RV-Droid: Runtime Verification and Enforcement for Android Applications

Similar documents
Android Architecture. Alexandra Harrison & Jake Saxton

A proposal to realize the provision of secure Android applications - ADMS: an application development and management system -

An Android-based Instant Message Application

Symantec's Secret Sauce for Mobile Threat Protection. Jon Dreyfus, Ellen Linardi, Matthew Yeo

Performance Measuring in Smartphones Using MOSES Algorithm

Example of Standard API

ANDROID BASED MOBILE APPLICATION DEVELOPMENT and its SECURITY

Introduction to Android

DYNAMIC GOOGLE REMOTE DATA COLLECTION

Runtime Verification for Real-Time Automotive Embedded Software

Performance Analysis Of Policy Based Mobile Virtualization in Smartphones Using MOSES Algorithm

Mobile Application Development Android

Introduction to Android

Norton Mobile Privacy Notice

An Introduction to Android Application Development. Serdar Akın, Haluk Tüfekçi

Development. SriSeshaa Technologies. Table of Contents

Evading Android Emulator

Reminders. Lab opens from today. Many students want to use the extra I/O pins on

App: HomeBound 1.1 ( Device: Samsung GT-S5302 Android 2.3.6

RoverPal - A Mobile Payment Application

Lecture Embedded System Security A. R. Darmstadt, Introduction Mobile Security

Hacking your Droid ADITYA GUPTA

U.S. Cellular Mobile Data Security. User Guide Version 00.01

A Study of Android Application Security

DOCUMENT REFERENCE: SQ EN. SAMKNOWS SMARTPHONE-BASED TESTING SamKnows App for Android White Paper. May 2015

ITG Software Engineering

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

A Characterization of Malicious Android Applications

Future of Mobile App Security. Vincent Sritapan Program Manager Cyber Security Division Science and Technology Directorate

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Workshop on Android and Applications Development

Getting Started with Android Development


CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version ForeScout Mobile

Module Title: Software Development A: Mobile Application Development

Android Application Development

Lynn Margaret Batten. IT Security Research Services & Deakin University, Melbourne, Australia. June 2015

Mobile Device Management Version 8. Last updated:

Università Degli Studi di Parma. Distributed Systems Group. Android Development. Lecture 1 Android SDK & Development Environment. Marco Picone

Oracle FLEXCUBE Direct Banking Android Tab Client Installation Guide Release

McAfee Web Gateway 7.4.1

<Insert Picture Here> Oracle Web Cache 11g Overview

Copyright 2013, 3CX Ltd.

HP AppPulse Mobile. Adding HP AppPulse Mobile to Your Android App

Are free Android virus scanners any good?

Programming with Android: System Architecture. Dipartimento di Scienze dell Informazione Università di Bologna

Running a Program on an AVD

An Introduction to Android

TUTORIALS AND QUIZ ANDROID APPLICATION SANDEEP REDDY PAKKER. B. Tech in Aurora's Engineering College, 2013 A REPORT

ANDROID INTRODUCTION TO ANDROID

Citrix Worx App SDK Overview

TrustDefender Mobile Technical Brief

DOCUMENT REFERENCE: SQ EN. SAMKNOWS SMARTPHONE-BASED TESTING SamKnows App for Android White Paper. March 2014

Google Analytics Playbook. Version 0.92

EZ RMC Remote HMI App Application Guide for Android Devices

How to Run Your Existing Android APK on the Tizen Platform. Chandra Bajpai Matt O Keefe OpenMobile World Wide

Malwarebytes Enterprise Edition Best Practices Guide Version March 2014

Android Programming and Security

DataSocket Simplifies Live Data Transfer for LabVIEW

CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP

QUIRE: : Lightweight Provenance for Smart Phone Operating Systems

Mobile Operating Systems. Week I

Resco CRM Guide. Get to know Resco CRM

Lecture 17: Mobile Computing Platforms: Android. Mythili Vutukuru CS 653 Spring 2014 March 24, Monday

Introduction to Android SDK Jordi Linares

Application Compatibility Best Practices for Remote Desktop Services

Android (Basic + Advance) Application Development

VMware Server 2.0 Essentials. Virtualization Deployment and Management

AndroLIFT: A Tool for Android Application Life Cycles

Overview. The Android operating system is like a cake consisting of various layers.

THEODORA TITONIS VERACODE Vice President Mobile

The Android Developers Guide to 3 rd -Party SDK Assessment and Security

Synthesis for Developing Apps on Mobile Platforms

OnCommand Performance Manager 1.1

DB2 Connect for NT and the Microsoft Windows NT Load Balancing Service

Runtime Verification - Monitor-oriented Programming - Monitor-based Runtime Reflection

Information Rights Management in SharePoint. by André Vala

Kaseya 2. User Guide. Version 1.0

Overview. About Interstitial Ads: About Banner Ads: About Offer-Wall Ads: ADAttract Account & ID

file://d:\webs\touch-base.com\htdocs\documentation\androidplatformnotes52.htm

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1, March, 2013 ISSN:

Product Manual. Mobile Device Managment Version 8.1. Last Updated: 06/07/15

ECWM511 MOBILE APPLICATION DEVELOPMENT Lecture 1: Introduction to Android

Final Year Project Interim Report

Advanced Diagnostics Limited ( We ) are committed to protecting and respecting your privacy.

DailyMailz may collect and process the following personal information about you:

QUICK INSTALLATION GUIDE ACTIVATE

Service Providers and WebRTC

Fahim Uddin 1. Java SDK

Analysis of advanced issues in mobile security in android operating system

VENDOR MANUAL. Digital Products. VENDOR MANUAL Digital Redemption

Transcription:

RV-Droid: Runtime Verification and Enforcement for Android Applications Yliès Falcone, Sebastian Currea, Mohamad Jaber Laboratoire d Informatique de Grenoble - VASCO Team - University of Grenoble, Université Joseph Fourier 3 rd International Conference on Runtime Verification Istanbul, Turkey 26 September, 2012 Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 1 / 28

Android Andy Rubin: 900 K activations per day Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 2 / 28

Android today 1 Android s market shares: 2 Moore s and Koomey s laws for mobile devices comscore Reports. U.S. mobile subscriber market share, April 2012 Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 3 / 28

Reliability of Android applications... can be improved The Rise of Android s malwares... Android malware increased by 472% no upfront validation process Android will remain the 1 st target of mobile malware writers Trent Nouveau, TG Daily, Nov 2011 Developing Android applications is difficult: complex communication scheme between activities complex life-cycle partial compatibility with JRE and some existing libraries several bugged and unprotected applications resource consumption and user-experience can be negative Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 4 / 28

Proposed solution: monitoring of Android applications Using dynamic validation techniques to enhance confidence in the behavior of (untrustworthy) applications Two processes over the runtime behavior checking some properties enforcing some properties (up to the observability & controllability provided by the instrumentation technique) Modify applications to incorporate monitors observe calls to the unified Android API and analyse parameters decide whether the properties are satisfied/violated (runtime oracle) correct the behavior by disabling some actions or modifying their return value Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 5 / 28

Dynamic Validation Techniques needs Instrumentation Most successful one is Aspect-Oriented Programming identify special locations in the the execution of the system execute code when those locations are reached Unfortunately current AOP is not (fully) compatible with Android constraints seriously hinders mobility possible only for self-developed applications (plugged to the computer or within the emulator) incompatibility between.apk files and aspect compilers Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 6 / 28

Outline 1 Overview of RV-Droid 2 A Tour of Examples 3 Related Work and Discussion 4 Summary and Perspectives Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 7 / 28

RV-Droid: platform Overview of RV-Droid User select application & property embedded monitor synthesis & integration RV-Droid Java-MOP RuleR RV cloud property repository application repository upload & download application & property monitor request property & application result monitored application cloud monitor synthesis & integration Java-MOP RuleR property repository app. repository upload & download (monitored) application & Property Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 8 / 28

RV-Droid: screenshot Overview of RV-Droid Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 9 / 28

Overview of RV-Droid RV-Droid: screenshot (ctd) Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 10 / 28

Overview of RV-Droid RV-Droid: features Features: stand-alone application does not require any modification to the Android OS applications are retrieved off-the-shelf For flexibility, all the involved processes can be done: embedded on the device in the cloud (web service with a configurable IP) Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 11 / 28

Outline A Tour of Examples 1 Overview of RV-Droid 2 A Tour of Examples 3 Related Work and Discussion 4 Summary and Perspectives Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 12 / 28

Outline A Tour of Examples Verifying Android Development Good Practices 1 Overview of RV-Droid 2 A Tour of Examples 3 Related Work and Discussion 4 Summary and Perspectives Android development good practices Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 13 / 28

A Tour of Examples Verifying Android Development Good Practices Android Development Good Practices P1 Before transmitting any data, it must be ensured that the device is connected to internet. And, it should be checked again each time the device is moved. P2 All methods involved in the activity lifecycle should be overridden. P3 The device rotation facility should not be disabled. P4 Only one dialogue window should be poped-up. P5 In the restricted-memory mode, an application should start at most one service and end it, and not let the Dalvik virtual machine kill it. Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 14 / 28

A Tour of Examples Verifying Android Development Good Practices Check Internet Connection before Transmitting P1 Before transmitting any data, it must be ensured that the device is connected to internet. (And, it should be checked again each time the device is moved.) check internet check internet 1 2 transmit transmit Error [gps old == gps] transmit check internet gps old := gps check internet 1 2 gps old := gps transmit Error [gps old gps] transmit Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 15 / 28

A Tour of Examples Verifying Android Development Good Practices Lifecyle Methods should be Overridden P2 All methods involved in the activity lifecycle should be overridden. 1 Observes the execution of these methods in the (implemented) application 2 Tracking the (simplified) application lifecycle: create start resume restart, create pause resume create stop destroy Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 16 / 28

Outline A Tour of Examples Enforcing Security Properties 1 Overview of RV-Droid 2 A Tour of Examples 3 Related Work and Discussion 4 Summary and Perspectives Security Properties Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 17 / 28

A Tour of Examples Enforcing Security Properties Security Properties Checked and Enforced We disabled the security findings found in A study of android application security published in SEC11 (Enck et al.) Applications should not: access to the phone data, i.e., IMEI (device identier), IMSI (subscriber identier), and ICCID (SIM serial number) send SMS to premium-rate numbers call premium-rate numbers record audio or video without the user knowing it request the list of installed applications log events create unprotected Intents register unprotected broadcast receiver Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 18 / 28

Outline 1 Overview of RV-Droid 2 A Tour of Examples 3 Related Work and Discussion 4 Summary and Perspectives Additional Examples

A Tour of Examples Additional Examples Blocking Advertisements Game displaying advertisements through banners Banner content is retrieved from the Web Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 19 / 28

A Tour of Examples Blocking Advertisements Additional Examples Ad display go through the methods in the package com.google.ads 1 a s p e c t BannerAspect { 2 // Pointcut to block Google banners 3 Object around () : execution (* com. google. ads..*(..) ) 4 &&! w i t h i n ( BannerAspect ) { 5 r e t u r n n u l l ; 6 } 7 } Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 20 / 28

A Tour of Examples Modifying the Device Location Additional Examples Applications display information according to the current location of the device (GPS coordinates) Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 21 / 28

A Tour of Examples Additional Examples Modifying the Device Location 1 a s p e c t ChangeLocationAspect { 2 // Pointcut to Android location method. 3 pointcut location ( String provider ) : call (* android. location. LocationManager. getlastknownlocation (..) ) && args ( provider ) &&! within ( ChangeLocationAspect ); 4 // Advice to change the device location 5 Location around ( String provider ) : location ( provider ) { 6... 7 Location location = new Location ( provider ); 8 // New latitude and longitude values in Greenland 9 location. setlatitude (79.13826) ; 10 location. setlongitude ( -46.40625) ; 11 r e t u r n location ; 12... Applications: Testing Privacy Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 22 / 28

A Tour of Examples Additional Examples Collecting Statistics on Applications Data sent by applications: how much where? Traffic G1 G2 G3 G4 G5 G6 Sent 3559 15453 16223 2426 16197 14557 Received 1205 2364 2466 1123 3194 2283 1 a s p e c t UrlBytesAspect { 2 // Pointcut to the method that loads an URL 3 pointcut pagename ( String page ) : ( execution (* android. webkit. WebView. loadurl (..) ) 4 execution (* android. webkit. WebView. loaddatawithbaseurl (..) ) ) 5 && args (page,..) &&! w i t h i n ( UrlBytesAspect ); 6... 7 startrx = android. net. TrafficStats. gettotalrxbytes (); 8 // variable to count received bytes 9 starttx = android. net. TrafficStats. gettotaltxbytes (); 10 // variable to count transferred ( sent ) bytes 11... 12 // Advice that stores the Bytes consumed and the Url in a file 13 after ( String page ): pagename ( page ) { 14... 15 } Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 23 / 28

Outline Related Work and Discussion 1 Overview of RV-Droid 2 A Tour of Examples 3 Related Work and Discussion 4 Summary and Perspectives Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 24 / 28

Related Work and Discussion Static Validation Techniques Mostly relying on analyzing the permissions Stonaway Checks the principle of least privileges Compares: the requested permission (requested at installation time) vs the needed permissions (used at runtime) ComDroid Analysis of inter-application communication Prevent disclosure of information through intents (i.e., messages) Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 25 / 28

Related Work and Discussion Dynamic Validation Techniques TaintDroid (2010) Information-flow monitoring Tainting information in logs Bauer et al.: closest approach Monitoring LTL formula over permissions by progression 2 variants: modify two files on the device (observation of high-level events) propose to add a kernel module (observation of high and low level events) Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 26 / 28

Related Work and Discussion Comparison and Discussion RV-Droid in comparison General and generic method (limited by the API) Devices are taken off-the-shelf (no modification needed) Applications are taken off-the-shelf Based on state-of-the-art RV tools: expressiveness efficiency Allows Runtime Enforcement Opens several academic and industrial perspectives Current limitations RV of heavy applications has prohibitive overhead Observation using aspects has some limitations Falcone, Currea, Jaber (LIG - UJF) RV-Droid RV 2012, Istanbul, Turkey 27 / 28

Summary and Perspectives Summary Modification of Android applications using aspect-oriented technology Applications are taken off-the-shelf (simple yet powerful) Devices are taken off-the-shelf (no void guarantee) Generic aspects: work with any Android device/application Perspectives Dynamic validation techniques for reliability and security Trust and reliability (manufacturers, service providers, Google) Better integration with existing RV tools

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information