mobile applications and
play

Mobile Applications and Cloud Computing Mobile Applications and - PowerPoint PPT Presentation

Oct 09, 2022 •143 likes •460 views

Security aspects in Mobile Applications and Cloud Computing Mobile Applications and Cloud Computing 2015 Leonardo Aniello, Ph.D. aniello@dis.uniroma1.it Outline Security aspects in mobile applications Current situation Security

  1. Security aspects in Mobile Applications and Cloud Computing Mobile Applications and Cloud Computing 2015 Leonardo Aniello, Ph.D. aniello@dis.uniroma1.it

  2. Outline • Security aspects in mobile applications • Current situation • Security measures • Security weaknesses • Ongoing theses • Security aspects in cloud computing • Security categories • Some known attacks • Case study: SUNFISH • Topics for theses

  3. Outline • Security aspects in mobile applications • Current situation • Security measures • Security weaknesses • Ongoing theses Sufatrio, Darell J. J. Tan, Tong-Wei Chua, Vrizlynn L. L. Thing “ Securing Android: A Survey, Taxonomy, and Challenges ” ACM Comput. Surv. 47(4): 58 (2015)

  4. Security aspects in mobile applications Current situation • Pervasive spread of smart mobile devices (i.e., smartphones and tablets) • Still growing, 5.6 billion devices expected in 2019 • Android holds about 80% of global market share • This is why Android became the best target of malware attacks • High convenience for attackers • ROI

  5. Security aspects in mobile applications Current situation Symantec, Internet Security Threat Report, April 2015

  6. Security aspects in mobile applications Current situation Symantec, Internet Security Threat Report, April 2015

  7. Security aspects in mobile applications Current situation Symantec, Internet Security Threat Report, April 2015

  8. Security aspects in mobile applications Current situation Programs and files that are created to do harm Programs not obviously malicious but can be annoying or even harmful Aggressive techniques to place advertising in your device Symantec, Internet Security Threat Report, April 2015

  9. Security aspects in mobile applications Android Security Measures • Sandboxing • Provides app isolation and containment • Each app runs in its own VM and is assigned a unique Linux user ID – Permissions for all the files of the app are set so that only the user ID assigned to that app can access them – Principle of least privilege : each app has access only to the components it actually requires • Anyway it is possible to share data and services with other apps – Linux user ID sharing – Permissions

  10. Security aspects in mobile applications Android Security Measures • Permission model • Regulate sensitive API calls that access protected resources (i.e., camera, SD card, ...) • Each app requests a set of permissions at install time • The user has to grant either all or none of such permissions • App signing to verify and certify the developer • Component encapsulation to restrict access to it

  11. Security aspects in mobile applications Android Security Measures • Permission model - improved in Marshmallow • Permissions granted at runtime immediately before an app needs it http://www.phonearena.com/ http://www.androidcentral.com/

  12. Security aspects in mobile applications Security Weaknesses • Open market model • Apps easy to reverse-engineer • facilitate repackaging for malware injection • Lack of isolation for third-party libraries, such as advertisement and analytics (A&A) • Such libs may abuse granted permissions • Conversely host apps may tamper with them

  13. Security aspects in mobile applications Security Weaknesses • Vulnerabilities of Inter component communication • Apps may unintentionally expose sensitive interfaces • Malware may intercept broadcasts to stop their propagation or to steal sensitive info • Malicious apps may invoke native code through JNI to leverage memory corruption bugs

  14. Security aspects in mobile applications Ongoing Theses • Malware detection by searching for inconsistencies between distinct features • WHYPER: towards automating risk assessment of mobile applications R. Pandita, X. Xiao, W. Yang, W. Enck, T. Xie, USENIX conference on Security 2013 – Inconsistencies between app description and requested permissions • Work in progress… – Monitor consistency between correlated metrics (i.e., battery consumption and CPU usage) - invariants – When such invariants break, an anomaly occurs - malware? – Detection based on machine learning techniques – Adaptive monitoring : vary frequency and granularity of the monitoring with the aim of saving battery

  15. Security aspects in mobile applications Ongoing Theses • Obfuscation techniques for Android malware • Used by malware developers to evade detection • Trivial techniques (repackaging, disassembly & reassembly, changing package name) • Identifier renaming, Call indirection, Code reordering, Junk code insertion • Reflection, Encryption of bytecode, strings, classes • Experimental evaluation – Apply combinations of obfuscation techniques to known malware – Verify detection accuracy of main antivirus (i.e., VirusTotal)

  16. Outline • Security aspects in mobile applications • Current situation I. M. Khalil, A. Khreishah, M. Azeem • Security measures “ Cloud Computing Security: A Survey ” • Security weaknesses Computers journal 2014, 3, 1-35 • Ongoing theses • Security aspects in cloud computing • Security categories • Some known attacks • Case study: SUNFISH • Topics for theses

  17. Security aspects in cloud computing Security categories Category Description Describes the standards required to take precaution measures in cloud computing in order to prevent attacks. It governs the policies of cloud Security Standards computing for security without compromising reliability and performance. Involves network attacks such as Connection Availability, Denial of Network Service, DDoS, flooding attack, internet protocol vulnerabilities, etc. Covers authentication and access control. It captures issues that affect Access Control privacy of user information and data storage. Covers attacks that are specific to the cloud infrastructure (IaaS, PaaS Cloud Infrastructure and SaaS) such tampered binaries and privileged insiders. Covers data related security issues including data migration, integrity, Data confidentiality, and data warehousing. Table 1 in I. M. Khalil, A. Khreishah, M. Azeem : “Cloud Computing Security: A Survey”, Computers journal 2014, 3, 1 -35

  18. Security aspects in mobile applications Some known attacks • Theft of service • Denial of service • Cloud malware • Targeted shared memory • Phishing • Botnets • …

  19. Security aspects in mobile applications Case Study: SUNFISH • SecUre iNFormatIon SHaring in federated heterogeneous private clouds • Horizon2020 EU Project http://www.sunfishproject.eu/ • Problem addressed: lack of infrastructure and technology allowing Public Sector Players to federate their private clouds

  20. Security aspects in mobile applications Case Study: SUNFISH • Cloud Federation • Interconnection of more private/public clouds • On-demand resource provisioning – Face load spikes – Monetize unused resources • Data sharing among clouds – Information sharing allows to have richer datasets • Federated identity management – Single-sign-on

  21. Security aspects in mobile applications Case Study: SUNFISH Information Sharing Governance Model Policy evaluation flows Each piece of data is attached to an access policy which defines who can access it and how sensitive data PRP: Policy Retrieval Point PDP: Policy Decision Point PEP: Policy Enforcement Point PIP: Policy Information Point data requester data transformation service

  22. Security aspects in mobile applications Case Study: SUNFISH Threat Model • Altering of deployed computational logic • Altering of policy evaluation • Alter policy enforcement infrastructure

  23. Security aspects in mobile applications Case Study: SUNFISH Threat Model • Altering of deployed computational logic • Altering of policy evaluation • Alter policy enforcement infrastructure The PEP may retrieve data without enforcing access policies

  24. Security aspects in mobile applications Case Study: SUNFISH Runtime Monitoring Infrastructure

  25. Security aspects in mobile applications Case Study: SUNFISH • Other threat: data manipulation by privileged user • What if stored logs get compromised? How to secure Log DB? • An attacker could remove some entries from log DB to hide a certain data access • Need to guarantee consensus among participants about what happened so far for what concerns data accesses – What interactions took place? – In which order? • Viable solutions (impact on the deployment) – Replicated log DB, vulnerable to collusion – Also store hashes of log entries to a blockchain to overcome collusion » interesting research direction...

  26. Security aspects in mobile applications Case Study: SUNFISH The blockchain is a distributed public record of transaction, available to everyone to view and verify • A chain of blocks, where each block • consists of a header, hash of the previous block and transactions • generated every 10 minute • Once a block is part of the chain, transactions inside it are practically irreversible • One of the most popular disruptive technologies • Bitcoin is a protocol that https://bitcoin.org relies on blockchain

  27. Security aspects in mobile applications Case Study: SUNFISH Very promising technology, but… …today Bitcoin can handle a transaction rate of 7 tps … http://www.economist.com/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mobile Applications and Services Mobile Applications and Services for NGN networks for NGN

Mobile Applications and Services Mobile Applications and Services for NGN networks for NGN

I nternational Telecom m unication Union ITU-T Mobile Applications and Services Mobile Applications and Services for NGN networks for NGN networks Anett S chlke NEC Network Laboratories Heidelberg NEC Europe Ltd. I TU-T W orkshop NGN

574 views • 19 slides
Mobile and Touch-Based Web Applications Corsin Decurtins Welcome Please switch off your mobile

Mobile and Touch-Based Web Applications Corsin Decurtins Welcome Please switch off your mobile

Mobile und Touch-Basierte Web Applikationen Mobile and Touch-Based Web Applications Corsin Decurtins Welcome Please switch off your mobile phones ... No wait! Introduction Mobile Applications Apps Web Apps Facebook cnn.com Gmail Twitter

797 views • 53 slides
Mobile Business and Applications F. Ricci 2010/2011 Content Mobile Market why mobile?

Mobile Business and Applications F. Ricci 2010/2011 Content Mobile Market why mobile?

Mobile Business and Applications F. Ricci 2010/2011 Content Mobile Market why mobile? Mobile as a medium E-Commerce Application Areas: 1. Sales Force Automation 2. Field Force Automation 3. Warehouse & Stock Management 4.

762 views • 54 slides
Mobile Web Applications using HTML5 L. Cotfas 14 Dec. 2011 Reasons for mobile web development

Mobile Web Applications using HTML5 L. Cotfas 14 Dec. 2011 Reasons for mobile web development

Mobile Web Applications using HTML5 L. Cotfas 14 Dec. 2011 Reasons for mobile web development Many different platforms: Android, IPhone, Symbian, Windows Phone/ Mobile, MeeGo (only a few of them) Reasons for mobile web development

435 views • 31 slides
CSE 562: Mobile Systems & Applications Quals Course Systems Area Shyam Gollakota First

CSE 562: Mobile Systems & Applications Quals Course Systems Area Shyam Gollakota First

CSE 562: Mobile Systems & Applications Quals Course Systems Area Shyam Gollakota First Mobile Phone 1973 2 Goal of this course Have an understanding of state of the art mobile systems research Explore applications that are

1.41k views • 96 slides
Tutorial: Development of Interactive Applications for Mobile Devices 7th International Conference

Tutorial: Development of Interactive Applications for Mobile Devices 7th International Conference

Tutorial: Development of Interactive Applications for Mobile Devices 7th International Conference on Human Computer Interaction with Mobile Devices and Services (Mobile HCI 2005) Enrico Rukzio (Media Informatics Group, University of Munich )

641 views • 24 slides
Mobile Applications Emmanuel Agu CS Dept. WPI MobiDesk Mobile Virtual Desktop Computing

Mobile Applications Emmanuel Agu CS Dept. WPI MobiDesk Mobile Virtual Desktop Computing

Mobile Applications Emmanuel Agu CS Dept. WPI MobiDesk Mobile Virtual Desktop Computing Goal: Virtualize display, OS, networking No modification to application code, OS, networking Example: mobile device runs ASP application

863 views • 53 slides
technologies, applications, perspectives Stefano Chessa Few elements, many apps Mobile

technologies, applications, perspectives Stefano Chessa Few elements, many apps Mobile

Internet of Things technologies, applications, perspectives Stefano Chessa Few elements, many apps Mobile crowdsensing & human sociality Mobile edge computing supporting crowdsensing applications Opportunistic communications

701 views • 7 slides
CS378 - Mobile Computing Intents Intents Allow us to use applications and components that

CS378 - Mobile Computing Intents Intents Allow us to use applications and components that

CS378 - Mobile Computing Intents Intents Allow us to use applications and components that are part of Android System and allow other applications to use the components of the applications we create Examples of Google applications:

473 views • 31 slides
engineering for the smarter world Mobile Solutions and Mobivisor EMM 2 Applications:

engineering for the smarter world Mobile Solutions and Mobivisor EMM 2 Applications:

engineering for the smarter world Mobile Solutions and Mobivisor EMM 2 Applications: Stakeholders: Platforms: Vodafone We had been developing Anvato Android Hidromek mobile apps since 2007. Verkata IOS

958 views • 68 slides
OFS: An Overlay File System for Cloud-Assisted Mobile Applications Jianchen Shan, Nafize R.

OFS: An Overlay File System for Cloud-Assisted Mobile Applications Jianchen Shan, Nafize R.

OFS: An Overlay File System for Cloud-Assisted Mobile Applications Jianchen Shan, Nafize R. Paiker, Xiaoning Ding, Narain Gehani, Reza Curtmola, Cristian Borcea Mobile apps need cloud assistance Mobile devices have limited resources

559 views • 33 slides
A Two-Layer Approach for Energy Efficiency in Mobile Location Sensing Applications Ling-Jyh Chen

A Two-Layer Approach for Energy Efficiency in Mobile Location Sensing Applications Ling-Jyh Chen

A Two-Layer Approach for Energy Efficiency in Mobile Location Sensing Applications Ling-Jyh Chen (Academia Sinica, Taiwan) Introduction Mobile location sensing applications (MLSAs) Exploit Global Positioning System (GPS) technology to

426 views • 30 slides
mobile library applications John Paul Anbu K. and Sanjay Kataria Introduction Desktop

mobile library applications John Paul Anbu K. and Sanjay Kataria Introduction Desktop

Design and testing of mobile library websites: Best practices in creating mobile library applications John Paul Anbu K. and Sanjay Kataria Introduction Desktop websites Vs. Mobile websites Web page on a mobile device often results in a

260 views • 24 slides
Mobile Applications in Context F. Ricci 2010/2011 Content What is context Rules for

Mobile Applications in Context F. Ricci 2010/2011 Content What is context Rules for

Mobile Applications in Context F. Ricci 2010/2011 Content What is context Rules for mobile application design Application classification by usage context Top mobile applications 2010 Assignment Context Definition

140 views • 13 slides
Design of mobile applications for iPhone and Android welcome@sheyker.com A full range of design

Design of mobile applications for iPhone and Android welcome@sheyker.com A full range of design

Andrey Glukhov Design of mobile applications for iPhone and Android welcome@sheyker.com A full range of design services for the launch and development of the mobile applications 1 Application prototype 10 Application design adaptation to

185 views • 18 slides
Ekta: An Efficient DHT Substrate for Distributed Applications in Mobile Ad Hoc Networks

Ekta: An Efficient DHT Substrate for Distributed Applications in Mobile Ad Hoc Networks

Ekta: An Efficient DHT Substrate for Distributed Applications in Mobile Ad Hoc Networks Himabindu Pucha, Saumitra Das, Y. Charlie Hu Distributed Systems and Networking Lab, School of ECE, Purdue University 1 Mobile ad hoc networks (MANETs)

1.17k views • 32 slides
CS5530 Mobile/Wireless Systems GPS/Location in Android Yanyan Zhuang Department of Computer

CS5530 Mobile/Wireless Systems GPS/Location in Android Yanyan Zhuang Department of Computer

CS5530 Mobile/Wireless Systems GPS/Location in Android Yanyan Zhuang Department of Computer Science http://www.cs.uccs.edu/~yzhuang UC. Colorado Springs CS5530 Ref. CN5E, NT@UW, WUSTL Android Location Interface 1. Request permission in

207 views • 10 slides
BE PARANOID OR NOT TO BE ? Alize PENEL Linux and Android System Developer Dev Team Member

BE PARANOID OR NOT TO BE ? Alize PENEL Linux and Android System Developer Dev Team Member

BE PARANOID OR NOT TO BE ? Alize PENEL Linux and Android System Developer Dev Team Member Agenda 02 03 01 Network Security Internet socket in Aspects Permission in Android OS Marshmallow INTERNET PERMISSION IN MARSHMALLOW

584 views • 33 slides
The Firewall Android Deserves: A Context-aware Kernel Message Filter and Modifier David Wu

The Firewall Android Deserves: A Context-aware Kernel Message Filter and Modifier David Wu

The Firewall Android Deserves: A Context-aware Kernel Message Filter and Modifier David Wu Agenda Overview of project Android security background Binder IPC BinderFilter Logging and analysis tools Picky Demos

631 views • 51 slides
S C A L I N G H A D O O P I N & O U T O F T H E P R I VAT E C L O U D P R I VA T E C

S C A L I N G H A D O O P I N & O U T O F T H E P R I VAT E C L O U D P R I VA T E C

J E F F K R A M E R ( H P H E L I O N ) S C A L I N G H A D O O P I N & O U T O F T H E P R I VAT E C L O U D P R I VA T E C L O U D S A R E L I K E Flickr Photo by John Lustig

751 views • 20 slides
More Android 1 How hard was week 9 code review assignment? A) Easy

More Android 1 How hard was week 9 code review assignment? A) Easy

More Android 1 How hard was week 9 code review assignment? A) Easy B) Moderate C) Challenging D) Unreasonable 2 How long did week 9 assignment take? A) Less than 2 hours

593 views • 11 slides
Mobile Subscriber WiFi Privacy Piers OHanlon Ravishankar Borgaonkar Lucca Hirschi (LSV,

Mobile Subscriber WiFi Privacy Piers OHanlon Ravishankar Borgaonkar Lucca Hirschi (LSV,

Department of Computer Science Mobile Subscriber WiFi Privacy Piers OHanlon Ravishankar Borgaonkar Lucca Hirschi (LSV, University Paris-Saclay) MoST IEEE S & P Workshop 2017 Overview Mobile identifiers IMSI Catchers/Trackers

599 views • 27 slides
Martini Recipes for Registration draft-kaplan-martini-shaken-implicit-registrations-00

Martini Recipes for Registration draft-kaplan-martini-shaken-implicit-registrations-00

Martini Recipes for Registration draft-kaplan-martini-shaken-implicit-registrations-00 draft-kaplan-martini-stirred-domain-registration-00 Why REGISTER? 1. We need the other things REGISTER already has: Path, sip-outbound, Service-Route,

370 views • 9 slides
SSVI a la Bergomi Stefano De Marco 1 , Claude Martini 2 1 Ecole Polytechnique 2 Zeliade Systems

SSVI a la Bergomi Stefano De Marco 1 , Claude Martini 2 1 Ecole Polytechnique 2 Zeliade Systems

Outline Reminder on SSVI Chriss-Morokoff-Gatheral-Fukasawa formula SSVI a la Bergomi SSVI a la Bergomi Stefano De Marco 1 , Claude Martini 2 1 Ecole Polytechnique 2 Zeliade Systems Jim Gatheral 60th birthday conference 1 / 30 Outline

802 views • 68 slides

More recommend