enhancing security of linux based android devices
play

Enhancing Security of Linux-based Android Devices Aubrey-Derrick - PowerPoint PPT Presentation

Dec 23, 2023 •97 likes •437 views

Enhancing Security of Linux-based Android Devices Aubrey-Derrick Schmidt, Hans-Gunther Schmidt, Jan Clausen, Kamer Ali Yksel, Osman Kiraz, Ahmet Camtepe, and Sahin Albayrak This work was funded by Deutsche Telekom Laboratories

  1. Enhancing Security of Linux-based Android Devices Aubrey-Derrick Schmidt, Hans-Gunther Schmidt, Jan Clausen, Kamer Ali Yüksel, Osman Kiraz, Ahmet Camtepe, and Sahin Albayrak This work was funded by Deutsche Telekom Laboratories

  2. www.DAI-Labor.de  Research Institute with ~100 employees  Six core departments:  Agent Core Technologies  Next Generation Services  Information Retrieval  Cognitive Architectures  Education  Security 07.11.2007 CC SEC Folie 2

  3. DAI-Labor Security Department  Works on:  Smartphone Security  Agent Security  Network Security Simulation  Critical Infrastructures  PKI / Cryptography  Next Generation Homes - Security 07.11.2007 CC SEC Folie 3

  4. TOC  Motivation  Android Security  Adding Linux Security Tools to Android  Enhancing Security with self-built IDS 07.11.2007 CC SEC Folie 4

  5. Motivation  Smartphones getting increasingly popular  Various smartphone malwares appeared  Signature-based approaches only efficient for “known” malware  Anti-Virus engines need avg. time of 48 days to get capable of detecting new malware [Oberheide08]  More than 700,000 can be infected via MMS in about three hours [Bulygin07] 07.11.2007 CC SEC Folie 5

  6. Motivation  Android already very popular (Java on Linux)  Android sources will be set open-source  Opportunity to develop low-level security tools for commonly used smartphones the first time  Linux security research is mature  A lot lessons learned  A lot of open source tools available 07.11.2007 CC SEC Folie 6

  7. TOC  Motivation  Android Security  Adding Linux Security Tools to Android  Enhancing Security with self-built IDS 07.11.2007 CC SEC Folie 7

  8. Android Security  Images on emulator  System Image (YAFFS2, 65 MB / 21 MB free)  Mounted to /system  OS files, libraries, drivers, system bins  Android config files  Android framework  Android base applications (e.g. Browser)  +R(W)X 07.11.2007 CC SEC Folie 8

  9. Android Security  Images on emulator  Userdata Image (YAFFS2, 65 MB / 40 MB free)  Mounted to /data  Used for applications, user data, DRM, ...  +RWX  Cache Image (YAFFS2, u sage not specified yet)  SD-Card Image (no “obvious” size limitations)  Mounted to /sdcard  Files created as user and group “system”  +RW 07.11.2007 CC SEC Folie 9

  10. Android Security  Applications are “location-aware”  Can only be executed in /data or /system  Any changes on file permissions succeed there  Changes in e.g. /sdcard do not succeed (e.g. set execute bit)  Most probably, (Linux) applications cannot be started via SD-Card 07.11.2007 CC SEC Folie 10

  11. Android Security  (Java) Application signing is required  Linux state not clear  developer signs his application with own certificate at the moment  System might change to something similar to Symbian OS  Central authority for assigning certificates  Limited access to APIs  Each, Goole and T-Mobile announced application store (might include application testing and verification) 07.11.2007 CC SEC Folie 11

  12. Android Security  File rights:  /data/data/<package.application_name>  “application land”  drwxr-xr-x app_14 app_14 2008-09-17 14:26 com.android.sample  Application can access other application directories signed with identical certificates  “Certification land” 07.11.2007 CC SEC Folie 12

  13. TOC  Motivation  Android Security  Adding Linux Security Tools to Android  Enhancing Security with self-built IDS 07.11.2007 CC SEC Folie 13

  14. Adding Linux Security Tools to Android General Information  Emulator is used as basis  OHA/Google modified a lot of standard libraries and binaries  Reason: opportunity for business costumers to claim “intellectual property”  Application space is limited (~40 MB)  Common security tools were tested  But: special build environment needed 07.11.2007 CC SEC Folie 14

  15. Creating a Build Environment for Android  Ubuntu 8.04  Two toolkits can be used  Sourcery cross-compile toolchain  Scratchbox cross-compilation toolkit  Emulated ARM environment  “Common” Linux file system layout 07.11.2007 CC SEC Folie 15

  16. Creating a Build Environment for Android Important Facts  Files are located in:  System files are placed in /system  Binaries in /system/bin  Libraries in /system/lib  Config files in /system/etc  System configuration in OpenBinder  Page alignment causes changes in linking  Only way to get available applications run is compiling them statically 07.11.2007 CC SEC Folie 16

  17. Adding Tools  “Top 100 Network Security Tools” [Insec06]  Tested from 5 main categories:  Anti-Virus: ClamAV  Firewall: iptables  Rootkit Detectors: chkrootkit  Intrusion Detection: Snort  Other useful tools: Busybox, Bash, OpenSSH, strace, Nmap 07.11.2007 CC SEC Folie 17

  18. Anti-Virus: ClamAV  Android Compatibility: Works  Problems, solutions, and size:  Static compilation (linking) required  Dependent on static compiled version of "zlib" (zlib-1.2.3)  Total size of all ClamAV relevant files (approx. 28MB) exceeds available size in System image  (21MB). ClamAV virus signature database needs to be placed in a different location.  Size (approx.): 11140 KB libraries and binaries (/opt), 17324 KB database (/data) 07.11.2007 CC SEC Folie 18

  19. Anti-Virus: ClamAV Results ----------- SCAN SUMMARY ----------- Known viruses: 407205 Engine version: 0.94 Scanned directories: 0 Scanned files: 106 Infected files: 0 Data scanned: 5.12 MB Time: 107.236 sec (1 m 47 s) # 07.11.2007 CC SEC Folie 19

  20. Firewall: iptables  Problems:  Kernel needs to be recompiled from source. Sources can be freely downloaded from Android Project website. Enable NETFILTER in kernel configuration and recompile!  “iptables” cannot be compiled due to linker issues: It requires statically compiled parts of libc which Android does not provide. 07.11.2007 CC SEC Folie 20

  21. Rootkit Detector: Chkrootkit  Android Compatibility: Works with minor dependencies  Problems, solutions, and size:  Static compilation (linking) required  Requires "netstat" (provided by "busybox")  Requires standard directories (/lib, /etc, etc.) provided by symbolic links pointing to the correct Android directories  Size (approx.): 588 KB 07.11.2007 CC SEC Folie 21

  22. Rootkit Detector: Chkrootkit Results # ./chkrootkit [: gid: unknown operand ROOTDIR is `/' Checking `amd'... not found Checking `basename'... INFECTED Checking `biff'... not found Checking `cron'... not infected Checking `echo'... INFECTED Checking `egrep'... not infected Checking `env'... INFECTED Checking `find'... not infected Searching for common ssh-scanners default files... nothing found Searching for suspect PHP files... find: /var/tmp: No such file or directory nothing found Searching for anomalies in shell history files... nothing found chkproc: Warning: Possible LKM Trojan installed chkdirs: Warning: Possible LKM Trojan installed Checking `sniffer'... ./chkrootkit: ./ifpromisc: not found 07.11.2007 CC SEC Folie 22

  23. Intrusion Detection: Snort  Problems:  Dependencies to libpcap, libdnet, libnet, pcre and iptables (all as statically compiled/linked solutions)  Requires statically compiled/linked libc parts which are not available on Android 07.11.2007 CC SEC Folie 23

  24. Other Useful Tools: Busybox, Bash, OpenSSH, strace, Nmap  Busybox: works  Bash: works  OpenSSH: Can be executed but is not fully functional (requires users that do not exist in the android environment)  strace: works  Nmap: works with minor dependencies 07.11.2007 CC SEC Folie 24

  25. TOC  Motivation  Android Security  Adding Linux Security Tools to Android  Enhancing Security with self-built IDS 07.11.2007 CC SEC Folie 25

  26. Enhancing Security with a Self-built Intrusion Detection System 07.11.2007 CC SEC Folie 26

  27. Detecting Intrusions and Malware Overview 07.11.2007 CC SEC Folie 27

  28. Detecting Intrusions and Malware Static Function Call Approach  Planned to present metric for weighing suspiciousness of function/system calls  Solution far more easier on Android  Simple decision tree can achieve 95% detection rate  Tested with Linux malware  Some of them were recompiled for Android, but only minor differences  Still has to be tested on real device! 07.11.2007 CC SEC Folie 28

  29. Detecting Intrusions and Malware Static Function Decision Tree __bss_start = y ... continued | gethostbyname = y | | sigaction = y: normal __bss_start = n | | sigaction = n: malicious | printf = y: malicious | gethostbyname = n | printf = n | | fork = y | | fprintf = y: malicious | | | strerror = y | | fprintf = n | | | | getgrgid = y: malicious | | | execv = y: malicious | | | | getgrgid = n: normal | | | execv = n | | | strerror = n: malicious | | | | memmove = y: malicious | | fork = n: normal | | | | memmove = n | | | | | perror = y: malicious continued on the right side | | | | | perror = n: malicious 07.11.2007 CC SEC Folie 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Recycle Your Android Devices Run real Linux on them David Greaves lbt on #mer #sailfjshos

Recycle Your Android Devices Run real Linux on them David Greaves lbt on #mer #sailfjshos

Recycle Your Android Devices Run real Linux on them David Greaves lbt on #mer #sailfjshos ... Co-founder of the Mer Project Who am I? work at Jolla systems and infrastructure (OBS, QA, gitlab, bz ... VMs) HA Documentation Mer tools

621 views • 39 slides
Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig Trusted Systems Research National Security Agency Motivation Android security relies on Linux DAC. To protect the system from apps. To

480 views • 21 slides
CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

1.49k views • 70 slides
CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

583 views • 31 slides
Orchestrated Android-Style System Upgrades for Embedded Linux Diego Rondini Embedded Linux

Orchestrated Android-Style System Upgrades for Embedded Linux Diego Rondini Embedded Linux

Orchestrated Android-Style System Upgrades for Embedded Linux Diego Rondini Embedded Linux Conference Europe 2017, Prague Diego Rondini, www.kynetics.com What this session is about Manage and rollout software updates on Embedded Linux devices

664 views • 45 slides
Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices

Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices

Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices Presented by Michael Harris [MS, CISSP, WAPT] Systems Security Analyst University of Missouri Overview What data needs to be protected, what

407 views • 18 slides
From your PC, Mac, Linux, iOS or Android device, go to

From your PC, Mac, Linux, iOS or Android device, go to

CoIIN to Advance Care for Children with Medical Complexity Video conference access PRE-REGISTER Boston University Slideshow Title Goes Here Please see Zoom registration confirmation email From your PC, Mac, Linux, iOS or Android

489 views • 22 slides
Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al

Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al

Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al [FSE 14] Presented by Maaz Ahmad The Malware Problem (Feb, 2015) Motive Security Labs estimates 16 million infected mobile devices. [1]

828 views • 30 slides
Networking In Your Pocket How the Linux networking stack is made to work on Android devices

Networking In Your Pocket How the Linux networking stack is made to work on Android devices

Google Proprietary + Confidential Networking In Your Pocket How the Linux networking stack is made to work on Android devices netdev1.1, Seville, 2016-02-10 {lorenzo,ek}@google.com Google Proprietary + Confidential Proprietary + Confidential

298 views • 29 slides
Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity

Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity

Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity It used to be that phones had so little connectivity to devices other than the phone network that security wasn't a huge deal Phone number

660 views • 15 slides
Enhancing Mobile Malware: an Android RAT Case Study BSIDES VIENNA 2014 November 22 About Marco

Enhancing Mobile Malware: an Android RAT Case Study BSIDES VIENNA 2014 November 22 About Marco

Enhancing Mobile Malware: an Android RAT Case Study BSIDES VIENNA 2014 November 22 About Marco Lancini Security Consultant, CEFRIEL @lancinimarco Roberto Puricelli Security Consultant, CEFRIEL @robywankenoby 2 Introduction Intro

870 views • 35 slides
Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to use operating system that powers more than a billion devices across the globe - from phones and tablets to watches, TV, cars and more to come.

464 views • 21 slides
Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables

Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables

Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables http://outflux.net/slides/2013/drupal/tunables.pdf R0Ng DrupalCon Portland 2013 Kees Cook &lt;keescook@google.com&gt; (pronounced Case) Who is

474 views • 33 slides
Tizen, Security and The Internet of Things Casey Schaufler 1 Casey Schaufler Security

Tizen, Security and The Internet of Things Casey Schaufler 1 Casey Schaufler Security

Tizen, Security and The Internet of Things Casey Schaufler 1 Casey Schaufler Security Dinosaur Smack Linux Security Module Manager Tizen and Linux Kernel Security 2 Tizen Linux based operating system Project of the Linux

486 views • 23 slides
BE PARANOID OR NOT TO BE ? Alize PENEL Linux and Android System Developer Dev Team Member

BE PARANOID OR NOT TO BE ? Alize PENEL Linux and Android System Developer Dev Team Member

BE PARANOID OR NOT TO BE ? Alize PENEL Linux and Android System Developer Dev Team Member Agenda 02 03 01 Network Security Internet socket in Aspects Permission in Android OS Marshmallow INTERNET PERMISSION IN MARSHMALLOW

584 views • 33 slides
CS 403X Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle

CS 403X Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle

CS 403X Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle Emmanuel Agu Android Software Framework Android Software Framework Multi user Linux system Each Android app is a different Linux user

924 views • 71 slides
Measurement of the Evolution of Reactor Antineutrino Flux and Spectrum at Daya Bay Phys. Rev.

Measurement of the Evolution of Reactor Antineutrino Flux and Spectrum at Daya Bay Phys. Rev.

Measurement of the Evolution of Reactor Antineutrino Flux and Spectrum at Daya Bay Phys. Rev. Lett. 118, 251801 David Martinez Caicedo Illinois Institute of Technology on behalf of Daya Bay Collaboration The 26th International Workshop on

626 views • 33 slides
Human beings, who are almost unique in having the ability to learn from the experience of

Human beings, who are almost unique in having the ability to learn from the experience of

Learning from incidents and accidents Eric Marsden &lt;eric.marsden@risk-engineering.org&gt; Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent

911 views • 55 slides
Data assimila)on study of global ionospheric response to Sudden

Data assimila)on study of global ionospheric response to Sudden

Data assimila)on study of global ionospheric response to Sudden Stratospheric Warming events Casey Honniball University of Arizona Mentor: Irfan Azeem LASP

638 views • 24 slides
Corrosion Under Insulation Monitoring using EMGR Technology Corrosion Under Insulation

Corrosion Under Insulation Monitoring using EMGR Technology Corrosion Under Insulation

Corrosion Under Insulation Monitoring using EMGR Technology Corrosion Under Insulation Monitoring using EMGR Technology Dr Prafull Sharma, CorrosionRADAR Ltd www.corrosionradar.com The

3.63k views • 26 slides
Crops and Climate Len Coop, OSU Integrated Plant Protection Center &amp; Botany Plant Pathology

Crops and Climate Len Coop, OSU Integrated Plant Protection Center &amp; Botany Plant Pathology

Crops and Climate Len Coop, OSU Integrated Plant Protection Center &amp; Botany Plant Pathology Feb 28, 2015 Small Farms Conference, Corvallis, OR (minor updates Mar 2, 2015) Has it been getting warmer in the Pacific NW &amp; how will that

342 views • 11 slides
Government 320: Public Opinion and Public Choice Spring 2007 Tuesday and Thursday 2:554:10 (MG

Government 320: Public Opinion and Public Choice Spring 2007 Tuesday and Thursday 2:554:10 (MG

Government 320: Public Opinion and Public Choice Spring 2007 Tuesday and Thursday 2:554:10 (MG 165) Professor: Walter R. Mebane, Jr. Office: 217 White Hall (255-3868); email wrm1@cornell.edu Office hours: M 24 or other times by

571 views • 44 slides
Introduction to Deep Learning and Tensorflow Day 3 MR ST LF FS SO IB CINECA Roma - SCAI

Introduction to Deep Learning and Tensorflow Day 3 MR ST LF FS SO IB CINECA Roma - SCAI

Introduction to Deep Learning and Tensorflow Day 3 MR ST LF FS SO IB CINECA Roma - SCAI Department M arco R orro S tefano T agliaventi L uca F erraro F rancesco S alvadore S ergio O rlandini I sabella B accarelli Rome, 7th-9th Nov 2018

1.13k views • 67 slides
We use Blue Waters to: Replicate 4-D evolution of mantle dynamics PI: Lijun Liu Members: Jiashun

We use Blue Waters to: Replicate 4-D evolution of mantle dynamics PI: Lijun Liu Members: Jiashun

We use Blue Waters to: Replicate 4-D evolution of mantle dynamics PI: Lijun Liu Members: Jiashun Hu Tiffany Leonard Quan Zhou Zebin Cao University of Illinois at Urbana-Champaign Why Blue Waters? Earths mantle is a complex system

498 views • 20 slides

More recommend