to towards understanding android system vu
play

To Towards(Understanding(Android(System( Vu Vulnerabilities:( Te - PowerPoint PPT Presentation

Jun 08, 2023 •121 likes •332 views

ACM#Asia#Conf.#on#Comp.#and#Comm.#Security#( AsiaCCS ),#Auckland,#Jul#2019# To Towards(Understanding(Android(System( Vu Vulnerabilities:( Te Techniques(and(Insights( Daoyuan'Wu 1 ,#Debin Gao 1 ,#Eric#K.#T.#Cheng 2 ,# Yichen Cao 3

  1. ACM#Asia#Conf.#on#Comp.#and#Comm.#Security#( AsiaCCS ),#Auckland,#Jul#2019# To Towards(Understanding(Android(System( Vu Vulnerabilities:( Te Techniques(and(Insights( Daoyuan'Wu 1 ,#Debin Gao 1 ,#Eric#K.#T.#Cheng 2 ,# Yichen Cao 3 ,#Jintao#Jiang 3 ,#and#Robert#H.#Deng 1 1 2 3

  2. An Android'has'become'the'most'popular'system A"global" market"share" at"over" 80% since"2013 2 https://www.statista.com/statistics/266136/global5market5share5held5by5smartphone5operating5systems/

  3. Mor More%a %and%mor %more%a %attacks%t %targeted%a %at%A %Androi oid 3

  4. Prior%Arts%in%analyzing%Android%vulnerabilities Pr Woodpecker$ [NDSS’12]$ CHEX$ [NDSS’12]$ SSLMalloDroid [CCS’12]$ CryptoLint [CCS’13]$ FileAtk [ISC’14]$ CredMiner [WiSec’15]$ UnixSocket [CCS’16]$ XAWI$ [CCS’17]$ OSV$ [S&P’18]$ App$level$extensively$studied$ System$level$much$less$ explored$in$the$literature • Mostly$on$framework$issues • [CCS’15],$[NDSS’16],$[NDSS’18]$... • Specific$drivers:$ ION$[CCS’16]$Binder$[ACSAC’16] • And$their$exposed$interfaces:$ [S&P’14]$and$[USENIX$SEC’18] 4

  5. Go Google le&main aintain ained&a& a&new&source ce&for&whit ite4 ha hats&to&repo eport&Andr ndroid& d&system em&vul vulner nerabi bilities es Android(Security( Bulletin(program 2,179&vulnerabilities& reported(over(around( three(years (08/2015(>> 06/2018) Could&we&effectively mine&these&vulnerabilities&for&insights? 5

  6. Ou Outline • Background+and+Objectives • Our+analysis+framework • Some+interesting+results 6

  7. A" A"sample"webpage"of"An Android"Security"Bu Bulletin Commit'description Patched'code'file(s) Detailed'code'fragments 7

  8. An Analysis(Objectives( platform/system/bt/bta/dm/bta.cc Modules)of) Patch)Code) Patch)Code) Vulnerabilities Complexity Patterns <h3)id="eopvHinHservicemanager">) Shed)light)on)the)system) Implementation)bugs) These)patterns)can)be) modules)that)are) can)be)an)important) leveraged)for) susceptible)and)require) source)of)Android) automatic)vulnerability) more)security)attention. system)vulnerabilities. detection. Need)a)database)structure)that)can)store)all)the)text)and)code) information)in)an)organized)and)searchable structure.) 8

  9. Des esigni gning' ng'a'Hi Hier erarchi hical'Databa base' e'Str truc uctur ture {"cmds/servicemanager/Android.mk":[{"line ":1, "code":[["D","LOCAL_SHARED_LIBRARI One vulnerability record in the metadata DB ES := liblog libselinux"], ["A","LOCAL_SHARED_LIBRARIES := “add”%”del” liblog libcutils libselinux"]]}], "cmds/servicemanager/service_manager.c":[{ “ctx”%“hunk” "line":1, "code":[["D","if (uid >= AID_APP) {"], ["A","if (multiuser_get_app_id(uid) >= AID_APP) {"]]}]} One or more code fragments in Two corresponding records in the patch code DB each JSON block select'median'('json_array_length(value)') searchable from'PatchTable,'json_each(PatchTable.DiffCode) where'PatchTable.DiffCode like''{%}''and'key not'like''%.s'; 9

  10. A" A"robust"method"to"study"the"complexity of of"p "patch"c "cod ode Must-exclude-auxiliary-code-lines:-blank,-import/include,-and-comment lines. countFrag =-max(countAdd,-countDel)- @ (ps_sps@>i1_log2_ctb_size->-6))- countFrag =-2 +-(ps_sps@>i1_log2_ctb_size->-6)-||- +-(ps_sps@>i2_pic_width_in_luma_samples-%-(1-<<-ps_sps@>i1_log2_min_coding_block_size)-!=-0)) countFile =-sum(countFrag)- 10

  11. Au Automatically+Cl Clustering+Patch+Co Code+Patterns uint8_t --> uint32_t uint8_t --> uint16_t writeLong --> writeInt Extract Diff Code … essential Fragments --> = 0 changes if --> if || value <= 0 %p --> %pK [[ 1. 0.96774193 ..., 0.67603485] Cluster 1 Cluster N [ 0.96296296 1. ..., 0.68240740] Generate uint8_t --> %p --> %pK [ 0.97530864 0.95238095 ..., 0.68954248] … Calculate %p --> %pK clusters uint32_t ..., … %p --> %pK uint8_t --> pairwise via affinity [ 0.58308895 0.63878788 ..., 0.99649122] %p --> %pK uint16_t … similarity propagation … [ 0.59872153 0.59206192 ..., 1. ] … [Science’07] %p --> %pK uint8_t --> [ 0.57966764 0.56245791 ..., 0.99649122]] %p --> %pK uint16_t 11

  12. Dataset& t&and& nd&Vul ulner nerabi bility ty&Metada data 2,179&vulnerabilities;&1,349&publicly&available&patches 81%% (1,773) 55%%(1,208) +23% 12

  13. An Analysis(of( 8% Vul ulner nerabl ble( e( Mod Modules 92% 13

  14. Cod Code%that%was%frequently%report orted%vulnerable Can&help&developers&avoid&making&similar&mistakes&in&the&same&module&or&code 14

  15. An Analysis(of(Patch(Co Code(Co Complexity 60%$requiring$only$one$file$change 15

  16. An Analysis(of(Patch(Co Code(Co Complexity((Co Cont’d) 50%$fixable$in$less$than$10$lines$of$code 20%$requiring$only$one/two$lines$of$code 16

  17. In Inter ermedia ediate* e*res esults ults*of*our ur*pa patter ern* n*clus luster ering ing 19% 9%non: 83% 33% 84.8%% security% security% initial% actual% associated% clusters clusters clusters clusters with%certain% patterns 50%small:size% clusters%with%fewer% than%10%code% 16%vulnerability% fragments%each patterns 17

  18. 16#Cl 16#Clustered#P #Pattern rns#f #for#A or#Androi oid#S #System#V m#Vulns Six&new&patterns:&P1,&P2,&P3,&P9,&P12,&P14 Two&more&Android;specific&patterns:&P4,&P7 18

  19. P3 P3:$In Inconsis isten ent$ t$Android id$Pa Parcelable se serialization CVE<2017<13315:) CVE<2017<13288:) telephony/java/com/android/intern core/java/android/bluetooth/le/ al/telephony/DcParamObject.java PeriodicAdvertisingReport.java Intent)Overflow)Attack public)void)writeToParcel(Parcel)dest,)int)flags)){ public)void)writeToParcel(Parcel)dest,)int)flags)){ < dest.writeLong(mSubId); dest.writeInt(syncHandle); +)))))))dest.writeInt(mSubId); < dest.writeLong(txPower); } +)))))))dest.writeInt(txPower); private)void)readFromParcel(Parcel)in)){ dest.writeInt(rssi); mSubId =)in. readInt (); Trigger)malicious)Intent dest.writeInt(dataStatus); } 19 http://www.ms509.com/2018/07/03/bundle:mismatch/

  20. P7 P7:$Mis issin ing$Android id$per ermis issio ion/UID UID$chec eckin ing CVEA2017A13236:1 Kratos [NDSS’16]1 AceDroid [NDSS’18]1 keystore/key_store_service.cpp Only1for1the1frameworkAlevel1Java1code (nativeAlevel1C/C++1code) A if1(!checkBinderPermission(P_GEN_UNIQUE_ID)) +111if1(!checkBinderPermission(P_GEN_UNIQUE_ID)1|| originalUid !=1IPCThreadState::self()A>getCallingUid()) { return1ResponseCode::PERMISSION_DENIED; } 20

  21. Con Conclusion on)and)Future)Work ork • Conducted)the)first)systematic)study)of)Android)system)vulnerabilities)by) analyzing)all)2,179)vulnerabilities)and)their)1,349)publicly)available)patches)on) the)Android)Security)Bulletin)program)over)around)three)years. • Proposed)an)analysis)framework)and)its)three)analyzers,)including)the)novel) similarityFbased)clustering)algorithm,)to: • Pinpoint)the)modules)of)Android)vulnerabilities; • Study)the)complexity)of)Android)patch)code; • Obtain)16)vulnerability)patterns,)including)six)new)ones)not)in)the)literature. • Future&work :)Improve)our)clustering)algorithm)to)support)long)code)fragments,) because)the)current)version)is)limited)to)short)code)fragments)only. Contact:)Daoyuan)Wu Twitter)@ dao0x 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

APPLICATIONS UDAY LINGALA CSCI 5448, Fall 2012 Content Introduction to Android system

APPLICATIONS UDAY LINGALA CSCI 5448, Fall 2012 Content Introduction to Android system

ANDROID AND ANDROID APPLICATIONS UDAY LINGALA CSCI 5448, Fall 2012 Content Introduction to Android system What is android? History Android Market Why Android Design philosophy System Architecture Features

802 views • 40 slides
Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to use operating system that powers more than a billion devices across the globe - from phones and tablets to watches, TV, cars and more to come.

464 views • 21 slides
Mobile Development Workshop ANDROID REFRESHER Overview The Android operating system Views,

Mobile Development Workshop ANDROID REFRESHER Overview The Android operating system Views,

Mobile Development Workshop ANDROID REFRESHER Overview The Android operating system Views, Layouts and Activities Event listeners Using Intents to request actions First up Start a new project in Android Studio Call it Before and After

4.96k views • 19 slides
CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

583 views • 31 slides
CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

1.49k views • 70 slides
Small Changes, Big Changes: An Updated View on the Android Permission System Yury Zhauniarovich

Small Changes, Big Changes: An Updated View on the Android Permission System Yury Zhauniarovich

Small Changes, Big Changes: An Updated View on the Android Permission System Yury Zhauniarovich Olga Gadyatskaya RAID 2016 Sensitive Resource Protection in Android Android is the most popular mobile OS: - ~ 2 billion of third-party apps

523 views • 24 slides
CS 528 Mobile and Ubiquitous Computing Lecture 2: Android Introduction and Setup Emmanuel Agu

CS 528 Mobile and Ubiquitous Computing Lecture 2: Android Introduction and Setup Emmanuel Agu

CS 528 Mobile and Ubiquitous Computing Lecture 2: Android Introduction and Setup Emmanuel Agu What is Android? Android is worlds leading mobile operating system Google: Owns Android, maintains it, extends it Distributes Android

388 views • 38 slides
CS 403X Mobile and Ubiquitous Computing Lecture 2: Introduction to Android Emmanuel Agu What is

CS 403X Mobile and Ubiquitous Computing Lecture 2: Introduction to Android Emmanuel Agu What is

CS 403X Mobile and Ubiquitous Computing Lecture 2: Introduction to Android Emmanuel Agu What is Android? Android is worlds leading mobile operating system Google: Owns Android, maintains it, extends it Distributes Android OS,

589 views • 35 slides
CS 528 Mobile and Ubiquitous Computing Lecture 1b: Introduction to Android Emmanuel Agu What is

CS 528 Mobile and Ubiquitous Computing Lecture 1b: Introduction to Android Emmanuel Agu What is

CS 528 Mobile and Ubiquitous Computing Lecture 1b: Introduction to Android Emmanuel Agu What is Android? Android is worlds leading mobile operating system Open source (https://source.android.com/setup/) Google: Owns Android,

652 views • 43 slides
Understanding the Characteristics of Android Wear OS Renju Liu and Felix Xiaozhu Lin Purdue ECE

Understanding the Characteristics of Android Wear OS Renju Liu and Felix Xiaozhu Lin Purdue ECE

Understanding the Characteristics of Android Wear OS Renju Liu and Felix Xiaozhu Lin Purdue ECE The Wearable stack 5 Top questions Wearables should enjoy Baremetal performance Baremetal efficiency In this talk: Android Wear

686 views • 47 slides
Luca Bedogni Dipartimento di Scienze dellInformazione Universit di Bologna Outline Android

Luca Bedogni Dipartimento di Scienze dellInformazione Universit di Bologna Outline Android

Programming with Android: System Architecture Luca Bedogni Dipartimento di Scienze dellInformazione Universit di Bologna Outline Android Architecture: An Overview Android Java Virtual Machine Android Components: Activities Android

752 views • 51 slides
Luca Bedogni Dipartimento di Scienze dellInformazione Universit di Bologna Outline Android

Luca Bedogni Dipartimento di Scienze dellInformazione Universit di Bologna Outline Android

Programming with Android: System Architecture Luca Bedogni Dipartimento di Scienze dellInformazione Universit di Bologna Outline Android Architecture: An Overview Android Java Virtual Machine Android Components: Activities Android

804 views • 56 slides
Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2 Anthony Morris Jan-Felix Schmakeit Tech Lead, Android Maps API Android Developer Relations Code, Slides, Worksheet: http://goo.gl/MfY67 Welcome!

687 views • 49 slides
Building Android Dental Camera System Android Builders Summit 2014 Rafael Coutinho - Software

Building Android Dental Camera System Android Builders Summit 2014 Rafael Coutinho - Software

Building Android Dental Camera System Android Builders Summit 2014 Rafael Coutinho - Software Engineer www.phiinnovations.com Agenda Scenario Motivation Project requirements Challenges and solutions Final solution

747 views • 36 slides
Outline Introduction of Android System Four primary application components

Outline Introduction of Android System Four primary application components

Xin Pan CSCI5448 2011 Fall Outline Introduction of Android System Four primary application components AndroidManifest.xml Introduction of Android Sensor Framework Package Interface Classes Examples of Using

434 views • 42 slides
Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig Trusted Systems Research National Security Agency Motivation Android security relies on Linux DAC. To protect the system from apps. To

480 views • 21 slides
Starforming rings in lenticular galaxies Olga K. Silchenko, Sternberg Astronomical Institute

Starforming rings in lenticular galaxies Olga K. Silchenko, Sternberg Astronomical Institute

Starforming rings in lenticular galaxies Olga K. Silchenko, Sternberg Astronomical Institute of the Lomonosov Moscow State University, in collaboration with Irina Proshina, Irina Kostiuk, Marina Ilyina, Ivan Katkov, Alexei Kniazev, Alexei

471 views • 13 slides
JUNIT JUnit ( http://www.junit.org ) is a framework for writing tests in Java, written by Erich

JUNIT JUnit ( http://www.junit.org ) is a framework for writing tests in Java, written by Erich

JUNIT JUnit ( http://www.junit.org ) is a framework for writing tests in Java, written by Erich Gamma (of Design Patterns fame) and Kent Beck (creator of Extreme Programming methodology). It has become the unofcial standard for Java testing

528 views • 7 slides
FUTURE FERMILAB NANOCAM DEVELOPMENT fast NIR/Optical/UV spectroscopic counters Estrada /

FUTURE FERMILAB NANOCAM DEVELOPMENT fast NIR/Optical/UV spectroscopic counters Estrada /

FUTURE FERMILAB NANOCAM DEVELOPMENT fast NIR/Optical/UV spectroscopic counters Estrada / Stebbins 2018-04-11 Fermilab Fermilab Batavia, USA TECHNICAL MILESTONE: coherence GROUND BASED OPTICAL patches distance size x c

499 views • 12 slides
Acumen A Cyber-Physical (CPS) Modeling Language Rigorous Simulation Walid Taha Halmstad

Acumen A Cyber-Physical (CPS) Modeling Language Rigorous Simulation Walid Taha Halmstad

Acumen A Cyber-Physical (CPS) Modeling Language Rigorous Simulation Walid Taha Halmstad University and Rice University Rigorous Simulation Aaron Ames, Kevin Atkinson , Jerker Bengtsson, Raktim Bhattacharya, Paul Brauner, Robert Cartwright,

887 views • 44 slides
A Consideration about Second Screen Senario Kensaku KOMATSU NTT Communications Corporation

A Consideration about Second Screen Senario Kensaku KOMATSU NTT Communications Corporation

A Consideration about Second Screen Senario Kensaku KOMATSU NTT Communications Corporation Innovative IP Architecture Center Agenda Corporate Profile Target and Objective Use case consideration Proposals Technical

638 views • 15 slides
Online Learning with Kernel Losses Aldo Pacchiano UC Berkeley Joint work with Niladri Chatterji

Online Learning with Kernel Losses Aldo Pacchiano UC Berkeley Joint work with Niladri Chatterji

Online Learning with Kernel Losses Aldo Pacchiano UC Berkeley Joint work with Niladri Chatterji and Peter Bartlett 1 Talk Overview Intro to Online Learning Linear Bandits Kernel Bandits 2 Online Learning 3 Online Learning t = 1

1.64k views • 97 slides
Chapter 2 Integer Programming Paragraph 1 Total Unimodularity What we did so far We

Chapter 2 Integer Programming Paragraph 1 Total Unimodularity What we did so far We

Chapter 2 Integer Programming Paragraph 1 Total Unimodularity What we did so far We studied algorithms for solving linear programs Simplex (primal, dual, and primal-dual) Ellipsoid Method (proving LP is in P) Interior Point

446 views • 18 slides
Using Collocated AVHRR Imager Background and Motivation Measurements to Constrain Cloud Cleared

Using Collocated AVHRR Imager Background and Motivation Measurements to Constrain Cloud Cleared

AVHRR IASI E. Maddy et al. Using Collocated AVHRR Imager Background and Motivation Measurements to Constrain Cloud Cleared Collocation Radiances from IASI Cloud Clearing E. S. Maddy 1 , 2 , T. S. King 1 , 2 ,H. Sun 1 , 2 , W. W. Wolf 2 ,

682 views • 25 slides

More recommend