UNIGE & FBK) Android Security & Secure Meta-Markets NeSSoS 2013, Sept. 05, 2013 18 / 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Secure Programming Laboratory 5: Android Security SP Demonstrators: Arthur Chan / David Aspinall

Secure Programming Laboratory 5: Android Security SP Demonstrators: Arthur Chan / David Aspinall

Secure Programming Laboratory 5: Android Security SP Demonstrators: Arthur Chan / David Aspinall 27th March 2019 Orientation This is the final Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

113 views • 8 slides
Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig Trusted Systems Research National Security Agency Motivation Android security relies on Linux DAC. To protect the system from apps. To

480 views • 21 slides
Secure Communication in Client-Server Android Apps With a bias towards mobile banking

Secure Communication in Client-Server Android Apps With a bias towards mobile banking

Secure Communication in Client-Server Android Apps With a bias towards mobile banking applications. AFRICA HACKON CONFERENCE, 2016. Convergent Security. whoami Masters Candidate Ethical Hacker Web Developer Jazz fan

599 views • 20 slides
Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware

Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware

Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware Work up to Android OS Climb into the Play Store Discuss Application (APK) Connor Tumbleson Senior Software Engineer @Sourcetoad

672 views • 56 slides
HOOKER A solution to analyze Android markets Dimitri Kirchner @Tibapbedoum Georges Bossert

HOOKER A solution to analyze Android markets Dimitri Kirchner @Tibapbedoum Georges Bossert

HOOKER A solution to analyze Android markets Dimitri Kirchner @Tibapbedoum Georges Bossert @Lapeluche AMOSSYS PhD candidate AMOSSYS / Supelec IT security engineer AMOSSYS Protocole Reverse Engineering Android Hooker: a solution to

1.26k views • 97 slides
Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and

Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and

Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and Jan-Christoph K uster Background, what Android is Developed by Android Inc. (acquired by Google in 2005) Open Handset Alliance (founded in 2007)

161 views • 15 slides
Linking Security with Economics Re-Empower Citizens & Companies to Secure Economic Growth

Linking Security with Economics Re-Empower Citizens & Companies to Secure Economic Growth

Linking Security with Economics Re-Empower Citizens & Companies to Secure Economic Growth Stephan J. Engberg Priway For markets to create value over time Demand has to control the critical resource ! Price Competitors Cost Value

285 views • 17 slides
Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication:

Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication:

SSL 1 Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication: basic, digest often supplemented by cookies access control via network addresses multi-layered: SHTTP (secure HTTP) = just

713 views • 32 slides
Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security Evaluation with Comparative Analysis Robbie MacGregor 5 th Who Are You?! Adventures in Authentication (WAY), Santa Clara, CA, USA, 2019. I did a thing so

132 views • 10 slides
AndRadar: Fast Discovery of Android Applications in Alternative Markets

AndRadar: Fast Discovery of Android Applications in Alternative Markets

AndRadar: Fast Discovery of Android Applications in Alternative Markets Martina Lindorfer, Stamatis Volanis, Alessandro Sisto Matthias Neugschwandtner, Elias Athanasopoulos, Federico Maggi Christian Platzer, Sotiris

735 views • 41 slides
CORPORATE SECURITY IMPROVED SECURITY FOR THE MID-MARKET 1 SYNERGIES ACROSS SEGMENTS Privacy

CORPORATE SECURITY IMPROVED SECURITY FOR THE MID-MARKET 1 SYNERGIES ACROSS SEGMENTS Privacy

Jens Thonke, EVP, Cyber Security Services Jyrki Rosenberg, EVP, Corporate Cyber Security CORPORATE SECURITY IMPROVED SECURITY FOR THE MID-MARKET 1 SYNERGIES ACROSS SEGMENTS Privacy Family Connected home 2 F-Secure Capital Markets Day 2017

736 views • 19 slides
ERICA A cloud orchestration meta-framework for secure health data analytics Tim Churches SW

ERICA A cloud orchestration meta-framework for secure health data analytics Tim Churches SW

ERICA A cloud orchestration meta-framework for secure health data analytics Tim Churches SW Sydney Clinical School & Centre for Big Data Research in Health UNSW Medicine Why we need secure platforms for health data analysis Overcoming

574 views • 31 slides
Analyzing Sophisticated Android Malware with CodeInspect Siegfried Rasthofer SECURE SOFTWARE

Analyzing Sophisticated Android Malware with CodeInspect Siegfried Rasthofer SECURE SOFTWARE

Analyzing Sophisticated Android Malware with CodeInspect Siegfried Rasthofer SECURE SOFTWARE ENGINEERING GROUP #whoami 3rd year PhD-Student at Secure Software Engineering Group Darmstadt, Germany (Prof. Dr. Eric Bodden)

603 views • 19 slides
Security Enhancements (SE) for Android Stephen Smalley Trusted Systems Research Natjonal

Security Enhancements (SE) for Android Stephen Smalley Trusted Systems Research Natjonal

Security Enhancements (SE) for Android Stephen Smalley Trusted Systems Research Natjonal Security Agency CLASSIFICATION HEADER Agenda Motjvatjon/Background Current State Using SELinux in Android What's Next for SELinux in

762 views • 72 slides
Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction

Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction

Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction Cunsheng Cunsheng Ding Ding HKUST, Hong Kong, CHI NA HKUST, Hong Kong, CHI NA Secure Elect ronic Transact ions An applicat ion-layer secur it y

483 views • 24 slides
Competition Authority About Platform Markets Esra KKKZ Competition Expert at TCA

Competition Authority About Platform Markets Esra KKKZ Competition Expert at TCA

Important Cases of Turkish Competition Authority About Platform Markets Esra KKKZ Competition Expert at TCA Google Android (Decision Date: 19.09.2018, Decision Number: 18-33/555-273) Android Open Source Project Open Source Android

417 views • 29 slides
Post-Mortem Memory Analysis of Cold-Booted Android Devices Christian Hilgers Holger Macht

Post-Mortem Memory Analysis of Cold-Booted Android Devices Christian Hilgers Holger Macht

Post-Mortem Memory Analysis of Cold-Booted Android Devices Christian Hilgers Holger Macht Tilo Mller Michael Spreitzenbarth FAU Erlangen-Nuremberg Chair of Computer Science 1 Prof. Felix Freiling IMF 2014 8th International

658 views • 29 slides
Lifecycle Marketing -- Starting at the Zygote Stage Rachel Fishman Feddersen Heather Vessey

Lifecycle Marketing -- Starting at the Zygote Stage Rachel Fishman Feddersen Heather Vessey

Lifecycle Marketing -- Starting at the Zygote Stage Rachel Fishman Feddersen Heather Vessey Director Email Marketing Senior Manager Parenting.com Bonnier Corp Loren McDonald VP Industry Relations Silverpop Thursday, January 21, 2010

698 views • 54 slides
Parameter Estimation Smoothing p(x 1 = h , x 2 = o , x 3 = r , x 4 = s , x 5 = e , x 6 = s , )

Parameter Estimation Smoothing p(x 1 = h , x 2 = o , x 3 = r , x 4 = s , x 5 = e , x 6 = s , )

Parameter Estimation Smoothing p(x 1 = h , x 2 = o , x 3 = r , x 4 = s , x 5 = e , x 6 = s , ) p( h | BOS, BOS) trigram models 4470/52108 parameters * p( o | BOS, h ) 395/ 4470 * p( r | h , o ) values of 1417/14765 those * p( s

304 views • 3 slides
Intro to Multithreading Ryan Eberhardt and Armin Namavari May 5, 2020 Class logistics Fill out

Intro to Multithreading Ryan Eberhardt and Armin Namavari May 5, 2020 Class logistics Fill out

Intro to Multithreading Ryan Eberhardt and Armin Namavari May 5, 2020 Class logistics Fill out weekly survey by Wednesday night First project (mini GDB) is out Youll be free to work with a partner! Well have some way for you

699 views • 36 slides
A (quick) retrospect COMPSCI210 Recitation 22th Apr 2013 Vamsi Thummala Latency Comparison L1

A (quick) retrospect COMPSCI210 Recitation 22th Apr 2013 Vamsi Thummala Latency Comparison L1

A (quick) retrospect COMPSCI210 Recitation 22th Apr 2013 Vamsi Thummala Latency Comparison L1 cache reference 0.5 ns Branch mispredict 5 ns L2 cache reference

553 views • 19 slides
CSE484/CSE584 MOBILE PLATFORM SECURITY Dr. Benjamin Livshits Two Main Attack Vectors Web

CSE484/CSE584 MOBILE PLATFORM SECURITY Dr. Benjamin Livshits Two Main Attack Vectors Web

CSE484/CSE584 MOBILE PLATFORM SECURITY Dr. Benjamin Livshits Two Main Attack Vectors Web browser Installed apps Both types of threats increasing in prevalence and sophistication source:

861 views • 31 slides
CS 403X Mobile and Ubiquitous Computing Lecture 6: Android Activity Lifecycle Emmanuel Agu

CS 403X Mobile and Ubiquitous Computing Lecture 6: Android Activity Lifecycle Emmanuel Agu

CS 403X Mobile and Ubiquitous Computing Lecture 6: Android Activity Lifecycle Emmanuel Agu Androids Process Model Androids Process Model When user launches an app, Android forks a copy of a process called zygote that receives Copy of

646 views • 40 slides
AP BIOLOGY Investigation #7 Cell Division: Mitosis and Meiosis Summer 2014 www.njctl.org Slide

AP BIOLOGY Investigation #7 Cell Division: Mitosis and Meiosis Summer 2014 www.njctl.org Slide

Slide 1 / 35 New Jersey Center for Teaching and Learning Progressive Science Initiative This material is made freely available at www.njctl.org and is intended for the non-commercial use of students and teachers. These materials may not be

298 views • 12 slides

More recommend