the android ecosystem
play

the Android Ecosystem Yury Zhauniarovich Advisor: Bruno Crispo - PowerPoint PPT Presentation

Apr 15, 2023 •164 likes •575 views

Improving the Security of the Android Ecosystem Yury Zhauniarovich Advisor: Bruno Crispo University of Trento Agenda Introduction Providing Software and Data Isolation on Android Enabling Attestation Service for the Android

  1. Improving the Security of the Android Ecosystem Yury Zhauniarovich Advisor: Bruno Crispo University of Trento

  2. Agenda  Introduction  Providing Software and Data Isolation on Android  Enabling Attestation Service for the Android platform  Detecting Repackaged Android Applications  Analyzing Android Apps in the Presence of Dynamic Class Loading and Reflection  Summary 2

  3. What is Smartphone?  Have “phone” capabilities  Equipped with different sensors  Can run third-party applications  Controlled by a special mobile operating system Smartphone is a source of very sensitive user information 3

  4. Why Android?  On about 82% of all new mobile devices  1+ billion devices activated  1+ million apps on Google Play  Open source  Open ecosystem  Numerous third-party markets of different flavors (F-Droid, Yandex.Store, Amazon, etc.) 4

  5. Agenda  Introduction  Providing Software and Data Isolation on Android  Enabling Attestation Service for the Android platform  Detecting Repackaged Android Applications  Analyzing Android Apps in the Presence of Dynamic Class Loading and Reflection  Summary 5

  6. MOSES: Motivation  Same device multiple virtual environment (e.g., in BYOD scenarios)  Demand to increase the control over the capabilities of third-party apps, e.g., prohibit access to location  Lack for context-based enforcement of security policies on Android  Absence of remote control over virtual environments by the owners 6

  7. MOSES: State Of the Art  Secure containers – e.g., Aurasium by R.Xu et al. (USENIX Security ’12) – usually, 2 virtual environment (private and work) – app rewriting usage  Mobile paravirtualization – e.g., L4Android by M.Lange et al. (ACM SPSM ’11) – predefined number of operation modes – battery-consuming solutions  Linux containers – e.g., Cells by J.Andrus et al. (ACM SOSP ’11) – switching requires user interaction – virtual environments are hard-coded 7

  8. MOSES: Problem Issue 1: How to provide several virtual environments  on the same device – users are not willing to carry several devices  that separate data and apps belonging to different usage contexts – app developers should not rewrite their apps according to new rules  managed by different owners – e.g., working environment is controlled by company administrators  avoiding energy demanding (para)virualization solutions? – smartphones require long working time without recharging 8

  9. MOSES: Idea  IDEA: Provide a possibility to create virtual environments (or Security Profiles (SP)) through policy-based framework so that applications in one SP cannot access the data of the same app in another SP. Ensure the control over Security Profiles to the owners. Equip SPs with an ability to enforce fine-grained policies. 9

  10. MOSES: Architecture 10

  11. MOSES Configuration: Security Profile Creation create_profile “private” in_mode “permissive” with_priority “50”; allow_apps “*”; add_sr “ browser_deny_receive_from_google ” on_position “10”; activate_in_context “home”; 11

  12. MOSES Configuration: Context Definition “home”; create_context condition [(latitude=“55”) AND (longitude=“11”) AND (radius=“1000m”)]; 12

  13. MOSES Configuration: Special Rule Creation create_sr “ browser_deny_receive_from_google ”; action “deny”; package “ com.google.android.browser ”; operation “receive internet data”; target “ google *”; perform []; 13

  14. MOSES: Contributions  First policy-based solution for virtual environments on Android  Manual and context-based Security Profiles activation  Security Profiles and Contexts are not predefined, users can configure them dynamically  Possibility to confine applications using fine-grained security policies  Compatible with existing applications Y. Zhauniarovich, G. Russello, M. Conti, B. Crispo, E. Fernandes. “MOSES: Supporting and Enforcing Security Profiles on Smartphones ”. In IEEE TDSC, to appear in 2014. G. Russello, M. Conti, B. Crispo, E. Fernandes , Y. Zhauniarovich. “Demonstrating the Effectiveness of MOSES for Separation of Execution Modes”. In Proc. of CCS’12, 2012. 14

  15. Agenda  Introduction  Providing Software and Data Isolation on Android  Enabling Attestation Service for the Android platform  Detecting Repackaged Android Applications  Analyzing Android Apps in the Presence of Dynamic Class Loading and Reflection  Summary 15

  16. TruStore: Motivation  No possibility to prohibit the installation of uncertified applications in BYOD scenarios  Large number of third-party markets (Google Play, Yandex.Store, F-Droid, etc.)  Users trust more to the markets that perform application vetting 16

  17. TruStore: Problem Issue 2: How to support an attestation service on the Android platform maintaining  the openness of the ecosystem, – all markets should have the same possibility to distribute their apps – a user decides to which markets she trusts more  backward compatibility with already developed apps? – app developers should not rewrite their apps according to new rules 17

  18. TruStore: Idea  Apple centralized architecture  IDEA: If an application has passed the vetting process of a market, sign it with the market certificate. Ensure on the client-side that only applications signed with the approved certificates can be installed on the device.  PROBLEM: Android has open ecosystem 18

  19. TruStore: Approach 19

  20. TruStore: Contributions  We proposed an approach to support attestation services for the Android platform: – supports the open nature of the Android ecosystem – does not change current development, signing and publishing workflow – can be applied to already developed applications – allows to prohibit installation of uncertified apps in BYOD scenarios Y. Zhauniarovich, O. Gadyatskaya, B. Crispo . “DEMO: Enabling Trusted Stores for Android”. In Proc. of CCS’13, 2013. 20

  21. Agenda  Introduction  Providing Software and Data Isolation on Android  Enabling Attestation Service for the Android platform  Detecting Repackaged Android Applications  Analyzing Android Apps in the Presence of Dynamic Class Loading and Reflection  Summary 21

  22. Application Build Process Android Project Android Package (.apk) .dex resources. source code files arsc Compilation resources uncompiled resources and Packaging assets assets AndroidManifest.xml AndroidManifest.xml Developer Signing certificate Device 22

  23. Repackaging Developer Rebranding certificate (good) (same) Android Package (.apk) .dex resources. files arsc Device uncompiled resources Signing assets AndroidManifest.xml Adversary Plagiarizing Developer certificate (bad) signature (different) 23

  24. Motivation  App repackaging is very easy on Android: – Fetch an app  Disassemble  Change  Assemble  Sign with own certificate  Publish  The code of the application can be easily changed – smali/backsmali, AndroGuard, dex2jar, etc.  Plagiarizing is used to: – steal advertising revenues (14% of ad revenues)* – collect user database (10% of user base)* – malware distribution (86% of Android malware samples use this distribution channel)** * C.Gibler et al. “ Adrob: examining the landscape and impact of Android application plagiarism”. In Proc. of MobiSys ’13 ** Y. Zhou, X. Jiang. “Dissecting Android malware: Characterization and Evolution”. In Proc. of S&P ’12 24

  25. Problem: Repackaging Issue 3: How to detect repackaged Android applications  fast – 1+ million apps only on Google Play – 100+ third-party markets – pair-wise comparison  in effective way? – need for a similarity metric to what extent one app is similar to another 25

  26. FSquaDRA: Idea  Repackaged apps want to maintain the “look and feel” of the originals – Opera Mini fake app: 230 of 234 files are the same  IDEA: compare apps based on the included resource files ( same files  same apps ) 26

  27. FSquaDRA: Approach  Obtain hashes of all files inside two apps  Calculate Jaccard index for the extracted hashes: H i – set of hashes of files in apk i  Compare the obtained value with a threshold  PROBLEM: How to compute hashes efficiently? 27

  28. App Signing Internals As a part of application signing process SHA1 digest of each file inside apk is calculated 28

  29. FSquaDRA: Contributions  We are the first who detect repackaged apps based on resource files  Dataset: 55779 apps collected from 8 markets  Faster than any known competitor – DNADroid by J. Crussell et al. (ESORICS 2012) - 0.012 app pair/sec • PDG subgraph isomorphism • Hadoop MapReduce framework with a server and 3 desktops – Juxtapp by S. Hanna et al. (DIMVA 2012) - 49.4 app pair/sec • k -grams of opcodes  hashing  feature vector  Jaccard distance • Intel Xeon CPU (8 cores) , 8GB of RAM – Our approach - 6700 app pair/sec  Our resource-based similarity score is highly correlated with the code- based similarity score of AndroGuard ( 0.79 for plagiarizing, 0.58 for rebranding ) Y. Zhauniarovich, O. Gadyatskaya, B. Crispo, F. La Spina, E. Moser. “ FSquaDRA : Fast Detection of Repackaged Applications”. In Proc. of DBSec’14, to appear in 2014. 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2 Anthony Morris Jan-Felix Schmakeit Tech Lead, Android Maps API Android Developer Relations Code, Slides, Worksheet: http://goo.gl/MfY67 Welcome!

687 views • 49 slides
Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to use operating system that powers more than a billion devices across the globe - from phones and tablets to watches, TV, cars and more to come.

464 views • 21 slides
CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest

CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest

Project #1: Color Guess Game CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="net.cserna.bence.colorguess

201 views • 3 slides
What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4

What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4

What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4 Development, Meier, Ch 11, pg 437 Speech recognition: Accept inputs as speech (instead of typing) e.g. dragon dictate app? Note: Google

333 views • 16 slides
Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android

Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android

Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android which gives us the liberty to perform heavy tasks in the background and keep the UI thread light thus making the application more responsive. Basic

240 views • 5 slides
Introducing OpenPush A Free, Decentralized Push Messaging Framework for Android Marcus Hoffmann -

Introducing OpenPush A Free, Decentralized Push Messaging Framework for Android Marcus Hoffmann -

Introducing OpenPush A Free, Decentralized Push Messaging Framework for Android Marcus Hoffmann - bubu@bubu1.eu 1 / 31 About Me Hi, I'm Marcus! Free software developer from Berlin. Working on a free Android ecosystem. F-Droid core

358 views • 31 slides
Android Android Application Development - Ashwin Agenda Android Platform Overview

Android Android Application Development - Ashwin Agenda Android Platform Overview

Android Android Application Development - Ashwin Agenda Android Platform Overview Installation Building Blocks Application Development Development Tools Source walk through Introduction to Android Open software

978 views • 49 slides
CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

1.49k views • 70 slides
CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

583 views • 31 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle

CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle

CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle Emmanuel Agu Android UI Design Example GeoQuiz App Reference: Android Nerd Ranch, pgs 1 32 App presents questions to test users knowledge

1k views • 96 slides
Services Android Services A Service is an application component that runs in the background, not

Services Android Services A Service is an application component that runs in the background, not

Lesson 22 Lesson 22 Android Android Services Victor Matos Cleveland State University Cleveland State University Notes are based on: Android Developers http://developer.android.com/index.html Portions of this page are reproduced from work

692 views • 26 slides
Android Pre-requisites 1 Android To Dos Make sure you have working

Android Pre-requisites 1 Android To Dos Make sure you have working

Android Pre-requisites 1 Android To Dos Make sure you have working install of Android Studio Make sure it works by running Hello, world App On emulator

666 views • 24 slides
Android Michael Greifeneder Image source: Android homepage Inhalt Overwiew Hardware

Android Michael Greifeneder Image source: Android homepage Inhalt Overwiew Hardware

Android Michael Greifeneder Image source: Android homepage Inhalt Overwiew Hardware Software Development Tools Basics Debugging/Emulator Location Demo Android And Me Why I like Android Blend of Linux

1.01k views • 25 slides
CS 403X Mobile and Ubiquitous Computing Lecture 2: Introduction to Android Emmanuel Agu What is

CS 403X Mobile and Ubiquitous Computing Lecture 2: Introduction to Android Emmanuel Agu What is

CS 403X Mobile and Ubiquitous Computing Lecture 2: Introduction to Android Emmanuel Agu What is Android? Android is worlds leading mobile operating system Google: Owns Android, maintains it, extends it Distributes Android OS,

589 views • 35 slides
CS 528 Mobile and Ubiquitous Computing Lecture 2: Android Introduction and Setup Emmanuel Agu

CS 528 Mobile and Ubiquitous Computing Lecture 2: Android Introduction and Setup Emmanuel Agu

CS 528 Mobile and Ubiquitous Computing Lecture 2: Android Introduction and Setup Emmanuel Agu What is Android? Android is worlds leading mobile operating system Google: Owns Android, maintains it, extends it Distributes Android

388 views • 38 slides
Example on 2D potential with 4 wells Simulations by Masha Cameron Monday, October 8, 12 Spectral

Example on 2D potential with 4 wells Simulations by Masha Cameron Monday, October 8, 12 Spectral

Reaction Pathways of Metastable Markov Chains - LJ clusters Reorganization Eric Vanden-Eijnden Courant Institute Spectral approach to metastability - sets, currents, pathways; Transition path theory or how to focus on a specific

886 views • 20 slides
An Efficient Memory-Mapped Key-Value Store for Flash Storage Anastasios Papagiannis, Giorgos

An Efficient Memory-Mapped Key-Value Store for Flash Storage Anastasios Papagiannis, Giorgos

An Efficient Memory-Mapped Key-Value Store for Flash Storage Anastasios Papagiannis, Giorgos Saloustros, Pilar Gonzlez-Frez, and Angelos Bilas Institute of Computer Science (ICS) Foundation for Research and Technology Hellas (FORTH)

2.85k views • 31 slides
Simplicity and informativeness in the cultural evolution of language Jon W. Carr, Kenny Smith,

Simplicity and informativeness in the cultural evolution of language Jon W. Carr, Kenny Smith,

Simplicity and informativeness in the cultural evolution of language Jon W. Carr, Kenny Smith, Jennifer Culbertson, Simon Kirby Centre for Language Evolution School of Philosophy, Psychology and Language Sciences University of Edinburgh

862 views • 43 slides
TLB misses - The Missing Issue of Adaptive Radix Tree? Petrie Wong Ziqiang Feng Wenjian Xu

TLB misses - The Missing Issue of Adaptive Radix Tree? Petrie Wong Ziqiang Feng Wenjian Xu

TLB misses - The Missing Issue of Adaptive Radix Tree? Petrie Wong Ziqiang Feng Wenjian Xu Eric Lo Ben Kao Department of Computer Science, The University of Hong Kong Department of Computing, The Hong Kong Polytechnic University

412 views • 27 slides
Managing Security Investment Part IV Tyler Moore Computer Science & Engineering Department,

Managing Security Investment Part IV Tyler Moore Computer Science & Engineering Department,

Notes Managing Security Investment Part IV Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX September 27, 2012 Baseline investment models Information security risk management Measuring the security level Notes

439 views • 6 slides
A Journey through iOS Malware Landscape Evolu;on &

A Journey through iOS Malware Landscape Evolu;on &

A Journey through iOS Malware Landscape Evolu;on & Characteriza;on Laura Garca 1 & Ricardo J. Rodrguez 2 1 Planet Earth 2 University of Zaragoza, Spain >whoami Laura Garca

659 views • 47 slides
StormDroid: A streaminglized Machine Learning-Based System for Detecting Android Malware Sen

StormDroid: A streaminglized Machine Learning-Based System for Detecting Android Malware Sen

StormDroid: A streaminglized Machine Learning-Based System for Detecting Android Malware Sen Chen, Minhui Xue, Zhushou Tang, Lihua Xu, Haojin Zhu Malware Detection in Android 1.6 million apps in Google Play Store in July 2015

441 views • 22 slides
S N he e ur a title Operated by Los Alamos National Security, LLC for the U.S. Department of

S N he e ur a title Operated by Los Alamos National Security, LLC for the U.S. Department of

S N he e ur a title Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA S Los Alamos National Laboratory LA-UR-17-24107 MarFS and DeltaFS @ LANL you e User Level FS Challenges and Opportunities logo

1k views • 28 slides

More recommend