Smartphone Security pr. Sven Bugiel
|
|
- Muriel Gibson
- 8 years ago
- Views:
Transcription
1 Smartphone Security pr Sven Bugiel
2 Organizational: Teams 2-3 Students per team Register your team by to me Names, Student IDs, and addresses of all team members Preferred and backup topic Deadline: Wednesday, October 31 st Confirmation of the topic on the same (or next) day, depending on number of conflicts, RNG seed, and your discipline to adhere to the deadline Maximum of two teams per topic 2
3 Organizational: Dates Midterm report Progress report by each team Short (4-6 pages) Deadline: Friday, December 14 th!!! Final report and code submission pages report + zipped code ( or diff file) Clearly stating for which part which team members were responsible Deadline: Friday, February 15th Concluding meeting and presentations Short presentation (10-15 min) of each team s results Every team member has to speak Date: TBA 3
4 Today s Agenda Introduction Android Software Stack Android Security Mechanisms Selected Attacks Projects Proposals 4
5 Smartphones Applications Today Mobile Phone Features Interfaces GPS, WiFi, Bluetooth, Infrared, NFC Call, SMS, MP3, Video Online Services Browsing, , E-Shopping, Social Networking Location Services Navigation, Recommendation 5
6 Smartphones as Target of Attacks
7 Threat Classification Attacks on Privacy Location, , Contacts Runtime Attacks Code Injection, Return-Oriented Programming Attack Vectors Hardware Attacks GSM Module, Base Station Malware Trojans, Viruses, Worms 7
8 Android
9 Big Picture (Android Anatomy and Physiology, Patrick Brady) 9
10 Linux Kernel Standard Linux kernel ( for Android 2.2.x Froyo ; for Android 4.1.x Jelly Beans ) Patches for Android (e.g., aggressive Power Management, Logger, Binder) Binder: High-performance, shared memory based IPC Synchronous calls between processes Per-process thread pool for processing requests Android Interface Definition Language (AIDL) 10
11 Native Libraries C/C++ libraries Exposed to developers through the Android application framework Core libraries include: Libc (Bionic) Media libraries Surface Manager 3D libraries SQLite SSL 11
12 Android Runtime Dalvik Virtual Machine VM optimized for embedded environments Runs optimized file format.dex and Dalvik bytecode generated from Java.class/.jar files at build time Relies on underlying Linux kernel for threading and low-level memory management Core Libraries Provide most of the functionality available in the core libraries of Java Provides core APIs of Java (familiar programming environment) 12
13 Application Framework Provides developers API to basic functionalities and services (e.g., set alarms, access location information, take advantage of device HW, ) App Service (App. Framework) lib App Service (App. Framework) Native Service lib App Service (App. Framework) Native Daemon lib APIs are the same as for the core applications (e.g., Phone, Contacts, ) Activity Manager Enforces permissions on IPC ( Reference Monitor ) Responsible for starting applications Package Manager Management of Permissions and Applications 13
14 App Runtime Service lib 14
15 App Runtime Service lib 15
16 App Runtime Service Native Service lib 16
17 App Runtime Service Native Service lib 17
18 App Runtime Service Native Daemon lib 18
19 App Runtime Service Native Daemon lib 19
20 Applications Third party applications (e.g., Android Market) A number of core ( system ) applications (cannot be uninstalled) Contacts Settings Browser Components of applications Activity: User interface Service: Background service Content Provider: SQL-like database Broadcast receiver: Mailbox for broadcasted messages Applications can contain native code (C/C++ shared libraries) For simplicity, Binder-based IPC between components often called Inter- Component Communication Binder usually not exposed to native code in applications 20
21 Android Security Mechanisms
22 Sandboxing General Idea The application sandbox specifies which system resources the application is allowed to access An attacker can only perform actions defined in the sandbox 22
23 Application Isolation by Sandboxing Each application is isolated in own sandbox Applications can access only own resources Access to sensitive resources depends on the application s capabilities ( permissions ) Sandboxing is enforced by Linux Each App is assigned a unique UserID and runs in separate process Each App has a private data folder 23
24 Android Installer: Installation of a Benign App Android Market Movie Player Download App Permissions Requested permissions are reasonable User Install 24
25 Android Installer: Installation of a Security-Critical App Android Market Malicious Movie Player Download app Permissions Why does this app requests permission to send SMS? User Deny install 25
26 Android Permission System Applications (UIDs) are assigned permissions Permissions are needed to control access to System resources (logs, battery, etc.) Sensitive data (SMS, contacts, s, etc.) System interfaces (Internet, send SMS, etc.) Application (developers) can also define own permissions to protect application interfaces Permissions are either Simply associated strings (most permissions) Mapped to Linux GIDs (few: Internet, Bluetooth, ext. storage, ) 26
27 Android Permissions: Example App A is allowed to send SMS (P 1 ) App A also holds permission P 2 (e.g., access location) App B has two interfaces protected by permission P 2 and P 3 App A Perm. P 1 Perm. P 2 Perm. P 2 Perm. P 3 App B 27
28 Permission Enforcement Binder provides certain information to the callee of IPC getuid(): returns caller s UID getpid(): returns caller s PID System enforces permission check upon IPC call checkpermission(string Perm): checks if caller has been granted the permission Perm Can also be called by applications themselves 28
29 Android InSecurity
30 Do you understand Permissions? 30
31 Requesting dangerous permissions android.permission.internet android.permission.access_coarse_location android.permission.read_phone_state android.permission.vibrate Geinimi Trojan 2010 User has to confirm requested permissions android.permission.internet android.permission.access_coarse_location android.permission.read_phone_state android.permission.vibrate com.android.launcher.permission.install_shortcut android.permission.access_fine_location android.permission.call_phone android.permission.mount_unmount_filesystems android.permission.read_contacts android.permission.read_sms android.permission.send_sms android.permission.set_wallpaper android.permission.write_contacts android.permission.write_external_storage com.android.browser.permission.read_history_bookmarks com.android.browser.permission.write_history_bookmarks android.permission.access_gps android.permission.access_location android.permission.restart_packages android.permission.receive_sms android.permission.write_sms 31
32 Good news everyone: The really dangerous permissions are reserved for the System Components / Apps Bad news: Android s Security Framework is prone to privilege escalation attacks 32
33 Application-level Privilege Escalation Attacks Confused deputy attacks Attacks by colluding applications 33
34 Application-level Privilege Escalation Attacks Scenario 1: Confused deputy attack Unprivileged App A Privilege P1 App B A privileged program is fooled into misusing its privileges on behave of another (malicious) unprivileged program. Android Middleware Examples: 1) Invoke browser to download malicious files (Lineberry et al., BlackHat 2010) 2) Unauthorized phone call (Enck et al., TechReport 2008) 34
35 Google Android: Communication with web servers without possessing INTERNET Permission 0 Permissions Malicious App 1) Ask Browser for data transfer from a remote server 2) Browser forwards request 3) Files are transmitted to SD card Android Web Browser INTERNET Permission 35
36 Scenario 2: Collusion attack Application-level Privilege Escalation Attacks Privilege P1 App A Android Core Privilege P2 App B Malicious apps collude in order to merge their respective permissions Android Middleware 1) Apps communicate directly 2) Apps communicate via covert (e.g., volume settings) or overt (e.g., content providers) channels in AndroidCore Example: Soundcomber (Schlegel et al., NDSS 2011) 36
37 Google Android: Soundcomber: A stealthy and context-aware sound Trojan APP_B Permission: Internet APP_A Permission: Record Audio 1) Call Credit Institute 2) Credit Card Number is extracted from the speech 37
38 Soundcomber Internals Exploiting Covert Channels in Android APP_B Permission: Internet Read Android Core Application APP_A Permission: Record Audio Write Volume Setting 38
39 Application-level Privilege Escalation Attacks Scenario 3: Breaking out of the sandbox a) IPC / RPC / Sockets (Example: Davi et al., 2010) Reference Monitor a) Root exploit (Example: DroidDream Trojan 2011) 39
40 Malware Evolution
41 Update attack [Zhou et al., Oakland 2012] 1. Install App 2. App triggers Update 3. Deploy malicious update 4. Load update (dynamically) 5. Perform malicious action 8/23/
42 Rootkit Example: Interposing communication with GSM Modem Phone / SMS App Middleware Kernel System Call Table sys_open sys_reboot sys_read List of modules List of processes List network connections Hardware GSM Modem 8/23/
43 TapLogger / TouchLogger Infer user s input to virtual keyboard by measuring the accelerometer and gyroscope during typing [Xu et al., WiSec 2012; Cai et al., HotSec 2011] S A F E 8/23/
44 Projects Proposals in a Nutshell (see course material for details)
45 Confused Deputy Finder Develop a tool to detect whether a 3 rd party app unintentionally leaks security/privacy sensitive data. Preferred implementation based on blackbox testing Alternative approach: Using static analysis frameworks. 45
46 Data Shadowing Extend the query interface of 1-2 selected system ContentProviders (e.g., Contacts and SMS), such that a very fine-grained data filtering is possible: Per-row: Is access to an entire contact/sms allowed, e.g., because he belongs to a certain group like work? Per-column: Should certain information of a contact/sms (e.g., phone number) not be returned? Per-cell: Combination of the both above 46
47 Data Exfiltration Use the TaintDroid framework to prevent security/privacy sensitive data from being exfiltrated. Very similar to AppFence architecture, so difference should be made clear (NO PLAGIATISM!) 47
48 SEAndroid Multi-Level Security Extend the Mandatory Access Control of SEAndroid from the kernel into the middleware level by extending strategically important API with policy enforcement hooks and adding the corresponding security types to SEAndroid s default definitions. 48
49 KeyChain Extension and Integration KeyChain is a central credential storage on Android 4.X Extend this service with 1. Support for new crypto credentials and a functionality to encrypt/sign data without the need to reveal the key ( crypto service ) 2. Use this new functionality by integrating the KeyChain into Contacts (i.e., connect a contact with a key for its ID) and SMS (i.e., use the stored key of the recipient to encrypt the SMS and hence enable encrypted SMS) 49
50 Enhanced Installer Extend the Android default installer with new security features to check whether an installation is allowed 1. Based on static properties of apps (e.g., developer signature and requested permissions) 2. Based on dynamic properties of the system (e.g., which permissions inherits the new app due to a shared UID) 3. Based on a very simple virus scan to detect if the App s native code contains, e.g., a root exploit, etc. 50
51 Blue Pill / KeyLogger Develop malicious versions of the default Launcher and Keyboard app which are able to hide/re-link installed apps or log the user s input, respectively Consider how security mechanisms like the Home button can be prevented or the user be tricked into taking this blue pill 51
52 Rootkit Develop a rootkit which can interpose on the communication with high-value low-level targets such as rild in order to compromise the system security and which is able to communicate with a control server Consider how the rootkit could be made persistent 52
53 References Android tutorials by MarakanaTech on Youtube Books: Manning: Android in Action Hashimi: Android
Lecture Embedded System Security A. R. Sadeghi, @TU Darmstadt, 2011 2012 Introduction Mobile Security
Smartphones and their applications have become an integral part of information society Security and privacy protection technology is an enabler for innovative business models Recent research on mobile
More informationResearch on Monitoring Method of. Permission Requests by Mobile Applications
Contemporary Engineering Sciences, Vol. 7, 2014, no. 31, 1683-1689 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ces.2014.411226 Research on Monitoring Method of Permission Requests by Mobile
More informationAndroid Security Extensions
Android Security Extensions Android Security Model Main objective is simplicity Users should not be bothered Does the user care? Most do not care until its too late But We do It needs a more advanced security
More informationAndroid Architecture. Alexandra Harrison & Jake Saxton
Android Architecture Alexandra Harrison & Jake Saxton Overview History of Android Architecture Five Layers Linux Kernel Android Runtime Libraries Application Framework Applications Summary History 2003
More informationAnalysis of advanced issues in mobile security in android operating system
Available online atwww.scholarsresearchlibrary.com Archives of Applied Science Research, 2015, 7 (2):34-38 (http://scholarsresearchlibrary.com/archive.html) ISSN 0975-508X CODEN (USA) AASRC9 Analysis of
More informationUnderstanding Android s Security Framework
Understanding Android s Security Framework William Enck and Patrick McDaniel Tutorial October 2008 Systems and Internet Infrastructure Security Laboratory (SIIS) 1 2 Telecommunications Nets. The telecommunications
More informationLecture 17: Mobile Computing Platforms: Android. Mythili Vutukuru CS 653 Spring 2014 March 24, Monday
Lecture 17: Mobile Computing Platforms: Android Mythili Vutukuru CS 653 Spring 2014 March 24, Monday Mobile applications vs. traditional applications Traditional model of computing: an OS (Linux / Windows),
More informationOverview of CS 282 & Android
Overview of CS 282 & Android Douglas C. Schmidt d.schmidt@vanderbilt.edu www.dre.vanderbilt.edu/~schmidt Institute for Software Integrated Systems Vanderbilt University Nashville, Tennessee, USA CS 282
More informationAndroid Programming and Security
Android Programming and Security Dependable and Secure Systems Andrea Saracino andrea.saracino@iet.unipi.it Outlook (1) The Android Open Source Project Philosophy Players Outlook (2) Part I: Android System
More informationAndroid Operating System
Prajakta S.Adsule Student-M.B.A.[I.T.] BharatiVidyapeeth Deemed University,Pune(india) praju_hiramani@yahoo.co.in Mob. No. 9850685985 Android Operating System Abstract- Android operating system is one
More informationAndroid Security Extensions 2. Giovanni Russello g.russello@auckland.ac.nz
Android Security Extensions 2 Giovanni Russello g.russello@auckland.ac.nz Preparing the Report A report must be provided before your presentation The report should be 4 pages long The content of the report
More informationAn Introduction to Android
An Introduction to Android Michalis Katsarakis M.Sc. Student katsarakis@csd.uoc.gr Tutorial: hy439 & hy539 16 October 2012 http://www.csd.uoc.gr/~hy439/ Outline Background What is Android Android as a
More informationANDROID BASED MOBILE APPLICATION DEVELOPMENT and its SECURITY
ANDROID BASED MOBILE APPLICATION DEVELOPMENT and its SECURITY Suhas Holla #1, Mahima M Katti #2 # Department of Information Science & Engg, R V College of Engineering Bangalore, India Abstract In the advancing
More informationANDROID OPERATING SYSTEM
ANDROID OPERATING SYSTEM Himanshi Grover,Devesh Agrawal IT Department, Dronacharya College Of Engg Gurgaon,Haryana,India Abstract - Android has become need rather than luxury these days. The computing
More informationCreating and Using Databases for Android Applications
Creating and Using Databases for Android Applications Sunguk Lee * 1 Research Institute of Industrial Science and Technology Pohang, Korea sunguk@rist.re.kr *Correspondent Author: Sunguk Lee* (sunguk@rist.re.kr)
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationDevelopment. SriSeshaa Technologies. Table of Contents
SriSeshaa Technologies Development Table of Contents SriSeshaa Android Development... 2 Introduction to Android... 3 SriSeshaa Capabilities... 3 SriSeshaa Android Case Studies... 5 Privacy Guard... 5 Backup
More informationIntroduction to Android
Introduction to Android Poll How many have an Android phone? How many have downloaded & installed the Android SDK? How many have developed an Android application? How many have deployed an Android application
More informationThe Behavioral Analysis of Android Malware
, pp.41-47 http://dx.doi.org/10.14257/astl.2014.63.09 The Behavioral Analysis of Android Malware Fan Yuhui, Xu Ning Department of Computer and Information Engineering, Huainan Normal University, Huainan,
More informationSmartphone Security. A Holistic view of Layered Defenses. David M. Wheeler, CISSP, CSSLP, GSLC. (C) 2012 SecureComm, Inc. All Rights Reserved
Smartphone Security A Holistic view of Layered Defenses David M. Wheeler, CISSP, CSSLP, GSLC 1 The Smartphone Market The smartphone security market is expected to grow at a rate of 44 percent annually
More informationSecurity Threats for Mobile Platforms
Security Threats for Mobile Platforms Goran Delac Faculty of Electrical Engineering and Computing, University of Zagreb, Zagreb, Croatia Abstract - The proliferation of smart-phone devices, with ever advancing
More informationAndroid Security. Device Management and Security. by Stephan Linzner & Benjamin Reimold
Android Security Device Management and Security by Stephan Linzner & Benjamin Reimold Introducing Stephan Linzner Benjamin Reimold Consultant, Software Engineer Mobile Developer Founder of Stuttgart GTUG
More informationBYOD AND NEXT- GENERATION MOBILE SECURITY
BYOD AND NEXT- GENERATION MOBILE SECURITY Joseph Gan V-Key Inc Session ID: MBS-W02 Session Classification: General Interest Next-Generation Computing Mobile enterprise apps Mobile payments Mobile authentication
More informationOverview. The Android operating system is like a cake consisting of various layers.
The Android Stack Overview The Android operating system is like a cake consisting of various layers. Each layer has its own characteristics and purpose but the layers are not always cleanly separated and
More informationPractical and Lightweight Domain Isolation on Android
Practical and Lightweight Domain Isolation on Android Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Ahmad-Reza Sadeghi,, Bhargava Shastry Technische Universität Darmstadt Darmstadt, Germany
More informationAndroid Security - Common attack vectors
Institute of Computer Science 4 Communication and Distributed Systems Rheinische Friedrich-Wilhelms-Universität Bonn, Germany Lab Course: Selected Topics in Communication Management Android Security -
More informationLecture 1 Introduction to Android
These slides are by Dr. Jaerock Kwon at. The original URL is http://kettering.jrkwon.com/sites/default/files/2011-2/ce-491/lecture/alecture-01.pdf so please use that instead of pointing to this local copy
More informationHacking your Droid ADITYA GUPTA
Hacking your Droid ADITYA GUPTA adityagupta1991 [at] gmail [dot] com facebook[dot]com/aditya1391 Twitter : @adi1391 INTRODUCTION After the recent developments in the smart phones, they are no longer used
More informationTowards Taming Privilege-Escalation Attacks on Android
Towards Taming Privilege-Escalation Attacks on Android Sven Bugiel 1, Lucas Davi 1, Alexandra Dmitrienko 3, Thomas Fischer 2, Ahmad-Reza Sadeghi 1,3, Bhargava Shastry 3 1 CASED/Technische Universität Darmstadt,
More informationAndroid Fundamentals 1
Android Fundamentals 1 What is Android? Android is a lightweight OS aimed at mobile devices. It is essentially a software stack built on top of the Linux kernel. Libraries have been provided to make tasks
More informationLecture 2 PLATFORM SECURITY IN ANDROID OS
Lecture 2 PLATFORM SECURITY IN ANDROID OS You will be learning: Android as a software platform Internals and surrounding ecosystem Security techniques in Android: Application signing Application isolation
More informationProgramming the Android Platform. Logistics
Programming the Android Platform CMSC498G Logistics Professor Adam Porter 4125 AVW aporter@cs.umd.edu Course meets W 3:00 3:50 in CSI 3118 1 Goals Learn more about Mobile devices Mobile device programming
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationQUIRE: : Lightweight Provenance for Smart Phone Operating Systems
QUIRE: : Lightweight Provenance for Smart Phone Operating Systems Dan S. Wallach Rice University Joint work with Mike Dietz, Yuliy Pisetsky, Shashi Shekhar, and Anhei Shu Android's security is awesome
More informationPROFILEDROID: MULTI-LAYER PROFILING OF ANDROID APPLICATIONS XUETAO WEI LORENZO GOMEZ UNIVERSITY OF CALIFORNIA, RIVERSIDE PROFESSOR IULIAN NEAMTIU
PROFILEDROID: MULTI-LAYER PROFILING OF ANDROID APPLICATIONS XUETAO WEI LORENZO GOMEZ PROFESSOR IULIAN NEAMTIU PROFESSOR MICHALIS FALOUTSOS UNIVERSITY OF CALIFORNIA, RIVERSIDE WE DEPEND ON SMARTPHONES MORE
More informationWIND RIVER SECURE ANDROID CAPABILITY
WIND RIVER SECURE ANDROID CAPABILITY Cyber warfare has swiftly migrated from hacking into enterprise networks and the Internet to targeting, and being triggered from, mobile devices. With the recent explosion
More informationGraduate presentation for CSCI 5448. By Janakiram Vantipalli ( Janakiram.vantipalli@colorado.edu )
Graduate presentation for CSCI 5448 By Janakiram Vantipalli ( Janakiram.vantipalli@colorado.edu ) Content What is Android?? Versions and statistics Android Architecture Application Components Inter Application
More informationThreat Model for Mobile Applications Security & Privacy www.datatheorem.com
Overview Mobile applications (and the devices they run on) are powerful, as they can play music, check email, read documents, purchase products, get directions, play games, watch movies, scan barcodes,
More informationANDROID PROGRAMMING - INTRODUCTION. Roberto Beraldi
ANDROID PROGRAMMING - INTRODUCTION Roberto Beraldi Introduction Android is built on top of more than 100 open projects, including linux kernel To increase security, each application runs with a distinct
More informationANDROID PROGRAMMING - INTRODUCTION. Roberto Beraldi
ANDROID PROGRAMMING - INTRODUCTION Roberto Beraldi Introduction Android is built on top of more than 100 open projects, including linux kernel To increase security, each application runs with a distinct
More informationStudying Security Weaknesses of Android System
, pp. 7-12 http://dx.doi.org/10.14257/ijsia.2015.9.3.02 Studying Security Weaknesses of Android System Jae-Kyung Park* and Sang-Yong Choi** *Chief researcher at Cyber Security Research Center, Korea Advanced
More informationMobile Operating Systems. Week I
Mobile Operating Systems Week I Overview Introduction Mobile Operating System Structure Mobile Operating System Platforms Java ME Platform Palm OS Symbian OS Linux OS Windows Mobile OS BlackBerry OS iphone
More information(U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation
(U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation DR. C. NTANTOGIAN 1, DR. C. XENAKIS 1, DR. G. KAROPOULOS 2 1 DEPT. O F DIGITAL SYST EMS,
More informationAndroid Security. Giovanni Russello g.russello@auckland.ac.nz
Android Security Giovanni Russello g.russello@auckland.ac.nz N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional
More informationTutorial on Smartphone Security
Tutorial on Smartphone Security Wenliang (Kevin) Du Professor wedu@syr.edu Smartphone Usage Smartphone Applications Overview» Built-in Protections (ios and Android)» Jailbreaking and Rooting» Security
More informationMobile Application Security Sharing Session May 2013
Mobile Application Security Sharing Session Agenda Introduction of speakers Mobile Application Security Trends and Challenges 5 Key Focus Areas for an mobile application assessment 2 Introduction of speakers
More informationNorton Mobile Privacy Notice
Effective: April 12, 2016 Symantec and the Norton brand have been entrusted by consumers around the world to protect their computing devices and most important digital assets. This Norton Mobile Privacy
More informationPerformance Measuring in Smartphones Using MOSES Algorithm
Performance Measuring in Smartphones Using MOSES Algorithm Ms.MALARVIZHI.M, Mrs.RAJESWARI.P ME- Communication Systems, Dept of ECE, Dhanalakshmi Srinivasan Engineering college, Perambalur, Tamilnadu, India,
More informationFirewall-based Solution for Preventing Privilege Escalation Attacks in Android
International Journal of Computer Networks and Communications Security VOL. 2, NO. 9, SEPTEMBER 2014, 318 327 Available online at: www.ijcncs.org ISSN 2308-9830 C N C S Firewall-based Solution for Preventing
More informationAndroid Malware for Pen-testing. IOAsis San Fransicso 2014
Android Malware for Pen-testing IOAsis San Fransicso 2014 Dr. Who? Robert Erbes Senior Security Consultant (not a doctor) Target Audience The Malicious Defender i.e., Someone who believes that the best
More informationMobile applications security Android OS (case study) Maciej Olewiński. Cryptographic Seminar 16.05.2012r.
Mobile applications security Android OS (case study) Maciej Olewiński Cryptographic Seminar 16.05.2012r. Presentation s schedule Mobile devices market Smartphone s domination is coming Android basics Main
More informationWorkshop on Android and Applications Development
Workshop on Android and Applications Development Duration: 2 Days (8 hrs/day) Introduction: With over one billion devices activated, Android is an exciting space to make apps to help you communicate, organize,
More informationANDROID. Programming basics
ANDROID Programming basics Overview Mobile Hardware History Android evolution Android smartphone overview Hardware components at high level Operative system Android App development Why Android Apps? History
More informationAPPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK
APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK John T Lounsbury Vice President Professional Services, Asia Pacific INTEGRALIS Session ID: MBS-W01 Session Classification: Advanced
More informationThis session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.
The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com
More informationLegal notices. Legal notices. For legal notices, see http://help.adobe.com/en_us/legalnotices/index.html.
ADOBE AIR Security Legal notices Legal notices For legal notices, see http://help.adobe.com/en_us/legalnotices/index.html. iii Contents Installing and updating desktop applications...........................................................................
More informationIJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1, March, 2013 ISSN: 2320-8791 www.ijreat.
Intrusion Detection in Cloud for Smart Phones Namitha Jacob Department of Information Technology, SRM University, Chennai, India Abstract The popularity of smart phone is increasing day to day and the
More informationMobile Devices - An Introduction to the Android Operating Environment. Design, Architecture, and Performance Implications
Mobile Devices - An Introduction to the Android Operating Environment Design, Architecture, and Performance Implications Dominique A. Heger DHTechnologies (DHT) dheger@dhtusa.com 1.0 Introduction With
More informationResearch on Situation and Key Issues of Smart Mobile Terminal Security
Research on Situation and Key Issues of Smart Mobile Terminal Security Hao-hao Song, Jun-bing Zhang, Lei Lu and Jian Gu Abstract As information technology continues to develop, smart mobile terminal has
More informationMobile Phones Operating Systems
Mobile Phones Operating Systems José Costa Software for Embedded Systems Departamento de Engenharia Informática (DEI) Instituto Superior Técnico 2015-05-28 José Costa (DEI/IST) Mobile Phones Operating
More informationANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York
ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an
More informationCS378 -Mobile Computing. Android Overview and Android Development Environment
CS378 -Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux
More informationA monitoring method of sensitive calls based on the Android platform software behavior Cheng Sun, Sujuan Qin
5th International Conference on Computer Sciences and Automation Engineering (ICCSAE 2015) A monitoring method of sensitive calls based on the Android platform software behavior Cheng Sun, Sujuan Qin State
More informationWindows Phone 8 Security Overview
Windows Phone 8 Security Overview This white paper is part of a series of technical papers designed to help IT professionals evaluate Windows Phone 8 and understand how it can play a role in their organizations.
More informationPentesting Mobile Applications
WEB 应 用 安 全 和 数 据 库 安 全 的 领 航 者! 安 恒 信 息 技 术 有 限 公 司 Pentesting Mobile Applications www.dbappsecurity.com.cn Who am I l Frank Fan: CTO of DBAPPSecurity Graduated from California State University as a Computer
More informationAn Introduction to Android. Huang Xuguang Database Lab. Inha University 2009.11.2 Email: xuguanghuang@yahoo.cn
An Introduction to Android Huang Xuguang Database Lab. Inha University 2009.11.2 Email: xuguanghuang@yahoo.cn Outline Background What is Android? Development for Android Background Internet users and Mobile
More informationA Short Introduction to Android
A Short Introduction to Android Notes taken from Google s Android SDK and Google s Android Application Fundamentals 1 Plan For Today Lecture on Core Android Three U-Tube Videos: - Architecture Overview
More informationDefending Behind The Device Mobile Application Risks
Defending Behind The Device Mobile Application Risks Tyler Shields Product Manager and Strategist Veracode, Inc Session ID: MBS-301 Session Classification: Advanced Agenda The What The Problem Mobile Ecosystem
More informationMobility Introduction Android. Duration 16 Working days Start Date 1 st Oct 2013
Mobility Introduction Android Duration 16 Working days Start Date 1 st Oct 2013 Day 1 1. Introduction to Mobility 1.1. Mobility Paradigm 1.2. Desktop to Mobile 1.3. Evolution of the Mobile 1.4. Smart phone
More informationAn Introduction to Android Application Development. Serdar Akın, Haluk Tüfekçi
An Introduction to Android Application Serdar Akın, Haluk Tüfekçi ARDIC ARGE http://www.ardictech.com April 2011 Environment Programming Languages Java (Officially supported) C (Android NDK Needed) C++
More informationAndroid Application Development. Daniel Switkin Senior Software Engineer, Google Inc.
Android Application Development Daniel Switkin Senior Software Engineer, Google Inc. Goal Get you an idea of how to start developing Android applications Introduce major Android application concepts Walk
More informationSYLLABUS MOBILE APPLICATION SECURITY AND PENETRATION TESTING. MASPT at a glance: v1.0 (28/01/2014) 10 highly practical modules
Must have skills in any penetration tester's arsenal. MASPT at a glance: 10 highly practical modules 4 hours of video material 1200+ interactive slides 20 Applications to practice with Leads to emapt certification
More informationAndroid Operating System:
Android Operating System: An in depth introduction CS423 Project Mohammad Alian, Shuomeng Guang, Bo Teng Outline 1. What is Android 2. History 3. Android architecture 4. Android vs Linux 5. Process Management
More informationimaginea white paper
white paper Building Mobile Android Applications Even though Android was created for handsets, there is a great opportunity for developing other innovative devices on the Android platform with significant
More informationAutomating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com
Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform
More informationA Look at a Modern Mobile Security Model:
A Look at a Modern Mobile Security Model: Google's Android Platform Jon Oberheide University of Michigan March 18, 2009 Introduction Jon Oberheide Security researcher and PhD candidate Advisor: Farnam
More informationPraktikum Entwicklung Mediensysteme (für Master)
Praktikum Entwicklung Mediensysteme (für Master) An Introduction to Android An Introduction to Android What is Android? Installation Getting Started Anatomy of an Android Application Life Cycle of an Android
More informationAbstract. 1. Introduction. 2. Threat Model
Beyond Ring-3: Fine Grained Application Sandboxing Ravi Sahita (ravi.sahita@intel.com), Divya Kolar (divya.kolar@intel.com) Communication Technology Lab. Intel Corporation Abstract In the recent years
More informationSpecialized Android APP Development Program with Java (SAADPJ) Duration 2 months
Specialized Android APP Development Program with Java (SAADPJ) Duration 2 months Our program is a practical knowledge oriented program aimed at making innovative and attractive applications for mobile
More informationResearch and Design of Universal and Open Software Development Platform for Digital Home
Research and Design of Universal and Open Software Development Platform for Digital Home CaiFeng Cao School of Computer Wuyi University, Jiangmen 529020, China cfcao@126.com Abstract. With the development
More informationAndroid v ios Mobile Operating Systems
v ios Mobile Operating Systems is an open source operating system widely used on smartphones and tablets. has been available under a free and open source software license from October 21, 2008 and until
More informationCOMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:
More informationAndroid Developer Fundamental 1
Android Developer Fundamental 1 I. Why Learn Android? Technology for life. Deep interaction with our daily life. Mobile, Simple & Practical. Biggest user base (see statistics) Open Source, Control & Flexibility
More informationThe evolution of virtual endpoint security. Comparing vsentry with traditional endpoint virtualization security solutions
The evolution of virtual endpoint security Comparing vsentry with traditional endpoint virtualization security solutions Executive Summary First generation endpoint virtualization based security solutions
More informationIs Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security
Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not
More informationTechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security
Enterprise Mobility - Mobile Device Security Story Context: TechnoLabs has been focusing and offers Enterprise Mobility as one of its solution offering. No can deny the fact that mobile computing can bring
More informationMobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus
Mobile Application Hacking for ios 3-Day Hands-On Course Syllabus Course description ios Mobile Application Hacking 3-Day Hands-On Course This course will focus on the techniques and tools for testing
More informationProgramming with Android: System Architecture. Dipartimento di Scienze dell Informazione Università di Bologna
Programming with Android: System Architecture Luca Bedogni Marco Di Felice Dipartimento di Scienze dell Informazione Università di Bologna Outline Android Architecture: An Overview Android Dalvik Java
More informationMobile Application Security and Penetration Testing Syllabus
Mobile Application Security and Penetration Testing Syllabus Mobile Devices Overview 1.1. Mobile Platforms 1.1.1.Android 1.1.2.iOS 1.2. Why Mobile Security 1.3. Taxonomy of Security Threats 1.3.1.OWASP
More informationUniversità Degli Studi di Parma. Distributed Systems Group. Android Development. Lecture 1 Android SDK & Development Environment. Marco Picone - 2012
Android Development Lecture 1 Android SDK & Development Environment Università Degli Studi di Parma Lecture Summary - 2 The Android Platform Android Environment Setup SDK Eclipse & ADT SDK Manager Android
More informationAdvanced Endpoint Protection Overview
Advanced Endpoint Protection Overview Advanced Endpoint Protection is a solution that prevents Advanced Persistent Threats (APTs) and Zero-Day attacks and enables protection of your endpoints by blocking
More informationThe Case for SE Android. Stephen Smalley sds@tycho.nsa.gov Trust Mechanisms (R2X) National Security Agency
The Case for SE Android Stephen Smalley sds@tycho.nsa.gov Trust Mechanisms (R2X) National Security Agency 1 Android: What is it? Linux-based software stack for mobile devices. Very divergent from typical
More informationFeature List for Kaspersky Security for Mobile
Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance
More informationA Perspective on the Evolution of Mobile Platform Security Architectures
A Perspective on the Evolution of Mobile Platform Security Architectures N. Asokan Nokia Research Center Joint work with Kari Kostiainen, Jan-Erik Ekberg, Elena Reshetova (Intel) Padova, July 2012 1 Introduction
More informationGuidelines for E-mail Account Management and Effective E-mail Usage
Guidelines for E-mail Account Management and Effective E-mail Usage October 2014 Version 1.0 Department of Electronics and Information Technology Ministry of Communications and Information Technology Government
More informationSecurity Solution for Android Application Assessment
Security Solution for Android Application Assessment Aparna Bhonde 1, Madhumita Chatterjee 2 Department of IT, PIIT, New Panvel, Mumbai, India 1,2 Abstract: Android Operating System is dominating the share
More information6WRUP:DWFK. Policies for Dedicated IIS Web Servers Group. V2.1 policy module to restrict ALL network access
OKENA 71 Second Ave., 3 rd Floor Waltham, MA 02451 Phone 781 209 3200 Fax 781 209 3199 6WRUP:DWFK Policies for Dedicated IIS Web Servers Group The policies shipped with StormWatch address both application-specific
More informationSynthesis for Developing Apps on Mobile Platforms
Synthesis for Developing Apps on Mobile Platforms Jeff Foster University of Maryland, College Park Armando Solar-Lezama Massachusetts Institute of Technology Schedule for session Jeff Foster and Armando
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More information