Android Security Extensions 2. Giovanni Russello

Size: px

Start display at page:

Download "Android Security Extensions 2. Giovanni Russello g.russello@auckland.ac.nz"

Buck McGee
8 years ago
Views:

1 Android Security Extensions 2 Giovanni Russello g.russello@auckland.ac.nz

2 Preparing the Report A report must be provided before your presentation The report should be 4 pages long The content of the report must be YOURS No copy-and-past from the main article Use your own word to describe the article

3 What s in the Report? The report should contain A description of the article An analysis/criticism of the main approach of the article I expect a 50/50 approach 2 pages for description 2 pages for analysis/criticism

4 How to Analyse/Criticise Does the paper live up to your expectations? Think about what you were expecting from this paper by reading the Abstract/Title/Intro If you were the user of this system, would it work for you? Why? Why not? Would this system help you with your security requirements? What could the authors have done differently?

5 Defining Malware Any software that can disrupt normal activities Any software that does not behave as declared Any software that compromises some properties Privacy Confidentiality Reliability

6 Poorly Designed Apps If not designed properly, apps can (unintentionally): Deplete your resources (battery, data, etc.) Expose resources (internet, location, etc.)

7 Over-Privileged Apps Apps (developers) can ask for any combination of permissions Users can either install the apps (granting permissions) or not install at all Combinations of permissions such as Internet and: Locations, SMS, Local Storage Can result in information leakage

8 Privilege Escalation Attacks An adversary tries to escalate privileges to get unauthorised access to protected resources Confused deputy attack: leverage the vulnerability of a benign application Colluding attacks: more applications collaborate to get an objectionable set of permissions

9 Privilege Escalation Attacks Install Time: Uses Permission = P1? Sandbox System Sandbox C A App A B S Android Apps P1 P2 S1 S2 Activity Manager Android Middleware Reference Monitor

10 Privilege Escalation Attacks Sandbox P1 System Sandbox C A App A B S Android Apps P1 P2 S1 S2 Activity Manager Android Middleware Reference Monitor

11 Privilege Escalation Attacks Sandbox P1 System Sandbox C A App A B S Android Apps P1 P2 S1 S2 Activity Manager Android Middleware Reference Monitor

12 Privilege Escalation Attacks Sandbox Sandbox P1 System Sandbox C App B B C App A B Android Apps P1 P2 A S A S S1 S2 Reference Monitor Activity Manager Android Middleware

13 Privilege Escalation Attacks Sandbox Sandbox P1 System Sandbox C App B B C App A B Android Apps P1 P2 A S A S S1 S2 Reference Monitor Activity Manager Android Middleware

14 Privilege Escalation Attacks Sandbox Sandbox P1 System Sandbox C App B B C App A B Android Apps P1 P2 A S A S S1 S2 Reference Monitor Activity Manager Android Middleware

15 Android Security Extensions Application Layer Aurasium I-ARM-Droid Dr Android Reddy Android Middleware DVM TaintDroid MockDroid TISSA Reference Monitor Saint Apex CRePE XManDroid AppFence QUIRE Installer Saint Apex Kirin XManDroid Paranoid Android Paranoid Android QUIRE Linux Kernel SELinux

16 Fine-grained Security Policy Saint (ACSAC 09) Allows app developers to protect their applications from being misused APEX (ASIACCS 10) Circumvent the All-or-Nothing approach of Android permission granting Porscha (ACSAC 10) Support for DRM-like policies for phone data CRePE (ISC 10) Enforcement of context-related policies

17 Data Filtering and Tainting MockDroid (HotMobile 11) Limiting the access to the data TISSA (Trust 11) Substituting the reply from content providers TaintDroid (OSDI 10) Labelling of data for preventing data leakage

18 Protection against Privilege Escalation QUIRE (USENIX Security Symposium 11) Effective against confused deputy attacks Tracing of IPC chain to check if all apps have the right to access a resource However It requires that apps have to use modified API It does not solve the problem of colluding apps

19 Protection against Privilege Escalation AppFence (TR 11 Uni Washington and MS Research) Based on TaintDroid for taint capability It supports data shadowing and protects from data exfiltration However Effective only against confused deputy attack

20 Protection against Privilege Escalation XManDroid (TR 11) Real-time IPC monitoring System state of the app communications for potential spread of privileges However No control outside the IPC channels (i.e. Internet access)

21 What is missing No modifications to Android API No trust on apps Control over IPC and system-level calls (internet) Data filtering capabilities Tuneable

22 That is why we came up with Yet Another Android Security Extension

Android Security Extensions

Android Security Extensions Android Security Model Main objective is simplicity Users should not be bothered Does the user care? Most do not care until its too late But We do It needs a more advanced security