csc591 006 smartphone os security introduction
play

CSC591-006 Smartphone OS Security Introduction Spring 2012 Prof. - PowerPoint PPT Presentation

Sep 11, 2022 •124 likes •536 views

CSC591-006 Smartphone OS Security Introduction Spring 2012 Prof. William Enck NC State -- Department of Computer Science Page 1 Why Study Smartphone Security? New platform / theyre popular / its a buzzword Resource constrained

  1. CSC591-006 Smartphone OS Security Introduction Spring 2012 Prof. William Enck NC State -- Department of Computer Science Page 1

  2. Why Study Smartphone Security? • New platform / they’re popular / it’s a buzzword • Resource constrained devices (still?) • Different (intensified?) security risks • The future of computing? NC State -- Department of Computer Science Page 2

  3. This Course • This is a paper-based seminar course considering smartphone operating systems and their security • Seminar-style : round-table discussions of scientific papers led by a student moderator • OS Report : breadth study of top platforms (Android, iOS, Windows Phone, and BlackBerry) • Research Project : students will complete a conference- like paper NC State -- Department of Computer Science Page 3

  4. Grading • Project: 40% • Smartphone OS Report: 15% • Class participation: 25% • Moderating+Presentations: 10% • Paper critiques: 10% NC State -- Department of Computer Science Page 4

  5. Paper Critiques • We will discuss one or two papers every class • Critiques are due by noon the day of class ‣ Graded as “satisfactory,” “satisfactory-”, “satisfactory+” ‣ Need a “satisfactory” average to pass the class • Identify: ‣ Three technical strengths ‣ Three technical weaknesses • For each strength/weakness: ‣ Identify it and support it by arguments • Late Policy: ‣ Four 1-day extensions ‣ Drop up to 4 summaries NC State -- Department of Computer Science Page 5

  6. Paper Moderating • Assigned moderators will make a brief (5-7 minute) presentation (template on Moodle) ‣ Proposes three discussion questions • Breakout roundtable discussions for about 10 mins ‣ Groups of three (changes every class) • “All hands” discussion for about 15 mins NC State -- Department of Computer Science Page 6

  7. Selecting Papers to Moderate • Everyone must go once before anyone goes twice • Paper discussions start next week • Email me 5 top choices by next class ‣ I will make assignments ‣ If a paper isn’t desired by anyone, I’ll pick someone NC State -- Department of Computer Science Page 7

  8. OS Reports • Class broken into four teams (decided today!) ‣ Android, iOS, BlackBerry, Windows Phone • Written Report (Prelim) • Oral Presentation • Written Report (Final) ‣ Application environment ‣ Security Framework • Conclude with at least three positive and three negative critiques of the security framework. NC State -- Department of Computer Science Page 8

  9. Research Projects (Proposal) • 3-5 page project description (Written in LaTeX) ‣ Section 1: Introduction ‣ Section 2: Approach ‣ Section 3: Deliverables ‣ Section 4: Schedule ‣ References • Groups of one or two (with approval) • Oral presentations (~10 mins) NC State -- Department of Computer Science Page 9

  10. Project Status Report • Early draft of your final report ‣ Should have well written: abstract, introduction, overview of approach. ‣ Protocol/Architecture/Design should have some technical detail and a high-level architecture ‣ Placeholders for remaining sections ‣ Related work should be near complete NC State -- Department of Computer Science Page 10

  11. Final Project Report • 8-10 pages (11pt) • Final Presentation • Suggested outline: ‣ ~20 mins (depending on number of projects) ‣ Abstract ‣ 5 mins Q&A ‣ Introduction ‣ Overview of Approach ‣ Protocol/Architecture/ Design/... ‣ Evaluation ‣ Discussion ‣ Related Work ‣ Conclusions ‣ References NC State -- Department of Computer Science Page 11

  12. OS Report Teams NC State -- Department of Computer Science Page 12

  13. Quick Android Primer NC State -- Department of Computer Science Page 13

  14. Android Phones • An Android contains a number of “ applications ” ‣ Android comes installed with a number of basic systems tools, e.g., dialer, address book, etc. ‣ Developers use the Android API to construct applications. • All apps are written in Java and executed within a custom Java virtual machine. ‣ Each application package is contained in a jar file (.apk) • Applications are installed by the user ‣ No “app store” required, just build and go. ‣ Open access to data and voice services NC State -- Department of Computer Science Page 14

  15. Architecture • The Android smartphone operating system is built upon Linux and includes many libraries and a core set of applications. • The middleware makes it interesting ‣ Not focused on UNIX processes ‣ Uses the Binder component framework • Originally part of BeOS, then enhanced Phone Contacts Maps by Palm, now used in Android Application Application Application ‣ Applications consist of many Reference Binder Monitor Android Middleware Component components of different types Framework Policy ‣ Applications interact via components Linux • We focus on security with respect to the component API NC State -- Department of Computer Science Page 15

  16. Component Model • While each application runs as its own UNIX uid, sharing can occur through application-level interactions ‣ Interactions based on components ‣ Different component types • Activity • Service start/stop/bind start • Content Provider call Activity Activity Activity Service return • Broadcast Receiver callback Communicating with a Service Starting an Activity for a Result ‣ Target component in the same or different application Read/Write System Query Send Broadcast ‣ but first ... Content Activity Activity Intent Receiver Provider return Service Querying a Content Provider Receiving an Intent Broadcast NC State -- Department of Computer Science Page 16

  17. Intents • Intents are objects used as inter-component signaling ‣ Starting the user interface for an application ‣ Sending a message between components ‣ Starting a background service NC State -- Department of Computer Science Page 17

  18. Activity Component • The user interface consists of a series of Activity components. • Each Activity is a “screen”. • User actions tell an Activity to start another Activity, possibly with the expectation of a result . • The target Activity is not necessarily in the same application. • Directly or via Intent “action strings”. • Processing stops when another Activity is “on top”. NC State -- Department of Computer Science Page 18

  19. Service Component • Background processing occurs in Service components. ‣ Downloading a file, playing music, tracking location, polling, etc. ‣ Local vs. Remote Services (process-level distinction) • Also provides a “service” interface between applications ‣ Arbitrary interfaces for data transfer Android Interface Definition Language (AIDL) • ‣ Register callback methods ‣ Core functionality often implemented as Service components e.g., Location API, Alarm service • • Multiple interfaces ‣ Control: start, stop ‣ Method invocation: bind NC State -- Department of Computer Science Page 19

  20. Content Provider Component • Content Provider components provide a standardized interface for sharing data, i.e., content (between applications). • Models content in a relational DB ‣ Users of Content Providers can perform queries equivalent to SELECT, UPDATE, INSERT, DELETE ‣ Works well when content is tabular ‣ Also works as means of addressing “files” • URI addressing scheme content://<authority>/<table>/[<id>] ‣ content://contacts/people/10 ‣ NC State -- Department of Computer Science Page 20

  21. Broadcast Receiver Component • Broadcast Receiver components act as specialized event Intent handlers (also think of as a message mailbox). • Broadcast Receiver components “ subscribe ” to specific action strings (possibly multiple) ‣ action strings are defined by the system or developer ‣ component is automatically called by the system • Recall that Android provides automatic Activity resolution using “action strings”. ‣ The action string was assigned to an Intent object ‣ Sender can specify component recipient (no action string) NC State -- Department of Computer Science Page 21

  22. The Android Manifest • Manifest files are the technique for describing the contents of an application package (i.e., resource file) • Each Android application has a special AndroidManifest.xml file (included in the .apk package) ‣ describes the contained components • components cannot execute unless they are listed ‣ specifies rules for “auto-resolution” ‣ specifies access rules ‣ describes runtime dependencies ‣ optional runtime libraries ‣ required system permissions NC State -- Department of Computer Science Page 22

  23. Manifest Specification NC State -- Department of Computer Science Page 23

  24. Example Applications • FriendTracker Application FriendTracker Service to poll for friend locations ‣ Broadcasts an Intent when near a friend • FriendProvider Content Provider to store location of friends ‣ Cross references friends with system Contacts Provider • FriendTrackerControl Activity to start and stop the Service ‣ BootReceiver Broadcast Receiver to start the service on boot ‣ • FriendViewer Application FriendViewer Activity to display list of friend locations ‣ FriendMap Activity to show friends on a map (on right) ‣ FriendReceiver Broadcast Receiver to display when near ‣ • Available from http://siis.cse.psu.edu/android_sec_tutorial.html NC State -- Department of Computer Science Page 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lecture 8a: Smartphone Sensing Emmanuel Agu Smartphone Sensing Recall: Smartphone Sensors

Lecture 8a: Smartphone Sensing Emmanuel Agu Smartphone Sensing Recall: Smartphone Sensors

Mobile and Ubiquitous Computing on Smartphones Lecture 8a: Smartphone Sensing Emmanuel Agu Smartphone Sensing Recall: Smartphone Sensors Typical smartphone sensors today accelerometer, compass, GPS, microphone, camera, proximity

898 views • 68 slides
This PIN Can Be Easily Guessed Analyzing the Security of Smartphone Unlock PINs Philipp Markert,

This PIN Can Be Easily Guessed Analyzing the Security of Smartphone Unlock PINs Philipp Markert,

This PIN Can Be Easily Guessed Analyzing the Security of Smartphone Unlock PINs Philipp Markert, Daniel V. Bailey, Maximilian Golla, Markus Drmuth, and Adam J. Aviv May 18, 2020 | 41st IEEE Symposium on Security and Privacy Overview ?!

355 views • 18 slides
The Privacy and CyLab Security Behaviors of Smartphone Engineering &amp; App Developers

The Privacy and CyLab Security Behaviors of Smartphone Engineering &amp; App Developers

The Privacy and CyLab Security Behaviors of Smartphone Engineering &amp; App Developers Public Policy Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason Hong, Lorrie Faith y &amp; c S a e v c i u r P r i t e y l b L a

646 views • 26 slides
AppsPlayground: Automatic Security Analysis of Smartphone Applications Vaibhav Rastogi , Yan Chen,

AppsPlayground: Automatic Security Analysis of Smartphone Applications Vaibhav Rastogi , Yan Chen,

AppsPlayground: Automatic Security Analysis of Smartphone Applications Vaibhav Rastogi , Yan Chen, and William Enck Lab for Internet and Security Technology, Northwestern University North Carolina State University h li S i i 1

1.22k views • 19 slides
Analyzing End-Users Knowledge and Feelings Surrounding Smartphone Security and Privacy May

Analyzing End-Users Knowledge and Feelings Surrounding Smartphone Security and Privacy May

Analyzing End-Users Knowledge and Feelings Surrounding Smartphone Security and Privacy May 21st 2015 Lydia Kraus*, Tobias Fiebig*, Viktor Miruchna*, Sebastian Mller*, Asaf Shabtai+ * Technische Universitt Berlin + Ben-Gurion University

397 views • 18 slides
Hey, You, Get Off of My Market: RAFAEL MICHAEL CS 682- ADVANCED SECURITY TOPICS Smartphone

Hey, You, Get Off of My Market: RAFAEL MICHAEL CS 682- ADVANCED SECURITY TOPICS Smartphone

Hey, You, Get Off of My Market: RAFAEL MICHAEL CS 682- ADVANCED SECURITY TOPICS Smartphone users over the years Leading app stores 2019 Smartphones are becoming increasingly ubiquitous With great popularity Comes great

385 views • 37 slides
Ubiquitous and Mobile Computing CS 528: Hooked on Smartphones: An Exploratory Study on Smartphone

Ubiquitous and Mobile Computing CS 528: Hooked on Smartphones: An Exploratory Study on Smartphone

Ubiquitous and Mobile Computing CS 528: Hooked on Smartphones: An Exploratory Study on Smartphone Overuse among College Students Nan Zhang Computer Science Dept. Worcester Polytechnic Institute (WPI) Introduction Smartphone Overuse Introduction

329 views • 30 slides
How to do it Wrong: Smartphone Antivirus and Security Applications Under Fire Stephan Huber,

How to do it Wrong: Smartphone Antivirus and Security Applications Under Fire Stephan Huber,

How to do it Wrong: Smartphone Antivirus and Security Applications Under Fire Stephan Huber, Siegfried Rasthofer, Steven Arzt, Michael Trger, Andreas Wittmann, Philipp Roskosch, Daniel Magin 1 Who are we Stephan Siegfried Mobile

751 views • 50 slides
CS 4518 Mobile and Ubiquitous Computing Smartphone Sensing Emmanuel Agu Smartphone Sensors

CS 4518 Mobile and Ubiquitous Computing Smartphone Sensing Emmanuel Agu Smartphone Sensors

CS 4518 Mobile and Ubiquitous Computing Smartphone Sensing Emmanuel Agu Smartphone Sensors Typical smartphone sensors today accelerometer, compass, GPS, microphone, camera, proximity Future sensors? Heart rate monitor,

825 views • 20 slides
Smartphone Sensors Using raw smartphone sensor data in the classroom Albert Schueller Department

Smartphone Sensors Using raw smartphone sensor data in the classroom Albert Schueller Department

JMM Denver 2020 Smartphone Sensors Using raw smartphone sensor data in the classroom Albert Schueller Department of Mathematics and Statistics Overview Introduce a collection of useful technologies that have a broad range of applications and

289 views • 15 slides
Regaining control of your smartphone with postmarketOS and Maemo Leste Merlijn Wajer, Bart

Regaining control of your smartphone with postmarketOS and Maemo Leste Merlijn Wajer, Bart

Regaining control of your smartphone with postmarketOS and Maemo Leste Merlijn Wajer, Bart Ribbers February 2, 2020 February 2, 2020 1 / 29 Status of GNU/Linux on the smartphone Brief introduction Why GNU/Linux on the smartphone?

498 views • 34 slides
Route Choice Model using Smartphone GPS Data Gregory Lue Presentation Outline Introduction

Route Choice Model using Smartphone GPS Data Gregory Lue Presentation Outline Introduction

Estimating a Toronto Pedestrian Route Choice Model using Smartphone GPS Data Gregory Lue Presentation Outline Introduction Background Data Smartphone Data Alternative Route Generation Choice Model Toronto Case Study

1.32k views • 84 slides
Smartphone Imaging Trends Brian Klug Sr. Smartphone Editor, AnandTech.com Thursday, February 7,

Smartphone Imaging Trends Brian Klug Sr. Smartphone Editor, AnandTech.com Thursday, February 7,

Smartphone Imaging Trends Brian Klug Sr. Smartphone Editor, AnandTech.com Thursday, February 7, 13 Background B.S. - Optical Sciences &amp; Engineering, University of Arizona Imaging Technology Lab with Steward Observatory Worlds first curved

560 views • 44 slides
Privacy in the Smartphone Age Di Ma NSF US/Mid-East Workshop on Trustworthiness in Emerging

Privacy in the Smartphone Age Di Ma NSF US/Mid-East Workshop on Trustworthiness in Emerging

Privacy in the Smartphone Age Di Ma NSF US/Mid-East Workshop on Trustworthiness in Emerging Distributed Systems and Networks June 4-6, 2012 Istanbul, Turkey The issue Privacy in the smartphone age I s important because smartphones

233 views • 6 slides
A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

ADVANCED COMPUTER SECURITY INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT IS SECURITY? A systems security policies describe What the system is supposed to do Store and provide access

479 views • 16 slides
CISC / RISC Complex / Reduced Instruction Set Computers CISC / RISC p. 1/12 Instruction

CISC / RISC Complex / Reduced Instruction Set Computers CISC / RISC p. 1/12 Instruction

Systems Architecture CISC / RISC Complex / Reduced Instruction Set Computers CISC / RISC p. 1/12 Instruction Usage Instruction Group Average Usage 1 Data Movement 45.28% 2 Flow Control 28.73% 3 Arithmetic 10.75% 4 Compare

1.3k views • 12 slides
Short History of Operating Systems CS 4410 Operating Systems [R. Agarwal, L. Alvisi, A. Bracy,

Short History of Operating Systems CS 4410 Operating Systems [R. Agarwal, L. Alvisi, A. Bracy,

Short History of Operating Systems CS 4410 Operating Systems [R. Agarwal, L. Alvisi, A. Bracy, M. George, F. B. Schneider, E. G. Sirer, R. Van Renesse] PHASE 1 (1945 1975) COMPUTERS EXPENSIVE, HUMANS CHEAP Early Era (1945 1955):

1.09k views • 48 slides
A FREE OPERATING SYSTEM DESIGNED SPECIFICALLY FOR PERSONAL COMPUTING by Rusty Keele THE PLAN

A FREE OPERATING SYSTEM DESIGNED SPECIFICALLY FOR PERSONAL COMPUTING by Rusty Keele THE PLAN

A FREE OPERATING SYSTEM DESIGNED SPECIFICALLY FOR PERSONAL COMPUTING by Rusty Keele THE PLAN FOR TODAY A brief introduction A short history lesson A show-and-tell overview Some resources A philosophical discussion

330 views • 30 slides
Ten lessons learned about Ten lessons learned about Ubiquitous Computing Ubiquitous Computing

Ten lessons learned about Ten lessons learned about Ubiquitous Computing Ubiquitous Computing

Ten lessons learned about Ten lessons learned about Ubiquitous Computing Ubiquitous Computing Roy Want Roy Want Intel Research Intel Research Dagstuhl, September 2001 Dagstuhl, September 2001 Ubiquitous Computing Ubiquitous Computing

497 views • 31 slides
MODELLING TRANSIENT STATES IN QUEUEING MODELS OF COMPUTER NETWORKS: A FEW PRACTICAL ISSUES

MODELLING TRANSIENT STATES IN QUEUEING MODELS OF COMPUTER NETWORKS: A FEW PRACTICAL ISSUES

MODELLING TRANSIENT STATES IN QUEUEING MODELS OF COMPUTER NETWORKS: A FEW PRACTICAL ISSUES (engineering approach) Tadeusz Czachrski Institute of Theoretical and Applied Informatics of Polish Academy of Sciences, IITiS PAN, Gliwice, Poland

1.8k views • 121 slides
A family of rules for parameter choice in Tikhonov regularization of ill-posed problems with

A family of rules for parameter choice in Tikhonov regularization of ill-posed problems with

A family of rules for parameter choice in Tikhonov regularization of ill-posed problems with inexact noise level U. Hmarik, R. Palm, T. Raus University of Tartu, Estonia International Conference on Scientific Computing S. Margherita di Pula,

428 views • 32 slides
Sciences Pathology and Laboratory Medicine Majors in Bachelor of Science Aboriginal Health

Sciences Pathology and Laboratory Medicine Majors in Bachelor of Science Aboriginal Health

Faculty of Medicine, Dentistry and Health Sciences Pathology and Laboratory Medicine Majors in Bachelor of Science Aboriginal Health and Wellbeing Marine Science Agricultural Science Mathematics and Statistics

500 views • 13 slides
The Negotiation of Multimedia Content Services in Heterogeneous Environment Tayeb Lemlouma and

The Negotiation of Multimedia Content Services in Heterogeneous Environment Tayeb Lemlouma and

The Negotiation of Multimedia Content Services in Heterogeneous Environment Tayeb Lemlouma and Nabil Layada Opera Project INRIA Rhne-Alpes, France {Tayeb.Lemlouma,Nabil.Layaida}@inrialpes.fr 1 The Negotiation of Multimedia Content

574 views • 24 slides

More recommend