systems and algorithms for smartphones improved security
play

Systems and Algorithms for Smartphones Improved Security and - PowerPoint PPT Presentation

Oct 17, 2023 •105 likes •759 views

Systems and Algorithms for Smartphones Improved Security and Usability University of Perugia Perugia, Italy, March 28, 2011 Mauro Conti Vrije Universiteit Amsterdam Amsterdam, The Netherlands mconti@cs.vu.nl

  1. Systems and Algorithms for Smartphones Improved Security and Usability —— University of Perugia Perugia, Italy, March 28, 2011 Mauro Conti Vrije Universiteit Amsterdam Amsterdam, The Netherlands mconti@cs.vu.nl http://www.cs.vu.nl/˜mconti Systems and Algorithms for Smartphones Improved Security and Usability 1 / 64

  2. Outline Introduction 1 CRePEdroid: Context-Related Policy Enforcement for Android 2 Transparent Smartphone User Authentication 3 Other Ongoing Research Projects 4 5 Ready For Take Off? Systems and Algorithms for Smartphones Improved Security and Usability 2 / 64

  3. Outline Introduction 1 CRePEdroid: Context-Related Policy Enforcement for Android 2 Transparent Smartphone User Authentication 3 Other Ongoing Research Projects 4 5 Ready For Take Off? Systems and Algorithms for Smartphones Improved Security and Usability 3 / 64

  4. Smartphones Usage Systems and Algorithms for Smartphones Improved Security and Usability 4 / 64

  5. Smartphones Usage Systems and Algorithms for Smartphones Improved Security and Usability 5 / 64

  6. Why Android? The Android platform: Support the application developer with low-level features Fine-grained security permissions bundling with applications Open source Very popular Systems and Algorithms for Smartphones Improved Security and Usability 6 / 64

  7. Android Architecture Systems and Algorithms for Smartphones Improved Security and Usability 7 / 64

  8. Android in a slide Application Framework Components: Activity, Service, Content Provider, Broadcast Receiver Security: (1) Application isolation (kernel), (2) ICC Ref. Monitor provides MAC Permissions: (1) all-or-nothing, (2) once granted, no revocation or constraints Permission Levels: normal, dangerous, signature, signature or system Systems and Algorithms for Smartphones Improved Security and Usability 8 / 64

  9. Moving Forward Research. What are we looking for? Original Idea... (it seems) we all have many better if (at a point) it soves a concrete/important problem why the state of the art does not solve the problem? Thourough Analisys and Investigation! An example? Well... probably you need Google to search for it! Systems and Algorithms for Smartphones Improved Security and Usability 9 / 64

  10. Outline Introduction 1 CRePEdroid: Context-Related Policy Enforcement for Android 2 Transparent Smartphone User Authentication 3 Other Ongoing Research Projects 4 5 Ready For Take Off? Systems and Algorithms for Smartphones Improved Security and Usability 10 / 64

  11. Authorization Policy Constraints on phone functions over the phone (e.g. Bluetooth, Camera, WiFi) Constraints on access by external systems or by the user Systems and Algorithms for Smartphones Improved Security and Usability 11 / 64

  12. Context-Related Policy Context defined by the status of different system variables (time, location, presence of the user, interaction from the user, etc.) high level contexts are also possible (e.g. is the user running? is the user alone in the room?) Policy specifying access constraints over system functions (e.g. camera, bluetooth, etc.) depending on the context Typically defined at run-time Systems and Algorithms for Smartphones Improved Security and Usability 12 / 64

  13. Examples Policy examples Bluetooth communication enabled only at home or in the office Friend profile, employee profile Camera disabling in museums, Silent mode in meeting rooms Flight mode Systems and Algorithms for Smartphones Improved Security and Usability 13 / 64

  14. Related Work Security enforcement at install time Kirin 1 , it does not support context-related run-time policies Security enforcement at run time Concept of Dynamic in Access Control 2 Saint, Secure Application Interaction 3 , allows run-time application (non user) policies enforcing—e.g application A can define: (1) which apps can access A’s interfaces, (2) how, (3) select at run time if using interface of B or C Apex 4 extends Android permissions with run time constraints—not system wide, no policy set at run time, no 3rd party policies, weak overhead evaluation Taintdroid 5 traces information handled by applications 1 [W. Enck et al. CCS ’09] 2 [V. Rao and T. Jaeger, SACMAT ’09] 3 [M. Ongtang et al., ACSAC ’09] 4 [M. Nauman et al., AsiaCCS ’10] 5 [W. Enck et al., OSDI ’10] Systems and Algorithms for Smartphones Improved Security and Usability 14 / 64

  15. CRePEdroid — Context-Related Policy Enforcement 6 Context-Related policies—with a system scope Specified by Users Trusted Third Party (i.e. Developer, Government, Employer, Device manufacturer, Network Operator, etc.) Dynamically enforced and dynamically specified 6 Mauro Conti, Vu Thien Nga Nguyen, and Bruno Crispo. CRePE: Context-Related Policy Enforcement for Android. (ISC 2010 - Springer LNCS), to appear, Boca Raton, FL, USA, October 25 - 28, 2010. - (acceptance rate 22/134 - 16.41 %) Systems and Algorithms for Smartphones Improved Security and Usability 15 / 64

  16. CRePE — Definitions Context : defined by condition(s) on attributes. A context is active if the condition is verified Policy : How the phone acts in the context. Set of rules Rule : < resource , Allowed | Denied > (e.g. R = < CAMERA , denied > ) Resource Phone functionalities (e.g. Bluetooth, Camera, WiFi, etc.) Applications, components Systems and Algorithms for Smartphones Improved Security and Usability 16 / 64

  17. CRePE — Policy Conflicts Resolution Rules might specify conflicting behaviour Labels and MAC to regulate policy/rule priority Labels relations: L 1 > L 2 > L 3 L 1 = Government L 2 = Trusted Party L 3 = User Conservative approach: Denied > Allowed Deny as default Systems and Algorithms for Smartphones Improved Security and Usability 17 / 64

  18. CRePE — Architecture Policy Provider Policy Manager CRePE Permission Check Action Performer Context Detector User Interactor Trusted Party Interactor Systems and Algorithms for Smartphones Improved Security and Usability 18 / 64

  19. Policy Provider Database to store contexts and policies Embedded inside the Android middleware Systems and Algorithms for Smartphones Improved Security and Usability 19 / 64

  20. Policy Manager Manage active contexts Set of active rules Conflict resolution Update information in Policy Provider Systems and Algorithms for Smartphones Improved Security and Usability 20 / 64

  21. Context Detector Time: system timer Location: GPS: Accurate but slow, consume much energy Easy to extend to other context sensors (i.e. movement, connectivity, etc.) Systems and Algorithms for Smartphones Improved Security and Usability 21 / 64

  22. CRePE Permission Check Hooks before Android Permission Checks CRePE Check based on the set of active rules Systems and Algorithms for Smartphones Improved Security and Usability 22 / 64

  23. Action Performer When the set of active rules is updated: Stop running applications prohibited by the set of active rules Start applications Airplane Mode Systems and Algorithms for Smartphones Improved Security and Usability 23 / 64

  24. User Interactor Support operating on contexts and policies Android application Authentication by password Systems and Algorithms for Smartphones Improved Security and Usability 24 / 64

  25. Trusted Party Interactor Support remote policy and context administration SMS messages Authentication Trust the network carrier PKI Systems and Algorithms for Smartphones Improved Security and Usability 25 / 64

  26. Security Evaluation Reduce the number of allowed accesses Not reduce security Systems and Algorithms for Smartphones Improved Security and Usability 26 / 64

  27. Overhead Evaluation CRePE Permission Check Context Detector Trusted Party Interactor Systems and Algorithms for Smartphones Improved Security and Usability 27 / 64

  28. Overhead — Permission Check Depend on the number of active rules Time overhead is small Systems and Algorithms for Smartphones Improved Security and Usability 28 / 64

  29. Overhead — Context Detector Investigated: Time overhead when activating or deactivating contexts Depending on the current configuration Experimental configuration 2 active contexts, 10 rules each, no conflict new context with 10 rules, 5 conflicts Result Operation Execution Time (millisecond) 72 . 487 ± 19 . 743 Context activation 42 . 942 ± 4 . 536 Context deactivation Time overhead is small Systems and Algorithms for Smartphones Improved Security and Usability 29 / 64

  30. Overhead — Interaction 140 CRePE core User interface Sms interface 120 Time overhead (milliseconds) 100 80 60 40 20 0 User Sms Interaction type Systems and Algorithms for Smartphones Improved Security and Usability 30 / 64

  31. Overhead — Trusted Party Interactor Operate on contexts and policies Time overhead: depend on the operation and the current configuration Experimental configurations Scenario 1: similar to the previous experimental configuration, activate the context Scenario 2: deactivate the context Scenario 3: add a new context (not enable, not set up context detector) Scenario 4: add a new rule to an inactive policy (not update the set of active rule) Scenario 5: enable a context defined by time and location (need to set up context detector) Systems and Algorithms for Smartphones Improved Security and Usability 31 / 64

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CORPORATE SECURITY IMPROVED SECURITY FOR THE MID-MARKET 1 SYNERGIES ACROSS SEGMENTS Privacy

CORPORATE SECURITY IMPROVED SECURITY FOR THE MID-MARKET 1 SYNERGIES ACROSS SEGMENTS Privacy

Jens Thonke, EVP, Cyber Security Services Jyrki Rosenberg, EVP, Corporate Cyber Security CORPORATE SECURITY IMPROVED SECURITY FOR THE MID-MARKET 1 SYNERGIES ACROSS SEGMENTS Privacy Family Connected home 2 F-Secure Capital Markets Day 2017

736 views • 19 slides
Improved Algorithms for Amplitude- and Phase-Scin9lla9on

Improved Algorithms for Amplitude- and Phase-Scin9lla9on

Improved Algorithms for Amplitude- and Phase-Scin9lla9on Indices of GPS Signals Abram Farley-Kalamazoo College ASTRA Mentors: Irfan Azeem and Adam

555 views • 26 slides
Mobile and Ubiquitous Computing on Smartphones Lecture 10b: Mobile Security and Mobile Software

Mobile and Ubiquitous Computing on Smartphones Lecture 10b: Mobile Security and Mobile Software

Mobile and Ubiquitous Computing on Smartphones Lecture 10b: Mobile Security and Mobile Software Vulnerabilities Emmanuel Agu Authentication using Biometrics Biometrics Passwords tough to remember, manage Many users have simple passwords

520 views • 38 slides
Large-Scale Invisible Attack on AFC Systems with NFC-Equipped Smartphones Fan Dang 1 , Pengfei

Large-Scale Invisible Attack on AFC Systems with NFC-Equipped Smartphones Fan Dang 1 , Pengfei

1 Large-Scale Invisible Attack on AFC Systems with NFC-Equipped Smartphones Fan Dang 1 , Pengfei Zhou 1, 2 , Zhenhua Li 1 , Ennai Zhai 3 , Aziz Mohaisen 4 , Qingfu Wen 1 , Mo Li 5 1 School of Software, Tsinghua University, China 2 Beijing

889 views • 22 slides
Floating Car Data from Smartphones: What Google And Waze Know About You and How Hackers Can

Floating Car Data from Smartphones: What Google And Waze Know About You and How Hackers Can

Floating Car Data from Smartphones: What Google And Waze Know About You and How Hackers Can Control Traffic Black Hat | Europe March 12-15, 2013 Tobias Jeske Institute for Security in Distributed Applications TU Hamburg-Harburg

951 views • 53 slides
iOS Security 101 -ish Vadim Drobinin | @valzevul About me 1. Why? iOS Security 101-ish /

iOS Security 101 -ish Vadim Drobinin | @valzevul About me 1. Why? iOS Security 101-ish /

iOS Security 101 -ish Vadim Drobinin | @valzevul About me 1. Why? iOS Security 101-ish / @valzevul 3 The average time spend on smartphones and tablets is 4h 33 mins a day BankMyCell iOS Security 101-ish / @valzevul 4 In 2018,

579 views • 55 slides
Privacy on Smartphones Presentation by Claude Barthels Roadmap TaintDroid: An

Privacy on Smartphones Presentation by Claude Barthels Roadmap TaintDroid: An

Privacy on Smartphones Presentation by Claude Barthels Roadmap TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones MockDroid: Trading Privacy for Application Functionality on Smartphones

429 views • 38 slides
13 - Computer Security Network Security 1 Context

13 - Computer Security Network Security 1 Context

13 - Computer Security Network Security 1 Context Computers connected in a network - but also: smartphones, fridges, IoT devices, Each device has an IP address Packets are routed via

771 views • 51 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

770 views • 28 slides
TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens He Sun, Kun Sun, Yuewu

TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens He Sun, Kun Sun, Yuewu

TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens He Sun, Kun Sun, Yuewu Wang, and Jiwu Jing Presented by Fengwei Zhang Wayne State University CSC 6991 Topics in Computer Security 1 Outline IntroducLon MoLvaLon

638 views • 26 slides
Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity

Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity

5/24/2017 Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity of our software and systems 12B. Authentication millions of lines of code, thousands of developers rich and powerful protocols

533 views • 14 slides
Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity

Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity

5/18/2018 Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity of our software and systems 12B. Authentication millions of lines of code, thousands of developers rich and powerful protocols

374 views • 9 slides
Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Security-Enhanced Linux Trent

474 views • 26 slides
Advanced Systems Security: Linux Security Modules Trent Jaeger Systems and Internet

Advanced Systems Security: Linux Security Modules Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Linux Security Modules Trent

872 views • 30 slides
Advanced Systems Security: Hardware Security Trent Jaeger Systems and Internet

Advanced Systems Security: Hardware Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Hardware Security Trent Jaeger

703 views • 46 slides
Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this

Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this

5/25/2019 Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this Lecture 5/25/2019 Password Topic 3: User Authentication Password strength Salt_(cryptography) Password cracking

1.03k views • 75 slides
Outline Authentication and Identity Management Authentication Computer Security: Security at

Outline Authentication and Identity Management Authentication Computer Security: Security at

Authentication and Identity Management Authentication and Identity Management Operating System and Network Security Operating System and Network Security Cyber war and terrorism Radboud University Nijmegen Cyber war and terrorism Radboud

590 views • 9 slides
Usable Security Raise the bar with implicit device pairing Stephan Sigg Department of

Usable Security Raise the bar with implicit device pairing Stephan Sigg Department of

Usable Security Raise the bar with implicit device pairing Stephan Sigg Department of Communications and Networking Aalto University, School of Electrical Engineering stephan.sigg@aalto.fi 09.10.2017 MEMORY IS A LIMITED RESOURCE Stephan

331 views • 13 slides
The Future of Markets is the Cloud CS349F: Technology for Financial Systems October 12, 2020

The Future of Markets is the Cloud CS349F: Technology for Financial Systems October 12, 2020

The Future of Markets is the Cloud CS349F: Technology for Financial Systems October 12, 2020 TECHNOLOGY TRENDS SHAPING FINANCIAL SERVICES Innovations Advancing The Landscape CLOUD SERVICES STREAMING / DATA LAKES BLOCKCHAIN INTERNET OF THINGS

2.54k views • 18 slides
FAITH-BASED ORGANIZATIONS SECTOR TELEBRIEFING County of San Diego Last Updated: 10/14/2020 W HEN

FAITH-BASED ORGANIZATIONS SECTOR TELEBRIEFING County of San Diego Last Updated: 10/14/2020 W HEN

FAITH-BASED ORGANIZATIONS SECTOR TELEBRIEFING County of San Diego Last Updated: 10/14/2020 W HEN IS THE NEXT TELEBRIEFING ? Faith-Based Telebriefings: Every 2 nd and 4 th Wednesday each month Next telebriefing: October 28, 2020 | 1pm-2pm FBO

632 views • 30 slides
Proverbs 8 Wisdom calls to you like someone shouting; understanding raises her voice. 2 On the

Proverbs 8 Wisdom calls to you like someone shouting; understanding raises her voice. 2 On the

Proverbs 8 Wisdom calls to you like someone shouting; understanding raises her voice. 2 On the hilltops along the road and at the crossroads, she stands calling. 3 Beside the city gates, at the entrances into the city, she calls out: 4 Listen,

1.13k views • 44 slides
Redempti0n: 1 tim0thy 1:12-17 Movie Clip here Redempti0n: I can 0nly imagine Redempti0n: I can

Redempti0n: 1 tim0thy 1:12-17 Movie Clip here Redempti0n: I can 0nly imagine Redempti0n: I can

Redempti0n: 1 tim0thy 1:12-17 Movie Clip here Redempti0n: I can 0nly imagine Redempti0n: I can 0nly imagine Paul: A Past Redemption Story Paul: A Past Redemption Story Paul: A Past Redemption Story Paul: A Past Redemption Story Redempti0n: I

473 views • 31 slides
Quick Exercise At the end of this sequence, how many different colors can the pixel be? if (

Quick Exercise At the end of this sequence, how many different colors can the pixel be? if (

Quick Exercise At the end of this sequence, how many different colors can the pixel be? if ( p.getRed() &gt; 127 ) red = 255; else red = 0; if ( p.getGreen() &gt; 127 ) green = 255; else green = 0; if ( p.getBlue() &gt; 127 ) blue = 255;

585 views • 14 slides

More recommend