cs412 software security
play

CS412 Software Security Mobile Security Mathias Payer EPFL, Spring - PowerPoint PPT Presentation

Apr 30, 2023 •140 likes •383 views

CS412 Software Security Mobile Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Mobile computing You are tasked in developing a mobile computing system. What features do you need? How do you ensure device

  1. CS412 Software Security Mobile Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security

  2. Mobile computing You are tasked in developing a mobile computing system. What features do you need? How do you ensure device security? How do you protect user data? How do you make money? Mathias Payer CS412 Software Security

  3. Android statistics Over 2 billion active users (0) Android generates $31 billion revenue (2) 4,000+ different devices (1) Android OS with highest crash rate: Gingerbread (3) Percentage of Android devices running Marshmallow: 1.2% (1) Percentage of Android devices running Lollipop: 34.1% (1) (0 Ubergizmo, 5/17/17, 1 DMR stats, 9/29/15, 2 Bloomberg, 1/21/16, 3 Greenbot, 3/27/14) Mathias Payer CS412 Software Security

  4. Android history 2005: Google buys Android 2007: Initial SDK released 2008: First devices announced 2009: Cupcake (1.5, 3), Donut (1.6, 4), Eclair (2.0, 5) 2010: Froyo (2.2, 8), Gingerbread (2.3, 9) 2011: Honeycomb (3.0, 11), Ice Cream Sandwich (4.0.1, 14) 2012: Jelly Been (4.1.1, 16) 2013: KitKat (4.4, 19) 2014: Lollipop (5.0, 21) 2015: Marshmallow (6.0, 23) 2016: Nougat (7.0, 24-25) 2017: Oreo (8.0 - 8.1, 26-27) 2018: Pie (9.0, 28) 2019: Android Q? (10.0, 29) Mathias Payer CS412 Software Security

  5. Android security goals Isolate individual applications Protect system resources from applications Vet applications “online” Protect data of the user (until 5.0 single user) Mathias Payer CS412 Software Security

  6. Android security architecture Applications are carefully vetted server-side and only approved applications can be installed from the “market” Each application runs in a Java-like sandbox, restricted to user-granted permissions Applications leverage well-defined API channels to communicate with other applications The system is hardened against local user (app-based) attacks. Mathias Payer CS412 Software Security

  7. Android app security Each apps runs in its own secure context/sandbox Interactions between apps are restricted through the API Each app has an associated policy, encoding the permissions Apps are signed by the developer, vetted, and installed from a central market Mathias Payer CS412 Software Security

  8. Android system security (1/3) Android leverages the Linux kernel as a foundation. Such an established kernel brings the following advantages: Process isolation User-based permission model (with RBAC extensions) Extensible mechanism for secure IPC Configurable (trim down kernel to limit exposure) Effective resource isolation when accessing hardware Bonus: hardware drivers readily available, well-established development environment Mathias Payer CS412 Software Security

  9. Android system security (2/3) Isolation: Each application runs as its unique user Stringent permissions on file systems Hardened Linux kernel protects applications SELinux to apply access control policies on processes Mathias Payer CS412 Software Security

  10. Android system security (3/3) Trust and safe defaults: Verified boot and file system encryption The root partition with code and system configuration is mounted read-only Crypto API provides secure implementations and key management User-space: stack canaries, integer overflow mitigation, double free protection (through allocator), fortify source, NX, mmap_min_addr , ASLR, PIE, relro, immediate binding Each release: security updates, patches, toolchain updates, tighter security defaults Mathias Payer CS412 Software Security

  11. Android permissions Android leverages a complex permission system on a per-app basis. Android splits permissions into several categories, based on the potential risk to the customer PROTECTION_NORMAL: no risk, allowed by default (if declared) PROTECTION_SIGNATURE: permission granted if app is signed with the same key as app providing the service (this type of permission is for cross-app communication) PROTECTION_DANGEROUS: this permission has potential implications to the user’s privacy, ask for explicit permission through a pop-up Mathias Payer CS412 Software Security

  12. Android default permissions (1/2) ACCESS_LOCATION_EXTRA_COMMANDS ACCESS_NETWORK_STATE ACCESS_NOTIFICATION_POLICY ACCESS_WIFI_STATE BLUETOOTH BLUETOOTH_ADMIN (pairing without user interaction is privileged though) BROADCAST_STICKY CHANGE_NETWORK_STATE CHANGE_WIFI_MULTICAST_STATE CHANGE_WIFI_STATE DISABLE_KEYGUARD EXPAND_STATUS_BAR FOREGROUND_SERVICE GET_PACKAGE_SIZE INSTALL_SHORTCUT INTERNET KILL_BACKGROUND_PROCESSES MANAGE_OWN_CALLS MODIFY_AUDIO_SETTINGS Mathias Payer CS412 Software Security

  13. Android default permissions (2/2) NFC READ_SYNC_SETTINGS READ_SYNC_STATS RECEIVE_BOOT_COMPLETED REORDER_TASKS REQUEST_COMPANION_RUN_IN_BACKGROUND REQUEST_COMPANION_USE_DATA_IN_BACKGROUND REQUEST_DELETE_PACKAGES REQUEST_IGNORE_BATTERY_OPTIMIZATIONS SET_ALARM SET_WALLPAPER SET_WALLPAPER_HINTS TRANSMIT_IR USE_FINGERPRINT VIBRATE WAKE_LOCK WRITE_SYNC_SETTINGS Mathias Payer CS412 Software Security

  14. Android dangerous permissions Calendar: READ_CALENDAR WRITE_CALENDAR Call log: READ_CALL_LOG WRITE_CALL_LOG PROCESS_OUTGOING_CALLS Camera: CAMERA Contacts: READ_CONTACTS WRITE_CONTACTS GET_ACCOUNTS Location: ACCESS_FINE_LOCATION ACCESS_COARSE_LOCATION Microphone: RECORD_AUDIO Phone: READ_PHONE_STATE READ_PHONE_NUMBERS CALL_PHONE ANSWER_PHONE_CALLS ADD_VOICEMAIL USE_SIP Sensors: BODY_SENSORS SMS: SEND_SMS RECEIVE_SMS READ_SMS RECEIVE_WAP_PUSH RECEIVE_MMS Storage: READ_EXTERNAL_STORAGE WRITE_EXTERNAL_STORAGE Mathias Payer CS412 Software Security

  15. Android missing permissions Accessing sensors (temperature, accelerometer, gyroscope, . . . ) do not require permissions. Mathias Payer CS412 Software Security

  16. Android missing permissions Accessing sensors (temperature, accelerometer, gyroscope, . . . ) do not require permissions. Security solution: disable sensors if the app is not in the foreground. Mathias Payer CS412 Software Security

  17. Android intents Google’s idea of mobile IPC An Intent is a simple message object that represents an “intention” to do something. For example, if your application wants to display a web page, it expresses its “Intent” to view the URL by creating an Intent instance and handing it off to the system. The system locates some other piece of code (in this case, the Browser) that knows how to handle that Intent, and runs it. Intents can also be used to broadcast interesting events (such as a notification) system-wide. (From Google’s Android website.) Mathias Payer CS412 Software Security

  18. Android attack vectors: intents Unauthorized intent receipt: attacker creates an intent filter, receives other apps’ intents that contain privileged information (e.g., intent filter for web service intercepts online payment process) Intent spoofing: attacker sends a malicious intent to an intent processor (e.g., flooding the network with malicious messages) Mathias Payer CS412 Software Security

  19. Android attack vectors: intents Unauthorized intent receipt: attacker creates an intent filter, receives other apps’ intents that contain privileged information (e.g., intent filter for web service intercepts online payment process) Intent spoofing: attacker sends a malicious intent to an intent processor (e.g., flooding the network with malicious messages) Ongoing work to defend against such attacks, e.g., by restricting communication among signed or trusted components. Mathias Payer CS412 Software Security

  20. Android attack vectors: communication Insecure internet communication: run Wireshark to intercept traffic Bluetooth, NFC, IR is not restricted: peripherals are not protected against malicious apps, any app may access any paired device. This is an issue of the granularity of the privileges. There’s only one Bluetooth privilege, privileges are per app , not per connected device . Mathias Payer CS412 Software Security

  21. Android attack vectors: privileges Overprivileged app: confused deputy, bugs in application can be leveraged by attacker to gain privileges Mathias Payer CS412 Software Security

  22. Historic Android attack vectors Insecure storage: there were no access restrictions on the SD card (why?), an attacker may read/write any data on the SD card (fixed in Android 5.0) Mathias Payer CS412 Software Security

  23. Android’s central security strategy The central market is a core security strategy Developers must sign apps, making them identifiable, increasing switching cost Apps can be vetted based on developer profiles Apps are verified using static and dynamic checks before making them public Telemetry allows Google to tie malicious apps to companies/developers Mathias Payer CS412 Software Security

  24. Summary and conclusion Android security evolved over time Android systems hardened against exploits Developers sign apps which identifies them (comes with a cost) Applications are vetted centrally and installed from the market Mathias Payer CS412 Software Security

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS412 Software Security Mitigations Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Mitigations Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Mitigations Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Model for Control-Flow Hijack Attacks Figure 1 Mathias Payer CS412 Software Security Widely-adopted defense mechanisms Hundreds of

1.34k views • 57 slides
CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Web (and internet) security: two views Just a long running network service Complex application with multiple layers and components.

577 views • 47 slides
CS412 Software Security Security Policies Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Security Policies Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Security Policies Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Security Policies A policy is a deliberate system of principles to guide decisions and achieve rational outcomes. A policy is a

532 views • 41 slides
CS412 Software Security Basic Principles Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Basic Principles Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Basic Principles Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Software Security Allow intended use of software, prevent unintended use that may cause harm. Mathias Payer CS412 Software

735 views • 36 slides
CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are cost/labor

449 views • 23 slides
CS412 Software Security Advanced Mitigations Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Advanced Mitigations Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Advanced Mitigations Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Model for Control-Flow Hijack Attacks Figure 1: Mathias Payer CS412 Software Security Advanced mitigations Stack integrity

298 views • 26 slides
CS412 Software Security Attack Vectors Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Attack Vectors Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Attack Vectors Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Exploitation: Disclaimer This section introduces software exploitation We will discuss both basic and advanced exploitation

831 views • 48 slides
CS412 Software Security Reverse Engineering Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Reverse Engineering Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Reverse Engineering Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Basics: encodings Code is data is code is data Learn to read hex numbers: 0x38 == 0011'1000 Python: hex(int('00111000', 2))

696 views • 54 slides
CS412 Software Security Software Bugs Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Software Bugs Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Software Bugs Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security From Software Bugs to Attack Primitives Attack primitives are exploit building blocks Software bugs map to attack primitives , i.e.,

512 views • 23 slides
CS412 Software Security Program Testing Fuzzing Mathias Payer EPFL, Spring 2019 Mathias

CS412 Software Security Program Testing Fuzzing Mathias Payer EPFL, Spring 2019 Mathias

CS412 Software Security Program Testing Fuzzing Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Why testing? Testing is the process of executing a program to find errors. An error is a deviation between observed

657 views • 39 slides
CS412 Software Security Program Testing Sanitization Mathias Payer EPFL, Spring 2019

CS412 Software Security Program Testing Sanitization Mathias Payer EPFL, Spring 2019

CS412 Software Security Program Testing Sanitization Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Why testing? Testing is the process of executing a program to find errors. An error is a deviation between

503 views • 28 slides
deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

Software and Web Security deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security vulnerabilities esp in systems accessible via a network part 1 security problems in machine code, compiled from C(++)

1.35k views • 67 slides
Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

1 Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software is the main source of security vulnerabilities esp in systems accessible via a network i t ibl i t k part 1 part 1 security problems

672 views • 65 slides
Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software Engineering Spring 2012 What is the talk NOT about? Cryptography. Database security. Operating Systems security. Network security.

1.37k views • 121 slides
Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ January 25, 2011 Testing for Software Security Issues

444 views • 42 slides
Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust Boundary Attacks Threats Application Attacker Exploit Vulnerability : a software defect with security consequences Threat : a potential danger to

1.54k views • 80 slides
Spell Checking: Edit Distance VSM, session 8 CS6200: Information Retrieval Slides by: Jesse

Spell Checking: Edit Distance VSM, session 8 CS6200: Information Retrieval Slides by: Jesse

Spell Checking: Edit Distance VSM, session 8 CS6200: Information Retrieval Slides by: Jesse Anderton Spell Checking poiner sisters 10-15% of all queries contain spelling brimingham news errors, so spell checking can help a catamarn sailing

258 views • 7 slides
CS371m - Mobile Computing Runtime Permissions Clicker If your app wants to access the users

CS371m - Mobile Computing Runtime Permissions Clicker If your app wants to access the users

CS371m - Mobile Computing Runtime Permissions Clicker If your app wants to access the users contacts when do you request permission to do this? A. Never, its not necessary B. At compile time C. At install time D. At runtime E. It

405 views • 27 slides
Learning Representations for Multi-Dimensional Sentiment Andrew Maas, Peter Pham, Ying Wang Word

Learning Representations for Multi-Dimensional Sentiment Andrew Maas, Peter Pham, Ying Wang Word

Learning Representations for Multi-Dimensional Sentiment Andrew Maas, Peter Pham, Ying Wang Word Vectors Maas et al (ACL 2011) The Experience Project this is sad, i just roasted marshmallow. by myself. on the stove top. lol. at least they

72 views • 6 slides
methods and insights developed in other disciplines, notably the natural sciences. 1. Observe

methods and insights developed in other disciplines, notably the natural sciences. 1. Observe

It is critical for economics to incorporate methods and insights developed in other disciplines, notably the natural sciences. 1. Observe and characterize human economic behavior 2. Make efforts to understand the biological foundation of that

657 views • 53 slides
Incentives and Behavior Prof. Dr. Heiner Schumacher KU Leuven 6. Time Preferences I Prof. Dr.

Incentives and Behavior Prof. Dr. Heiner Schumacher KU Leuven 6. Time Preferences I Prof. Dr.

Incentives and Behavior Prof. Dr. Heiner Schumacher KU Leuven 6. Time Preferences I Prof. Dr. Heiner Schumacher (KU Leuven) Incentives and Behavior 6. Time Preferences I 1 / 38 Introduction In this lecture, we focus on time preferences,

404 views • 38 slides
staypu: object validation and serialization & should this even be a package? Scott

staypu: object validation and serialization & should this even be a package? Scott

staypu: object validation and serialization & should this even be a package? Scott Chamberlain ( @sckottie ) pain point: serialization converting data in one format to another format especially painful when complex other languages

329 views • 19 slides
Development of a Versatile, Full-Featured Search Functionality for Indico Penelope Constanta In

Development of a Versatile, Full-Featured Search Functionality for Indico Penelope Constanta In

FERMILAB-SLIDES-19-653-CCD Development of a Versatile, Full-Featured Search Functionality for Indico Penelope Constanta In collaboration with: CHEP 2019 4 November 2019 This manuscript has been authored by Fermi Research Alliance, LLC under

290 views • 13 slides
Small Changes, Big Changes: An Updated View on the Android Permission System Yury Zhauniarovich

Small Changes, Big Changes: An Updated View on the Android Permission System Yury Zhauniarovich

Small Changes, Big Changes: An Updated View on the Android Permission System Yury Zhauniarovich Olga Gadyatskaya RAID 2016 Sensitive Resource Protection in Android Android is the most popular mobile OS: - ~ 2 billion of third-party apps

523 views • 24 slides

More recommend