using labeling to prevent cross service attacks against
play

Using Labeling to Prevent Cross-Service Attacks Against Smart Phones - PowerPoint PPT Presentation

Oct 06, 2022 •32 likes •242 views

Using Labeling to Prevent Cross-Service Attacks Against Smart Phones Collin Mulliner, Giovanni Vigna University of California, Santa Barbara David Dagon, Wenke Lee Georgia Institute of Technology, Atlanta Using Labeling to Prevent

  1. Using Labeling to Prevent Cross-Service Attacks Against Smart Phones Collin Mulliner, Giovanni Vigna University of California, Santa Barbara David Dagon, Wenke Lee Georgia Institute of Technology, Atlanta Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  2. Smart Phones ● Combination of PDAs and mobile phones ● Integrate multiple wireless networking technologies  Wireless LAN, Bluetooth, GSM/CDMA/UMTS, IrDA ● Support installation of 3 rd -party software  For example: VoIP clients, FTP servers, games 2 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  3. Contributions ● Devised Cross-Service Attacks, a new class of attacks against smart phones ● Created a proof-of-concept cross-service attack ● Developed a protection mechanism to prevent cross- service attacks 3 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  4. Introduction to Cross-Service Attacks ● Smart phones integrate different network services  GSM, Wireless LAN, Bluetooth, IrDA ● Integration is often done without taking into account the specific characteristics of the different services  For example: free vs. pay-per-use services ● An attacker can leverage the interaction between different types of network services  For example: gain access to pay-per-use services by exploiting free services 4 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  5. Service Protection ● Local and personal area wireless networking services  Devices do not offer comprehensive protection mechanisms  Many smart phone applications are developed without security in mind ● Mobile phone services  Service providers protect their customers ● For example: firewalling 5 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  6. Crossing Service Boundaries ● Attack device using local area wireless networking service  Exploit insecure configuration of local area wireless networks and networked applications  Take control of the device ● Access mobile phone service ( cross service boundaries )  Initiate phone calls or send text messages  Exploit pay-per-use services to defraud user ● For example: 900/0190 calls and/or premium rate text messages 6 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  7. Attack Scenario ● Coffee shop with free wireless Internet access  Attacker looks for smart phones joining the wireless network  Exploits vulnerable device and causes financial damage 7 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  8. A Proof-of-Concept Attack ● Targets PocketPC-based smart phones  PocketPC is the WindowsCE version for smart phones ● Performs buffer overflow/stack-smashing attack against an FTP server  Shellcode accesses mobile phone interface and initiates call ● Overcomes complications due to WindowsCE architecture  Need to load special DLL for accessing the phone interface  Need to guess correct return address 8 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  9. Cross-Service Exploit 9 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  10. Preventing Cross-Service Attacks ● Stack protection (for preventing stack-smashing attacks)  Not available or rarely used on mobile devices  Does not prevent exploitation of application-logic errors  Does not protect against Trojan horses ● Other protection mechanisms needed  Detect and prevent attempts to cross service boundaries 10 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  11. Preventing Cross-Service Attacks Through Labeling ● Developed a security mechanism that tracks and controls network interface access using labeling  A label indicates contact with a specific network interface  A user-defined policy defines which labels should prevent access to a specific network interface ● Labels are assigned to processes as they access network interfaces ● Labels are transferred between processes and files on access or execution 11 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  12. Tracking and Controlling Network Access ● Developed a kernel-level reference monitor  Intercepts security-critical system calls  Assigns labels to processes and transfers them between processes and resources  Enforces access control policies ● Intercepted security-critical system calls:  socket(AF_INET, ...) IP-based network access  open(...) File and device access  execve(...) Program execution 12 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  13. Labeling Processes and Files ● Interface access  The process' labels are compared with the access control policy ● Access is permitted or denied  The process is labeled with label of accessed interface ● Resource/file write access and process creation  Files and processes inherit labels of creating process ● Resource/file read access and application execution  Process inherits labels from accessed and executed file 13 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  14. Label Groups 14 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  15. Access Control and Exception Policy ● Access control rules  access <interface> <deny/ask> <label(s)>  Example: access wireless_nonfree deny wireless_free ● Exception rules  exception <path> <notlabel/notinherit/notpass>  Example: exception /Windows/activesync.exe notinherit 15 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  16. Preventing the Attack ● The FTP server process is labeled on calling socket(...)  Label is set for: wireless_free ● The exploit tries to access the phone interface  For example: open(“/dev/ttyS0”, ...) ● The reference monitor is invoked  Process labels are compared with policy rules  The monitor denies access, open(...) returns EACCESS 16 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  17. Evaluation ● Our labeling system effectively prevents attacks that cross service boundaries ● System and policy language are light-weight  Appropriate for mobile devices ● Exception rules have to be used carefully  Otherwise the labeling system can be bypassed 17 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  18. Overhead ● Reference implementation for Familiar Linux  Overhead between 10% and 26% 18 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  19. Conclusions ● Smart phones present new challenges for security designers and analysts  Especially the integration of multiple networking services are problematic ● We introduced a new type of attack ● We demonstrated the possible impact of a cross-service vulnerability ● We designed and implemented a solution based on resource labeling 19 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  20. Future Work ● Extend the policy language to support more complex labeling policies ● Improve the implementation of the reference monitor to further reduce overhead 20 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

  21. Questions? Thank you for your attention! 21 Using Labeling to Prevent Cross-Service Attacks Against Smart Phones DIMVA 2006

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Denial of Service Attacks that prevent legitimate users from doing their work By flooding

Denial of Service Attacks that prevent legitimate users from doing their work By flooding

Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing tables Or flooding routers Or destroying key packets Lecture 9 Page 1 CS 236 Online How Do Denial of

259 views • 15 slides
Denial of Service Attacks Types, Causes, Motives &amp; Remedies By M. Raza ur Rehman NUST

Denial of Service Attacks Types, Causes, Motives &amp; Remedies By M. Raza ur Rehman NUST

Denial of Service Attacks Types, Causes, Motives &amp; Remedies By M. Raza ur Rehman NUST PAKCON 2004 Denial of Service Attacks Attempts to prevent or disturb legitimate access to co mputer resources Resources like bandwidth, services

557 views • 18 slides
CROSS SITE SCRIPTING (XSS) ATTACKS Injection attacks 3/18/19 1 Whoami Ad Adam Nu Nurudin

CROSS SITE SCRIPTING (XSS) ATTACKS Injection attacks 3/18/19 1 Whoami Ad Adam Nu Nurudin

CROSS SITE SCRIPTING (XSS) ATTACKS Injection attacks 3/18/19 1 Whoami Ad Adam Nu Nurudin ini CEH, ITIL L V3, 3, CCNA, CCNP, CASP, PCI-DS DSS.. .. Lead Security Researcher @ Netwatch Technologies Project Consultant, Information

377 views • 20 slides
Kicking Down the Cross Domain Door Techniques for Cross Domain Exploitation Billy K Rios (BK) and

Kicking Down the Cross Domain Door Techniques for Cross Domain Exploitation Billy K Rios (BK) and

Kicking Down the Cross Domain Door Techniques for Cross Domain Exploitation Billy K Rios (BK) and Raghav Dube Tabbed Browsing Rich Content Mash-ups Cookies JSON Ajax Implication of Cross Domain Attacks Implication of Cross Domain Attacks

580 views • 31 slides
Exclusive Exponent Blinding May Not Suffice Attacks on RSA to Prevent Timing Attacks on RSA

Exclusive Exponent Blinding May Not Suffice Attacks on RSA to Prevent Timing Attacks on RSA

Exclusive Exponent Blinding May Not Suffice to Prevent Timing Exclusive Exponent Blinding May Not Suffice Attacks on RSA to Prevent Timing Attacks on RSA Werner Schindler Bundesamt f ur Sicherheit in der Werner Schindler

553 views • 23 slides
Cross-Site Scripting Attack (XSS) Outline The Cross-Site Scripting attack Reflected

Cross-Site Scripting Attack (XSS) Outline The Cross-Site Scripting attack Reflected

Cross-Site Scripting Attack (XSS) Outline The Cross-Site Scripting attack Reflected XSS Persistent XSS Damage done by XSS attacks XSS attacks to befriend with others XSS attacks to change other peoples

3.65k views • 37 slides
Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation J.

Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation J.

Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation J. Garcia, F . Autrel, J. Borrell, S. Castillo, F . Cuppens, G. Navarro { jgarcia,jborrell,scastillo,gnavarro } @ccd.uab.es, {

291 views • 17 slides
PhishHook: A tool to detect and prevent phishing attacks Michael Stepp steppm@cs.arizona.edu

PhishHook: A tool to detect and prevent phishing attacks Michael Stepp steppm@cs.arizona.edu

PhishHook: A tool to detect and prevent phishing attacks Michael Stepp steppm@cs.arizona.edu University of Arizona [1] DIMACS 2005 Introduction Common phishing attacks Defense strategies PhishHook, which implements one of these strategies

399 views • 25 slides
XANAX FOR PRESENTATION ANXIETY Mix xanax marijuana and, xanax prevent attacks does panic, and

XANAX FOR PRESENTATION ANXIETY Mix xanax marijuana and, xanax prevent attacks does panic, and

XANAX FOR PRESENTATION ANXIETY Mix xanax marijuana and, xanax prevent attacks does panic, and xanax getting don't home patron remember i, leave urine to how for xanax long, is popular why so xanax, early pregnancy xanax g refilled, xanax test

407 views • 3 slides
Resilient Networking 6: Attacks on DNS 1 Chapter Outline Overview of DNS Known attacks

Resilient Networking 6: Attacks on DNS 1 Chapter Outline Overview of DNS Known attacks

Resilient Networking 6: Attacks on DNS 1 Chapter Outline Overview of DNS Known attacks on DNS Denial-of-Service Cache Poisoning Securing DNS Split-Split-DNS DNSSEC 2 DNS The Domain Name System Naming Service

1.15k views • 46 slides
Size Does Matter Why Using Gadget-Chain Length to Prevent Code-reuse Attacks is Hard Enes

Size Does Matter Why Using Gadget-Chain Length to Prevent Code-reuse Attacks is Hard Enes

Size Does Matter Why Using Gadget-Chain Length to Prevent Code-reuse Attacks is Hard Enes Gkta - Elias Athanasopoulos - Michalis Polychronakis Herbert Bos - Georgios Portokalidis presented by: Flora Karniavoura Katerina Karagiannaki

376 views • 23 slides
Denial of Service Attacks Summary ITS335: IT Security Sirindhorn International Institute of

Denial of Service Attacks Summary ITS335: IT Security Sirindhorn International Institute of

ITS335 DoS Attacks DoS Attacks Classic DoS Flooding &amp; DDoS Denial of Service Attacks Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013

409 views • 26 slides
in Middle Tennessee Prevent Asthma Attacks in Children Gwen Sunkel, Indiana University-Purdue

in Middle Tennessee Prevent Asthma Attacks in Children Gwen Sunkel, Indiana University-Purdue

Breathe Easy: Helping Parents in Middle Tennessee Prevent Asthma Attacks in Children Gwen Sunkel, Indiana University-Purdue University Indianapolis United Neighborhood Health Services Nashville, TN Introduction Gwen en Sun unkel, , RN

570 views • 15 slides
Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent

Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent

Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent the access to a computer system to it's legitimate users. DDoS: DoS attack on the network using a lot of different source IP Why:

327 views • 16 slides
Bitcoin Proof of Work Require a unit of work to do a task Send email Access a website

Bitcoin Proof of Work Require a unit of work to do a task Send email Access a website

Bitcoin Proof of Work Require a unit of work to do a task Send email Access a website Process a Bitcoin transaction Why? Prevent spam Prevent denial of service attacks Rate-limit the network HashCash Find a partial

636 views • 32 slides
A Non-Inclusive Memory Permissions Architecture for Protection Against Cross-Layer Attacks Jesse

A Non-Inclusive Memory Permissions Architecture for Protection Against Cross-Layer Attacks Jesse

A Non-Inclusive Memory Permissions Architecture for Protection Against Cross-Layer Attacks Jesse Elwell 1 Ryan Riley 2 Nael Abu-Ghazaleh 1 Dmitry Ponomarev 1 1 State University of New York at Binghamton Department of Computer Science 2 Qatar

872 views • 76 slides
Implementation of a Telemental Health Service to Improve Access to Psychopharmacological Services

Implementation of a Telemental Health Service to Improve Access to Psychopharmacological Services

Implementation of a Telemental Health Service to Improve Access to Psychopharmacological Services for Native Americans at a Rural,Tribal, Outpatient Mental Health Clinic in Oklahoma Karen Ann Taylor, DNP, APRN-CNP, PMHNP-BC Disclosures

326 views • 11 slides
Working with Minnesota Local Governments to Increase Access to

Working with Minnesota Local Governments to Increase Access to

Working with Minnesota Local Governments to Increase Access to Healthy Food Part I - The Basics: Minnesota Local Government Structure April 18,

720 views • 47 slides
for researchers. Rebecca Li, PhD, Executive Director, Vivli Frank W. Rockhold, PhD

for researchers. Rebecca Li, PhD, Executive Director, Vivli Frank W. Rockhold, PhD

Preparing for clinical trial data sharing and re-use: the new reality for researchers. Rebecca Li, PhD, Executive Director, Vivli Frank W. Rockhold, PhD Professor of Biostatistics and Bioinformatics Duke University Medical Center NIH

765 views • 42 slides
Mnemo: Boosting Memory Cost Efficiency in Hybrid Memory Systems Thaleia Dimitra Doudali Ada

Mnemo: Boosting Memory Cost Efficiency in Hybrid Memory Systems Thaleia Dimitra Doudali Ada

Mnemo: Boosting Memory Cost Efficiency in Hybrid Memory Systems Thaleia Dimitra Doudali Ada Gavrilovska Problem Space Cost of memory dominates in the cloud. 60% - 85% of the hourly VM cost! Big Data Analytics Volatile Memory (DRAM)

535 views • 18 slides
Precision Oncology: Patient Access M. Zach Koontz, MD Pacific Cancer Care Monterey, CA

Precision Oncology: Patient Access M. Zach Koontz, MD Pacific Cancer Care Monterey, CA

Precision Oncology: Patient Access M. Zach Koontz, MD Pacific Cancer Care Monterey, CA Disclosures No monetary or other affiliations with commercial entity of relevance No desire to promote/defame any company First exposure to NGS

632 views • 39 slides
SkeletonKey: Simplifying Data and So:ware Access for Users

SkeletonKey: Simplifying Data and So:ware Access for Users

SkeletonKey: Simplifying Data and So:ware Access for Users Suchandra Thapa ComputaAon InsAtute / University of Chicago March 12, 2013 www.ci.anl.gov

439 views • 29 slides
Evaluating Wireless LAN Access Methods in Presence of Transmission Errors IEEE INFOCOM 2006,

Evaluating Wireless LAN Access Methods in Presence of Transmission Errors IEEE INFOCOM 2006,

Evaluating Wireless LAN Access Methods in Presence of Transmission Errors IEEE INFOCOM 2006, Poster session Elena Lopez-Aguilera Martin Heusse Franck Rousseau Andrzej Duda Jordi Casademont LSR-IMAG Outline Introduction Principles

605 views • 18 slides
under Boolean Constraints Nikolay Ryzhenko Steven Burns, Anton Sorokin, Mikhail Talalay Intel

under Boolean Constraints Nikolay Ryzhenko Steven Burns, Anton Sorokin, Mikhail Talalay Intel

Pin in Access-Driven Desig ign Rule Cle lean and DFM Optimized Routing of f Standard Cells under Boolean Constraints Nikolay Ryzhenko Steven Burns, Anton Sorokin, Mikhail Talalay Intel corporation, Hillsboro, OR, USA International

888 views • 23 slides

More recommend