s mv h unter large scale automated detection of ssl tls
play

S MV -H UNTER : Large Scale, Automated Detection of SSL/TLS - PowerPoint PPT Presentation

Oct 01, 2022 •251 likes •671 views

S MV -H UNTER : Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps David Sounthiraraj Justin Sahs Garret Greenwood Zhiqiang Lin Latifur Khan University of Texas at Dallas February 26, 2014

  1. S MV -H UNTER : Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps David Sounthiraraj Justin Sahs Garret Greenwood Zhiqiang Lin Latifur Khan University of Texas at Dallas February 26, 2014

  2. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion Problem Statement ◮ Many Android apps use SSL/TLS to transmit sensitive data ◮ Android allows developers to override the built-in validation ◮ Used to connect to servers whose certificates come from non-standard Certificate Authorities (CAs) ◮ Used to avoid purchasing certificates for testing or user acceptance environment ◮ Can lead to SSL Man-in-the-Middle Vulnerabilities (SMVs)

  3. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion SSL/TLS In SSL/TLS, a server’s identity is verified by a certificate chain. A chain is valid if: ◮ Each certificate has not expired ◮ The root certificate of the chain is from a CA present in the keystore ◮ Each certificate has a valid cryptographic signature from the CA immediately after it in the chain Additionally, the certificate chain’s hostname must match the domain name being connected to (possibly with wildcards).

  4. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion Example Vulnerability A famous example is the Chase Banking App (CVE-2012-5810): 1 public final void checkServerTrusted(X509Certificate[] paramArrayOfX509Certficate, String paramString) 2 3 { if ((paramArrayOfX509Certficate != null ) && ( 4 paramArrayOfX509Certficate.length == 1)) 5 paramArrayOfX509Certficate[0].checkValidity(); 6 while ( true ) 7 { 8 return; 9 this .a.checkServerTrusted( 10 paramArrayOfX509Certficate,paramString); 11 } 12 13 } (from (Georgiev et al. , 2012))

  5. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion Example Vulnerability A famous example is the Chase Banking App (CVE-2012-5810): 1 public final void checkServerTrusted(X509Certificate[] paramArrayOfX509Certficate, String paramString) 2 3 { if ((paramArrayOfX509Certficate != null ) && ( 4 paramArrayOfX509Certficate.length == 1)) 5 paramArrayOfX509Certficate[0].checkValidity(); 6 while ( true ) 7 { 8 return; 9 this .a.checkServerTrusted( 10 paramArrayOfX509Certficate,paramString); 11 } 12 13 } (from (Georgiev et al. , 2012))

  6. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion Approach ◮ Purely static analysis unreliable ◮ Purely dynamic analysis infeasible ◮ enumerate all possible UI interaction paths ◮ text input ◮ We propose a hybrid approach ◮ use static analysis to prune the search space for and provide valid text to dynamic analysis

  7. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion System Overview Static Analysis Dynamic Analysis HTTP Traffic Disassembly Internet Smali Files Device & UI HTTPS MITM HTTPS Proxy Automation Vulnerable Traffic Traffic Vulnerability Smart Input Apps Detection Apps Generation Method Names Correlative Analysis Results Entry Point Identification

  8. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion System Overview Static Analysis Dynamic Analysis HTTP Traffic Disassembly Internet Smali Files Device & UI HTTPS MITM HTTPS Proxy Automation Vulnerable Traffic Traffic Vulnerability Smart Input Apps Detection Apps Generation Method Names Correlative Analysis Results Entry Point Identification

  9. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion System Overview Static Analysis Dynamic Analysis HTTP Traffic Disassembly Internet Smali Files Device & UI HTTPS MITM HTTPS Proxy Automation Vulnerable Traffic Traffic Vulnerability Smart Input Apps Detection Apps Generation Method Names Correlative Analysis Results Entry Point Identification

  10. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion System Overview Static Analysis Dynamic Analysis HTTP Traffic Disassembly Internet Smali Files Device & UI HTTPS MITM HTTPS Proxy Automation Vulnerable Traffic Traffic Vulnerability Smart Input Apps Detection Apps Generation Method Names Correlative Analysis Results Entry Point Identification

  11. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion System Overview Static Analysis Dynamic Analysis HTTP Traffic Disassembly Internet Smali Files Device & UI HTTPS MITM HTTPS Proxy Automation Vulnerable Traffic Traffic Vulnerability Smart Input Apps Detection Apps Generation Method Names Correlative Analysis Results Entry Point Identification

  12. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion System Overview Static Analysis Dynamic Analysis HTTP Traffic Disassembly Internet Smali Files Device & UI HTTPS MITM HTTPS Proxy Automation Vulnerable Traffic Traffic Vulnerability Smart Input Apps Detection Apps Generation Method Names Correlative Analysis Results Entry Point Identification

  13. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion System Overview Static Analysis Dynamic Analysis HTTP Traffic Disassembly Internet Smali Files Device & UI HTTPS MITM HTTPS Proxy Automation Vulnerable Traffic Traffic Vulnerability Smart Input Apps Detection Apps Generation Method Names Correlative Analysis Results Entry Point Identification

  14. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion System Overview Static Analysis Dynamic Analysis HTTP Traffic Disassembly Internet Smali Files Device & UI HTTPS MITM HTTPS Proxy Automation Vulnerable Traffic Traffic Vulnerability Smart Input Apps Detection Apps Generation Method Names Correlative Analysis Results Entry Point Identification

  15. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion Static Analysis Disassembly Smali Files Vulnerable Vulnerability ... Smart Input Apps Detection Apps Generation Method Names Entry Point Identification

  16. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion Disassembly ◮ apktool to disassemble the packaged compiled code into a human-readable format Disassembly called Smali . Smali Files Vulnerable ◮ Significantly faster and ... Vulnerability Smart Input Apps Detection Generation more reliable than Method Names decompilation, especially Entry Point Identification when the code has been obfuscated

  17. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion Static SMV Detection ◮ Simply check whether the X509TrustManager or HostNameVerifier interfaces have been Disassembly overridden Smali Files Vulnerable ◮ Apps that do not override ... Vulnerability Smart Input Apps Detection Generation these either do not use SSL Method Names or use the built-in SSL Entry Point Identification support without modification

  18. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion Vulnerable Entry Point Identification ◮ Each app can be started at a number of entry points (called activities ) ◮ Many entry points will not Disassembly trigger secure connections Smali Files Vulnerable ... Vulnerability Smart Input ◮ Trace backwards through Apps Detection Generation method calls to identify Method Names entry points that might Entry Point Identification trigger potential vulnerabilities

  19. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion Smart Input Generation ◮ Apps often perform validation on text input or convert text to other datatypes (e.g. integers) Disassembly ◮ Intelligently provide input Smali Files based on: Vulnerable ... Vulnerability Smart Input Apps Detection Generation ◮ Input type annotations Method Names ◮ Type cast operations in Entry Point the code Identification

  20. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion Dynamic Analysis HTTP Traffic Internet Device & UI HTTPS MITM HTTPS Proxy Automation Traffic Traffic ... Correlative Analysis Results

  21. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion Device Management For completeness and scalability, our system must: ◮ Manage multiple emulators in parallel, ◮ Handle emulator crashes and other errors, ◮ Schedule and distribute app testing across running emulators, and ◮ Collect and manage log data including installation and uninstallation details and network traffic.

  22. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion Device Management The device management component has two threads: ◮ Emulator Management ◮ App Scheduling

  23. Introduction System Overview Static Analysis Dynamic Analysis Experiments Discussion Device Management The device management component has two threads: ◮ Emulator Management ◮ Maintains a pool of active and free emulators ◮ Monitors the state of each emulator, restarting ones that go “offline” or crash ◮ App Scheduling

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Large-Scale API Protocol Mining for Automated Bug Detection Michael Pradel Department of

Large-Scale API Protocol Mining for Automated Bug Detection Michael Pradel Department of

Large-Scale API Protocol Mining for Automated Bug Detection Michael Pradel Department of Computer Science ETH Zurich 1 Motivation LinkedList pinConnections = ...; Iterator i = pinConnections.iterator (); while ( i.hasNext () ) { PinLink

1.55k views • 127 slides
VetTag: improving automated veterinary diagnosis coding via large-scale language modeling

VetTag: improving automated veterinary diagnosis coding via large-scale language modeling

VetTag: improving automated veterinary diagnosis coding via large-scale language modeling Published in npj (Nature) Digital Medicine Yuhui Zhang, Allen Nie, James Zou Introduction Large-scale veterinary clinical records can become a powerful

529 views • 14 slides
Is the Future Almost Here? Large-Scale Completely Automated Vowel

Is the Future Almost Here? Large-Scale Completely Automated Vowel

Is the Future Almost Here? Large-Scale Completely Automated Vowel Extrac8on of Free Speech Sravana Reddy and James N. Stanford Dartmouth College

563 views • 31 slides
Automated Iterative Partitioning for Cooperatively Coevolving Particle Swarms in Large Scale

Automated Iterative Partitioning for Cooperatively Coevolving Particle Swarms in Large Scale

CCPSO2 Proposed Approach Experimental Results Conclusion Automated Iterative Partitioning for Cooperatively Coevolving Particle Swarms in Large Scale Optimization Peter Frank Perroni 1 Daniel Weingaertner 1 Myriam Regattieri Delgado 2 1

319 views • 21 slides
Inject the future Process technologies and automated production cells for large-scale

Inject the future Process technologies and automated production cells for large-scale

Inject the future Process technologies and automated production cells for large-scale manufacturing of lightw eight thermoplastic composites for automotive applications Georg Steinbichler ENGEL AUSTRIA GmbH | EU Technology transfer

487 views • 11 slides
Developing Automated Scoring for Large-scale Assessments of Three-dimensional Learning Jay Thomas

Developing Automated Scoring for Large-scale Assessments of Three-dimensional Learning Jay Thomas

Developing Automated Scoring for Large-scale Assessments of Three-dimensional Learning Jay Thomas 1 , Ellen Holste 2 , Karen Draney 3 , Shruti Bathia 3 , and Charles W. Anderson 2 1. ACT, Inc. Michigan State University 2. UC Berkeley, BEAR

473 views • 14 slides
Automated fault detection for Automated fault detection for Autosub6000: Autosub6000: What we've

Automated fault detection for Automated fault detection for Autosub6000: Autosub6000: What we've

Automated fault detection for Automated fault detection for Autosub6000: Autosub6000: What we've achieved in a year? TSEM talk @ Institute of Cybernetics, Tallinn, Estonia Juhan Ernits, March 9, 2010 Overview of todays talk Overview of today s

490 views • 26 slides
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware Paul Weliczko

UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware Paul Weliczko

UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware Paul Weliczko https://arstechnica.com/information-technology/2012/11/mushrooming-growth-of-ransomware- extorts-5-million-a-year/

298 views • 13 slides
Automated Large-Scale Phonetic Analysis: DASS William A. Kretzschmar, Jr., Joseph Stanley,

Automated Large-Scale Phonetic Analysis: DASS William A. Kretzschmar, Jr., Joseph Stanley,

Automated Large-Scale Phonetic Analysis: DASS William A. Kretzschmar, Jr., Joseph Stanley, Katherine Kuiper University of Georgia 1 DASS 64 interviews available on a portable USB drive 370 hours of sound files--c. 200Gb, about

335 views • 12 slides
BotGraph: Large Scale Spamming Botnet Detection Web-account abuse attack recent spamming technic

BotGraph: Large Scale Spamming Botnet Detection Web-account abuse attack recent spamming technic

BotGraph: Large Scale Spamming Botnet Detection Web-account abuse attack recent spamming technic New different approche for sending spam Basing on reputation of email providers Difficult to detect signup detection monitoring users' activity

157 views • 15 slides
LAVA: Large-scale Automated Vulnerability Addition Tim Leek, Patrick Hulin, Ryan Whelan (MIT/LL),

LAVA: Large-scale Automated Vulnerability Addition Tim Leek, Patrick Hulin, Ryan Whelan (MIT/LL),

LAVA: Large-scale Automated Vulnerability Addition Tim Leek, Patrick Hulin, Ryan Whelan (MIT/LL), Brendan Dolan-Gavitt (NYU), Fredrick Ulrich, Andrea Mambretti, Wil Robertson, and Engin Kirda (Northeastern) May 22, 2016 This work is sponsored

181 views • 16 slides
Evaluation of Amplification attacks in large-scale networks to improve detection performance

Evaluation of Amplification attacks in large-scale networks to improve detection performance

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluation of Amplification attacks in large-scale networks to improve detection performance Michael Kpferl Interdisciplinary Project Final

517 views • 49 slides
Staghorn An Automated Large-Scale Distributed System Analysis Platform Kasimir Gabert (5638),

Staghorn An Automated Large-Scale Distributed System Analysis Platform Kasimir Gabert (5638),

CPU Quiesce Time A vm_density 1 10 14 6 VM 1 VM 2 Time to quiesce CPUs (in ms) A 5 (paused) (paused) 4 VM 1 VM 2 3 X 2 1 10 14 VM 1 VM 2 VM Density Staghorn An Automated Large-Scale Distributed System Analysis

513 views • 24 slides
25 Million Flows Later Large-scale Detection of DOM-based XSS CCS 2013, Berlin Sebastian

25 Million Flows Later Large-scale Detection of DOM-based XSS CCS 2013, Berlin Sebastian

25 Million Flows Later Large-scale Detection of DOM-based XSS CCS 2013, Berlin Sebastian Lekies, Ben Stock , Martin Johns Agenda XSS & Attacker Scenario WebSec guys: wake up once you see a cat Motivation Our contributions

619 views • 34 slides
PyZX: Large Scale Automated Diagrammatic Reasoning Aleks Kissinger aleks@cs.ru.nl John van de

PyZX: Large Scale Automated Diagrammatic Reasoning Aleks Kissinger aleks@cs.ru.nl John van de

PyZX: Large Scale Automated Diagrammatic Reasoning Aleks Kissinger aleks@cs.ru.nl John van de Wetering john@vdwetering.name Institute for Computing and Information Sciences Radboud University Nijmegen June 10, 2019 PyZX Open source

1.06k views • 49 slides
Anomaly Detection and Troubleshooting of Large Scale Systems from Event Logs Presented By Niloy

Anomaly Detection and Troubleshooting of Large Scale Systems from Event Logs Presented By Niloy

Anomaly Detection and Troubleshooting of Large Scale Systems from Event Logs Presented By Niloy Ganguly Bivas Mitra, Subhendu Khatuya Also in collaboration with NetApp Department of Computer Science and Engineering Indian Institute of

689 views • 53 slides
Predicting and Tracking Internet Path Changes talo Cunha Renata Teixeira, Darryl Veitch, and

Predicting and Tracking Internet Path Changes talo Cunha Renata Teixeira, Darryl Veitch, and

Predicting and Tracking Internet Path Changes talo Cunha Renata Teixeira, Darryl Veitch, and Christophe Diot Problem statement Goal: track large number of paths Current approach: traceroute-style measurements Challenges Cannot measure

557 views • 19 slides
SAR Image PostProcessing and Exploitation This presentation is an informal communication

SAR Image PostProcessing and Exploitation This presentation is an informal communication

10/18/2017 SAR Image PostProcessing and Exploitation This presentation is an informal communication intended for a limited audience comprised of attendees to the Institute for Computational and Experimental Research in Mathematics (ICERM)

462 views • 21 slides
Synchronisation solutions, NDS2 Cryptobox Kamil Guryn, BIAMAN, www.pb.edu.pl Maciej Brzeniak,

Synchronisation solutions, NDS2 Cryptobox Kamil Guryn, BIAMAN, www.pb.edu.pl Maciej Brzeniak,

Synchronisation solutions, NDS2 Cryptobox Kamil Guryn, BIAMAN, www.pb.edu.pl Maciej Brzeniak, PSNC, www.psnc.pl & NDS2 project partners: Presentation agenda Background Features of good synchronisation mechanisms Discussion of

772 views • 34 slides
CS 4495 Computer Vision Features 1 Harris and other corners Aaron Bobick School of

CS 4495 Computer Vision Features 1 Harris and other corners Aaron Bobick School of

Features 1: Harris CS 4495 Computer Vision A. Bobick and other corners CS 4495 Computer Vision Features 1 Harris and other corners Aaron Bobick School of Interactive Computing Corners in A Corners in B Features 1: Harris CS 4495

891 views • 66 slides
Handling concept drift in data stream mining Student : Manuel Martn Salvador Supervisors : Luis

Handling concept drift in data stream mining Student : Manuel Martn Salvador Supervisors : Luis

Handling concept drift in data stream mining Student : Manuel Martn Salvador Supervisors : Luis M. de Campos and Silvia Acid Master in Soft Computing and Intelligent Systems Department of Computer Science and Artificial Intelligence University

1.21k views • 45 slides
Edge and Corner Detection Reading: Chapter 8 (skip 8.1) Goal: Identify sudden changes

Edge and Corner Detection Reading: Chapter 8 (skip 8.1) Goal: Identify sudden changes

Edge and Corner Detection Reading: Chapter 8 (skip 8.1) Goal: Identify sudden changes (discontinuities) in an image This is where most shape information is encoded Example: artists line drawing (but artist is also using

630 views • 27 slides
Multiple Change Point Detection by Sparse Parameter Estimation Ji r Neubauer and V

Multiple Change Point Detection by Sparse Parameter Estimation Ji r Neubauer and V

Multiple Change Point Detection by Sparse Parameter Estimation Ji r Neubauer and V t ezslav Vesel y Department of Econometrics Dept. of Appl. Math. and Comp. Sci. Fac. of Economics and Management Fac. of Economics and

607 views • 38 slides
Overview Introduction to local features Harris interest points + SSD, ZNCC, SIFT

Overview Introduction to local features Harris interest points + SSD, ZNCC, SIFT

Overview Introduction to local features Harris interest points + SSD, ZNCC, SIFT Scale & affine invariant interest point detectors Scale & affine invariant interest point detectors Evaluation and comparison of

624 views • 38 slides

More recommend