Android Security. Giovanni Russello g.russello@auckland.ac.nz

Similar documents
Lecture 17: Mobile Computing Platforms: Android. Mythili Vutukuru CS 653 Spring 2014 March 24, Monday

Understanding Android s Security Framework

An In-Depth Introduction to the Android Permission Model and How to Secure Multi-Component Applications. OWASP 3 April 2012 Presented at AppSecDC 2012

Android Security Extensions 2. Giovanni Russello

A qbit on Android Security

Mobile applications security Android OS (case study) Maciej Olewiński. Cryptographic Seminar r.

Android Developer Fundamental 1

The next generation of open

The next generation of open operating systems

How we keep harmful apps out of Google Play and keep your Android device safe

Adobe Flash Player and Adobe AIR security

Android Security Extensions

Android Security. Device Management and Security. by Stephan Linzner & Benjamin Reimold

Android Security Joshua Hodosh and Tim Leek

Analysis of advanced issues in mobile security in android operating system

Android Security for Enterprise App Developers Jon Preedy

NSA Security-Enhanced Linux (SELinux)

Popular Android Exploits

Android Fundamentals 1

Hacking your Droid ADITYA GUPTA

Electronic Thesis and Dissertations UC Berkeley

Tushar Dalvi Sr. Security Engineer at LinkedIn Penetration Tester. Responsible for securing a large suite mobile apps

ANDROID PROGRAMMING - INTRODUCTION. Roberto Beraldi

Mercury User Guide v1.1

Firewall-based Solution for Preventing Privilege Escalation Attacks in Android

ANDROID PROGRAMMING - INTRODUCTION. Roberto Beraldi

Performance Measuring in Smartphones Using MOSES Algorithm

The Case for SE Android. Stephen Smalley Trust Mechanisms (R2X) National Security Agency

Synthesis for Developing Apps on Mobile Platforms

Google Apps Sync for Microsoft Outlook

An Introduction to Android

Smartphone Security pr. Sven Bugiel

Jordan Jozwiak November 13, 2011

Google Apps Sync for Microsoft Outlook

How to Set Up Your PC for Android Application Development

Security Enhanced (SE) Android: Bringing Flexible MAC to Android

Open Source Telemedicine Android Client Development Introduction

Semantically Rich Application-Centric Security in Android

Thomas Röthlisberger IT Security Analyst

An extension to the Android access control framework

Android Framework. How to use and extend it

Studying Security Weaknesses of Android System

Attacking Android s Intent Processing and First Steps towards Protecting it

Emerging Mobile Platforms: Firefox OS and Tizen

Cloud Computing for Education Workshop

ANDROID BASED MOBILE APPLICATION DEVELOPMENT and its SECURITY

Secure computing: SELinux

Google Identity Services for work

Google Apps Sync for Microsoft Outlook

Tutorial on Smartphone Security

Getting Started with Android Programming (5 days) with Android 4.3 Jelly Bean

Security Evaluation of Mobile Applications using 'App Report Cards': Android By Raul Siles October 2015

SAMSUNG SMARTTV: HOW-TO TO CREATING INSECURE DEVICE IN TODAY S WORLD. Sergey Belov

Android. Mobile Computing Design and Implementation. Application Components, Sensors. Peter Börjesson

Lecture 2 PLATFORM SECURITY IN ANDROID OS

Practical and Lightweight Domain Isolation on Android

What s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources

Specialized Android APP Development Program with Java (SAADPJ) Duration 2 months

Google Apps Engine. G-Jacking AppEngine-based applications. Presented 30/05/2014. For HITB 2014 By Nicolas Collignon and Samir Megueddem

Access Control Fundamentals

1. Scope of Service. 1.1 About Boxcryptor Classic

Penetration Testing Scope Factors

A Look at a Modern Mobile Security Model:

A Perspective on the Evolution of Mobile Platform Security Architectures

A Perspective on the Evolution of Mobile Platform Security Architectures

How To Write Security Enhanced Linux On Embedded Systems (Es) On A Microsoft Linux (Amd64) (Amd32) (A Microsoft Microsoft 2.3.2) (For Microsoft) (Or

Access Control Models Part I. Murat Kantarcioglu UT Dallas

WILL ANDROID TROJAN, WORM OR ROOTKIT SURVIVE IN SEANDROID AND CONTAINERIZATION?

How to Set Up Your PC for Android Application Development

Android Commercial Spyware Disease and Medication

Android: Setup Hello, World: Android Edition. due by noon ET on Wed 2/22. Ingredients.

So#ware Security Goes Mobile. Russell Spitler

Practical Attacks against Mobile Device Management (MDM) Michael Shaulov, CEO Daniel Brodie, Security Researcher Lacoon Mobile Security

DETERMINATION OF THE PERFORMANCE

Towards Taming Privilege-Escalation Attacks on Android

imaginea white paper

Practical Mac OS X Insecurity. Security Concepts, Problems and Exploits on your Mac

Smartphone Pentest Framework v0.1. User Guide

Mobile App Security: Who Else is on Your Device? August 27, 2013

Android Tutorial. Larry Walters OOSE Fall 2011

IceWarp to IceWarp Server Migration

Gmail setup for administrators

Cloudy with a chance of 0-day

Junos WebApp Secure (formerly Mykonos)

Beginning Android Programming

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

Developing Mobile Device Management for 15 million devices (case study) Rim KHAZHIN

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Security Enhanced Linux and the Path Forward

Tizen Web Runtime Update. Ming Jin Samsung Electronics

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark

Graduate presentation for CSCI By Janakiram Vantipalli ( Janakiram.vantipalli@colorado.edu )

Aneka Dynamic Provisioning

Mobile Platform Architecture Review: Android, iphone, Qt

Fairsail REST API: Guide for Developers

Danger of Proxy ARP in IX environment version 0.3. Maksym Tulyuk

PST_WEBZINE_0X04. How to solve XSS and mix user's HTML/JavaScript code with your content with just one script

Flexible Data-Driven Security for Android

How To Develop An App For Ios (Windows)

Software Asset Management (SWAM) Capability Description

Transcription:

Android Security Giovanni Russello g.russello@auckland.ac.nz

N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional concern Moreover Security a cross-cutting concern

Specification Vs. Enforcement Security can affect several parts of application code However it is the enforcement that needs to be spread over the application code Specification of security policies can be done in more concise and precise way

Android Security Specification Android allows app developers to specify the security needs of their apps Each app comes with a Manifest file where the permissions listing the required permissions The user of the device has only two choices Either install the app granting the whole set of permissions Or not install the app All-or-nothing model!

Android Permission Levels Android provides a set of well-defined permissions Normal Permissions are assigned by default to apps Dangerous Permissions require user confirmation Signature Permissions are granted to apps signed by the same developer System or Signature Permissions are granted only to special apps installed in the data/system folder (i.e., apps signed by Google)

Permission example An app that wants to listen for incoming SMS has to declare in its manifest: <uses-permission android:name=android.permission.receive_sms"/> The RECEIVE_SMS is consider a dangerous permission and the apps has to request it

Android Security Enforcement Android supports a security model that is enforced by two layers: Linux and Android middleware Linux enforces the DAC model Android middleware enforces a MAC model

Linux DAC in Android When an app is installed it gets a unique UID and GID Each app gets a home dir /data/data/<package_name>/ The UID and GID of the app get full access to its home dir and the files it contains rwx,rwx,---

Linux Special Groups Linux also maintains special groups for the Internet, External Storage, and Bluetooth If an app asks for accessing Internet it is assigned to the Internet Group Similarly for the other two groups/permissions

Android Middleware MAC The Android Middleware controls the way in which apps use the ICC mechanism Each protected feature that is reachable through the ICC mechanism is assigned a label When the app asks for a permission in its manifest the corresponding label is assigned to the app

Android MAC Model Activity Manager Android Middleware Reference Monitor

Protection Domain S1 = Location Service P1 = LOCATION_PERMISSION System Sandbox Android Apps P1 P2 S1 S2 Activity Manager Android Middleware Reference Monitor

Assignment of Permissions Install Time: Uses Permission = P1? Sandbox System Sandbox C A App A B S Android Apps P1 P2 S1 S2 Activity Manager Android Middleware Reference Monitor

Using the Permission Sandbox P1 System Sandbox C A App A B S Android Apps P1 P2 S1 S2 Activity Manager Android Middleware Reference Monitor

Reference Monitor Sandbox P1 System Sandbox C A App A B S Android Apps P1 P2 S1 S2 Activity Manager Android Middleware Reference Monitor

Security Confinement Once the labels are assigned neither the app nor the user can change them Apps cannot delegate their permissions However, components can expose interfaces to other apps This makes difficult in standard Android to control information flow (can lead to severe attacks)

Android Security Refinements Android Security Model allows developers to refine the security domain of their applications Through the standard mechanism using the Manifest Programmatically by using special parameters in the API Bad move!!! Make everything murky and worst of all by default access is granted!!

Public vs Private Components By default any components that is not assigned a permission is public Developers can declare a component private by setting the exported flag to false in the manifest file Private components can only be accessed by other components in the same app Android can also infer if a component is private by other declarations in the manifest file (Do you trust it??)

Implicitly Open Components Public components have all their interface accessible to any other components Developers must explicitly assign permission labels to protect those interfaces

Broadcast Intent Protection When an intent is broadcasted, all installed apps are able to listen to those events This mechanism can be exploited by malicious apps that are listening for a certain event to happen It is possible to protect the intent programmatically: sendbroadcast(intent, perm.myperm) This means that the Manifest does not provide a complete view of app security

Service Hooks Android does not support a fine-grained mechanism to protect the interface of a Service Once a component has the permission label to access a service, the component can start, stop, bind the service Again programmatically it is possible to refine this mechanism by doing some extra checking at the code level, putting security policies in the app code Not a good security and software eng. practice!

Delegation Pending Intents that delegate to another app the parameters and time when an action is executed Location service notifies registered apps when location changes URI delegation where an app delegates a component to perform an action on a resource The app provides a capability to the component for performing the action Per se, there is nothing wrong with delegation. However, it deviates from the main MAC model

Concluding The Android security is based on two enforcement layers: Linux DAC Android Middleware MAC Specification is done mainly through the Manifest file

Main Drawbacks Specification can be done programmatically Source code injection Open default policy Developers have explicitly protect apps interfaces Delegation No support for information flow control

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information