1 Android malicious apps about privacy leakage 1. Impracticability and hazards of security enhanced Android framework ҉ Many apps,even benign ones, could.

Slides:

Advertisements

Similar presentations

Syracuse University, New York, USA

Advertisements

Senior Design 2014 Presented By: Alex Bouvy, Matt Freifeld, Doug Kerr, Mike Steele, Anselm Tamasang, Gavin White.

An Evaluation of the Google Chrome Extension Security Architecture

By : Versha Thakur Shravani Aishwarya

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID David Barrera, H. Güne¸s Kayacık, P.C. van Oorschot,

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

SWE 4743 Strategy Patterns Richard Gesick. CSE Strategy Pattern the strategy pattern (also known as the policy pattern) is a software design.

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

Author: Texas Instruments ®, Sitara™ ARM ® Processors Building Blocks for PRU Development Module 2 PRU Firmware Development This session covers how to.

Reusability and Portability Chapter 8 CSCI Reusability and Portability  The length of the development process is critical.  No matter how high.

Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.

Enterprise Resource Planning

IOS & Android Security, Hacking and Tweaking Workshop D.Papamartzivanos University Of the Aegean – Info Sec Lab Android Security – Cydia Substrate Dimitris.

Emerging Platform#4: Android Bina Ramamurthy.  Android is an Operating system.  Android is an emerging platform for mobile devices.  Initially developed.

OWASP Mobile Top 10 Why They Matter and What We Can Do

Presentation By Deepak Katta

Security and privacy in the age of software controlled surroundings Prashanth Mohan David Culler.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.

Introduction to the Enterprise Library. Sounds familiar? Writing a component to encapsulate data access Building a component that allows you to log errors.

Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang Department of Computer Science North Carolina State University CCS 2013.

박 종 혁 컴퓨터 보안 및 운영체제 연구실 Workshop on Mobile Security Technologies (MoST)

All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영

CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.

Operating System Support for Virtual Machines Samuel T. King, George W. Dunlap,Peter M.Chen Presented By, Rajesh 1 References [1] Virtual Machines: Supporting.

Android for Java Developers Denver Java Users Group Jan 11, Mike

An Inside Look at Mobile Security Android & iOS Zachary Hance & Andrew Phifer Dr Harold Grossman.

Securing Embedded User Interfaces: Android and Beyond Franziska Roesner and Tadayoshi Kohno University of Washington Mohamed Grissa A presentation of USENIX.

Microsoft SharePoint Server 2010 for the Microsoft ASP.NET Developer Yaroslav Pentsarskyy

Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization Vikram Reddy Enukonda.

The IBM VM CS450/550 Section 2 Stephen Kam. IBM VM - Origins Originally an experimental OS called “CP-67” Designed to run on the IBM System/360 Model.

2011/12/20 1 Tongbo Luo, Hao Hao, Wenliang Du, Yifei Wang, and Heng Yin Syracuse University ACSAC 2011.

INDUSTRY SOLUTION TELECOMMUNICATION SERVICES INTEGRATION.

Android Security Extensions. Android Security Model Main objective is simplicity Users should not be bothered Does the user care? Most do not care…until.

Frameworks & Patterns Use of Organized Classes. Frameworks vs Toolkits Framework Framework  Start with classes and interfaces that define a rudimentary.

Design Patterns -- Omkar. Introduction  When do we use design patterns  Uses of design patterns  Classification of design patterns  Creational design.

Leave Me Alone: App- level Protection Against Runtime Information Gathering on Android NAN ZHANG, KAN YUAN, MUHAMMAD NAVEED†, XIAOYONG ZHOU AND XIAOFENG.

Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.

IBM Bluemix Ecosystem Development Hands on Workshop Section 1 - Overview.

Protecting Browsers from Extension Vulnerabilities Paper by: Adam Barth, Adrienne Porter Felt, Prateek Saxena at University of California, Berkeley and.

Android Permissions Remystified: A Field Study on Contextual Integrity Presenter: Hongyang Zhao Primal Wijesekera (UBC) Arjun Baokar (UC Berkeley) Ashkan.

© Drexel University Software Engineering Research Group (SERG) 1 The OASIS SOA Reference Model Brian Mitchell.

Motivation FACE architecture encourages modularity of components on data boundaries Transport Services Segment interface is centered on sending and receiving.

Class Presentation Pete Bohman, Adam Kunk, Erik Shaw (ONL)

VMM Based Rootkit Detection on Android

Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK

By: Collin Molnar. Overview  Intro to Android  Security basics  Android architecture  Application isolation  Application permissions  Physical access.

DeepDroid Dynamically Enforcing Enterprise Policy Manwoong (Andy) Choi

AppAudit Effective Real-time Android Application Auditing Andrew Jeong

ANDROID APP DEVELOPMENT MAKES ENTERPRISES GO PLACES.

The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.

WHAT THE APP IS THAT? DECEPTION AND COUNTERMEASURES IN THE ANDROID USER INTERFACE.

ANDROID ACCESS CONTROL Presented by: Justin Williams Masters of Computer Science Candidate.

Joshua Garcia Institute for Software Research

BUILD SECURE PRODUCTS AND SERVICES

Containers as a Service with Docker to Extend an Open Platform

Boxify: Full-fledged App Sandboxing for Stock Android

Adaptive Android Kernel Live Patching

Android System Security

Android Runtime – Dalvik VM

Security mechanisms and vulnerabilities in .NET

Binder Attack Surface in Android

Shanghai Jiao Tong University

Mobile App Advertisements

Presentation transcript:

1 Android malicious apps about privacy leakage 1. Impracticability and hazards of security enhanced Android framework ҉ Many apps,even benign ones, could leak sensitive information without user awareness or consent. ҉ Previous solutions always require to modify the Android or could be easily defeated by malicious apps easily. ҉ IAC：The Android inter-application communication(IAC) is implemented as a message passing system, where messages are encapsulated as Intent objects, which enables reuse of functionality across apps and app components via message passing. ҉ Risk：A malicious app can embed a payload into an IAC message, thereby driving the recipient app into a potentially vulnerable behavior if the message is processed without its fields first being sanitized or validated. 2. Impracticability and hazards of security enhanced Android framework

2 Solutions 1 App Sandbox  1 Qihoo 360 and NCSU proposed AppCage,which can confine the run-time behavior of Android apps without requiring framework modifications or root privilege. AppCage creates a new app to wrap the original one, and leverages two complimentary user-level sandboxes to interpose and regulate an app’s access to sensitive APIs. (AppCage, ASIACCS’15)  2 Saarland University presents the first concept for full-fledged app sandboxing on Android, based on application virtualization and process-based privilege separation to encapsulate untrusted apps in an isolated environment, without firmware modifications, app code modifications or root privileges. (Boxify, USENIX’2015)

Solutions 2 IntentDroid  IBM Security(Isreal)与IBM T. J. Watson Research Center, present the first comprehensive testing algorithm for Android IAC, and describe a catalog, stemming from our field experience, of 8 concrete vulnerability types that can potentially arise due to unsafe handling of incoming IAC messages.They have realized their testing approach as the IntentDroid system, available as a commercial cloud service.  IntentDroid utilizes lightweight platform-level instrumentation, implemented via debug breakpoints (to run atop any Android device without any setup or customization), to recover IAC-relevant app- level behaviors. (IntentDroid, ISSTA’2015) Scanning results