A qbit on Android Security



Similar documents
Understanding Android s Security Framework

Android Security. Giovanni Russello

Lecture 17: Mobile Computing Platforms: Android. Mythili Vutukuru CS 653 Spring 2014 March 24, Monday

TomTom PRO 82xx PRO.connect developer guide

Research on Situation and Key Issues of Smart Mobile Terminal Security

Developing for MSI Android Devices

Android Security Basic Background

Mobile applications security Android OS (case study) Maciej Olewiński. Cryptographic Seminar r.

Performance Measuring in Smartphones Using MOSES Algorithm

Android Fundamentals 1

A proposal to realize the provision of secure Android applications - ADMS: an application development and management system -

Android Security. Device Management and Security. by Stephan Linzner & Benjamin Reimold

A Complete Study of Chatting Room System based on Android Bluetooth

Synthesis for Developing Apps on Mobile Platforms

Mobile Application Development 2014

Storing Encrypted Plain Text Files Using Google Android

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines

Analysis of advanced issues in mobile security in android operating system

Android Security Lab WS 2014/15 Lab 1: Android Application Programming

An In-Depth Introduction to the Android Permission Model and How to Secure Multi-Component Applications. OWASP 3 April 2012 Presented at AppSecDC 2012

A Study of Android Application Security

Android Developer Fundamental 1

Specialized Android APP Development Program with Java (SAADPJ) Duration 2 months

05.0 Application Development

APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK

How to Program an Android Application to Access and Manage the Wi-Fi Capabilities of a Smartphone

Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification

Android app development course

Frameworks & Android. Programmeertechnieken, Tim Cocx

Android Geek Night. Application framework

Performance Analysis Of Policy Based Mobile Virtualization in Smartphones Using MOSES Algorithm

Firewall-based Solution for Preventing Privilege Escalation Attacks in Android

ANDROID PROGRAMMING - INTRODUCTION. Roberto Beraldi

Security Awareness For Website Administrators. State of Illinois Central Management Services Security and Compliance Solutions

Lecture 1 Introduction to Android

Android app development course

Creating and Using Databases for Android Applications

Detecting privacy leaks in Android Apps

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

Reminders. Lab opens from today. Many students want to use the extra I/O pins on

Program to solve first and second degree equations

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York

Jordan Jozwiak November 13, 2011

ANDROID BASED MOBILE APPLICATION DEVELOPMENT and its SECURITY

What is Auditing? Auditing. Problems. Uses. Audit System Structure. Logger. Reading: Chapter 24. Logging. Slides by M. Bishop are used.

Android Development. Marc Mc Loughlin

Mobile Application Development Android

If you want to skip straight to the technical details of localizing Xamarin apps, start with one of these platform-specific how-to articles:

AGENDA. Background. The Attack Surface. Case Studies. Binary Protections. Bypasses. Conclusions

Transparent Monitoring of a Process Self in a Virtual Environment

Introduction to Android

ANDROID PROGRAMMING - INTRODUCTION. Roberto Beraldi

Tool for Automated Provisioning System (TAPS) Version 1.2 (1027)

FREQUENTLY ASKED QUESTIONS

Sample Data Security Policies

First Java Programs. V. Paúl Pauca. CSC 111D Fall, Department of Computer Science Wake Forest University. Introduction to Computer Science

Harvesting Developer Credentials in Android Apps

CS 155 Final Exam. CS 155: Spring 2013 June 11, 2013

Access Control Fundamentals

Burst Technology bt-loganalyzer SE

Abstract. 1. Introduction. 2. Threat Model

Developing apps for Android Auto

Log Analyzer Reference

Duration Vendor Audience 5 Days Oracle End Users, Developers, Technical Consultants and Support Staff

Threat Model for Mobile Applications Security & Privacy

CSE476 Mobile Application Development. Yard. Doç. Dr. Tacha Serif Department of Computer Engineering Yeditepe University

Smartphone market share

Securing Virtual Applications and Servers

System Security Fundamentals

Database Security. The Need for Database Security

Adobe Flash Player and Adobe AIR security

Android Application Repackaging

IENG2004 Industrial Database and Systems Design. Microsoft Access I. What is Microsoft Access? Architecture of Microsoft Access

An Android-based Instant Message Application

GETTING STARTED WITH ANDROID DEVELOPMENT FOR EMBEDDED SYSTEMS

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

CLOUD COMPUTING OVERVIEW

A Secure Autonomous Document Architecture for Enterprise Digital Right Management

The Behavioral Analysis of Android Malware

SQL Server Database Coding Standards and Guidelines

Managing Remote Access

Schema Classes. Polyhedra Ltd

Operating System Support for Inter-Application Monitoring in Android

Software Engineering Techniques

Android Programming and Security

Transcription:

A qbit on Android Security Sergey Gorbunov One of the problems with modern desktop operating system is that there is no isolation between applications and the system. As we saw in class, a buggy application can potentially allow an attacker to gain full access to the system. Therefore, we have to trust all applications that we install and use on daily basis. To overcome these limitations, Google takes a different approach in application security. On the very high level, it isolates applications in separate virtual machines. By default, applications cannot freely communicate with other applications and services. Hence, compromising one application, cannot not allow the attacker to take over the system. Yet, the Android security model is complicated, as we discuss below, and bad coding practices can lead to serious security vulnerabilities and data leakage. 1 Basics of Android Application Each Android application is isolated in a separate Davlik VM running on Linux Kernel (See Figure 1). It gets assigned a separate UID/PID in the system. Assigning separate UID for each application gives extra flexibility in managing inputs/outputs of the application. Application do not have a main() entry point. Instead, they are divided into separate components. Interaction between components is controlled via permissions labels. Let s take a look at a simple example in Figure 2 developed for demo purposes of Android Security by Enck, Ongtang and McDaniel [1]. There are two applications: FriendTracker and FriendViewer, each divided into separate components. Services: FriendTracker is a service that can constantly run at the background. It monitors the position of certain friends. Activities: FriendTrackerControl, FriendViewer and FriendTracker: these are typically used to interact with users. For example, FriendViewer is used to list all friends and their positions on the phone. Only one activity can have the token for the screen and the keyboard at a time. Content Providers: FriendProvider is used to store and share information through a relational database. Each providers describes an authority which other components can use to perform SQL like queries. Broadcast Receivers: These are used to listen for incoming calls to a specific destination and react appropriately. public class FriendReceiver extends BroadcastReceiver { private static final String ACTION_FRIEND_NEAR = "org.siislab.tutorial.action.friend_near"; /* (non-javadoc) A qbit on Android Security-1

Figure 1: Basic Android Framework * @see android.content.broadcastreceiver#onreceive(android.content.context, android.content.intent) */ @Override public void onreceive(context context, Intent intent) { if (ACTION_FRIEND_NEAR.equals(intent.getAction())) { Bundle extras = intent.getextras(); if (extras!= null) { String nick = extras.getstring(friendcontent.location.nick); if (nick!= null) { Toast.makeText(context, "Near " + nick, Toast.LENGTH_SHORT).show(); The developer specifies the components in the manifest.xml file. The specific activity launched at the start time is marked using the metadata. <action android:name="android.intent.action.main" /> <category android:name="android.intent.category.launcher"/> 2 Component Interaction Each application runs with a separate UID, allowing to minimize post-attack damage. Interaction between components is performed via /dev/binder (Figure 3). This file is world readable and world writable. The decisions about granting input/output access between two components is performed via labels. That is, the developer assigns labels to the application and its components. The ICC reference monitor is responsible for testing whether the source application has the necessary labels. A qbit on Android Security-2

Figure 2: FriendTracker and FriendViewer Example Applications Figure 3: Interaction Between Application Components The basic way of interaction is by creating an intent object, which specifies the address or an action string (which allows the system to choose the addressee. For example, VIEW action string will direct to the preferred image viewer). The application must define a list of permissions that it wants to request upon installation. These cannot be changed unless the application is reinstalled. All application components inherit these permissions. <uses-permission android:name="org.siislab.tutorial.permission.friend_service"/> <uses-permission android:name="org.siislab.tutorial.permission.friend_near"/> <uses-permission android:name="org.siislab.tutorial.permission.broadcast_friend_near"/> <uses-permission android:name="android.permission.receive_boot_completed"/> <uses-permission android:name="android.permission.read_contacts"/> In addition, each component must declare the permission that will be used to control access to it. All this is done in the metafile. <service android:name="friendtracker" android:permission="org.siislab.tutorial.permission.friend_service" A qbit on Android Security-3

3 Security Considerations Private Components It is possible to set the component to be private by declaring exported attribute to false. In this case, no external application will be able to access it. Implicitly Open Components In some cases, it is a-priori unknown which permission is required to access an application (for example, image viewer installed on the system). In this case, the user can leave the permissions set empty which would allow any application to open it. Broadcast Intents These could potentially leak some information to unauthorized applications. For example: // Notify any receivers if (location.distanceto(floc) <= mdistthreshold) { Intent i = new Intent(ACTION_FRIEND_NEAR); i.putextra(friendcontent.location._id, c.getstring(c.getcolumnindex(friendcontent.location._id))); i.putextra(friendcontent.location.nick, c.getstring(c.getcolumnindex(friendcontent.location.nick))); i.putextra(friendcontent.location.contacts_id, c.getstring(c.getcolumnindex(friendcontent.location.contacts_id))); sendbroadcast(i); To fix this, we could specify an addition label upon sending which the receiving applications must have. sendbroadcast(i, "org.siislab.tutorial.permission.friend_near") ; Content Providers Security To allow more fine-grained access to the content providers, the developer can specify separate read and write permissions for the component. Functional Security Checks The developer can choose to use checkpermissions() method to allow/deny access to a certain function at the run-time of the program. This complicates android security even further, since to understand the security of an application, we need to check its code and not just the metadata files. Pending Intents Android allows to outsource filling some parts of an intent to a different component (similar to prepared statements, where variables are filled up by the user). However, this means that the component that gets to complete the intent has the permission level of the outsourcing component. Hence, the outsourcing component must trust it. To summarize, Android development framework allows great flexibility in designing secure applications: the programmers can isolate application and its components from the rest of the system, trying to control the information flow. However, as we saw above, this flexibility comes at the cost. Developers are granted with a variety of options and methods for enforcing the permission checks. Hence, defining, implementing and understanding the permissions of applications is not a trivial tasks. A qbit on Android Security-4

References [1] W. Enck, M. Ongtang, and P. McDaniel. Understanding Android Security. IEEE Security & Privacy Magazine, 7(1):5057, January/February 2009. http://siis.cse.psu.edu/android_ sec_tutorial.html A qbit on Android Security-5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information