AppShield: Enabling Multi-entity Access Control Cross Platforms for Mobile App Management Zhengyang Qu1, Guanyu Guo2, Zhengyue Shao2, Vaibhav Rastogi3,

Slides:



Advertisements
Similar presentations
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Advertisements

MicroKernel Pattern Presented by Sahibzada Sami ud din Kashif Khurshid.
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.
Vaibhav Rastogi, Yan Chen, and Xuxian Jiang
Everything you want to know about managing mobile devices in the enterprise Ivan Hemmans hemmans.com From A to Z.
Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.
An Evaluation of the Google Chrome Extension Security Architecture
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson.
ANDROID PROGRAMMING MODULE 1 – GETTING STARTED
Android Declassification Infrastructure Matan David Yuval Evron Project Advisor: Roei Schuster 1.
Case study 2 Android – Mobile OS.
R ETRO S KELETON : R ETROFITTING A NDROID A PPS Benjamin Davis, Hao Chen University of California, Davis MobiSys 2013.
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
Android in the Cloud Chromebooks, BYOD and Wearables Joel Isaacson Copyright 2014 Joel Isaacson
All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. Adobe Presentation Brijesh Patel | Working with AIR Native Extensions.
Permission Evolution in the Android Ecosystem Xuetao Wei, Lorenzo Gomez, Iulian Neamtiu, Michalis Faloutsos Department of Computer Science and Engineering.
A Lightweight Platform for Integration of Resource Limited Devices into Pervasive Grids Stavros Isaiadis and Vladimir Getov University of Westminster
Developing Enterprise Mobile Apps with Xamarin Loren Horsager CEO, Mobile Composer.
DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Fall 2015 Instructor: Kun Sun, Ph.D.
How to break into enterprise mobile B2B (without selling your soul!) Jenny Blumberg August 2015.
The Entropia Virtual Machine for Desktop Grids Brad Calder, Andrew A. Chien, Ju Wang, Don Yang – VEE-2005 Raju Kumar CS598C: Virtual Machines.
AppShield: A Virtual File System in Enterprise Mobility Management Zhengyang Qu 1 Northwestern University, IL, US,
ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.
Consumerization of IT Microsoft in the Enterprise.
Leave Me Alone: App- level Protection Against Runtime Information Gathering on Android NAN ZHANG, KAN YUAN, MUHAMMAD NAVEED†, XIAOYONG ZHOU AND XIAOFENG.
Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.
Air Stat. Air Stat Overview Mobility is clearly one of the hottest Topic An ecosystem of sopisticated related technologies is already established: – Cloud,
Kevin Goodman CEO FSLogix Deep Dive 2014 Extend Your Existing Application Virtualization Solution with FSLogix Apps™
Restricted © Siemens AG All rights reserved A Developer’s Insights Into Performance Optimizations for Mobile Web Apps CT DC AA EM LP2 | June 2015.
By: Collin Molnar. Overview  Intro to Android  Security basics  Android architecture  Application isolation  Application permissions  Physical access.
A Multi-Dimensional Configurable Access Control Framework for Mobile Applications By: Yaira K. Rivera Sánchez Major Advisor: Steven A. Demurjian.
DeepDroid Dynamically Enforcing Enterprise Policy Manwoong (Andy) Choi
Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java.
#SummitNow Managing Mobile Content Wednesday 13 th November 2013 Mike Hatfield, Lead Engineer Mobile Apps, Alfresco Marc Dubresson, Dir. Mobile Product.
Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.
Total Enterprise Mobility Comprehensive Management and Security
Towards the privacy leakage and user fraud detection of Android applications Zhengyang Qu 1 Northwestern University, IL, US,
COMPSCI 702 DeepDroid Dynamically Enforcing Enterprise Policy on Android Devices Presenter: Jie Yuan (Jeff)
The Basics of Android App Development Sankarshan Mridha Satadal Sengupta.
What mobile ads know about mobile users
Joshua Garcia Institute for Software Research
Hybrid Cloud Web Filtering Platform
Fan Engagement Solution
Security and Programming Language Work on SmartPhones
Understanding Android Security
Boxify: Full-fledged App Sandboxing for Stock Android
Deployment Planning Services
Android System Security
Zhengyang Qu, Shahid Alam. , Yan Chen, Xiaoyong Zhou
TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime Sadiq Basha.
Rean Griffith‡, Gail Kaiser‡ Presented by Rean Griffith
How java is better than other languages according to history and uses.
CA16R405 - Mobile Application Development (Theory)
Survey Paper & Manuscript
Collaboration on-the-Go
Collaboration on-the-Go
Towards A Secure Controller Platform for OpenFlow Applications
University of California, Santa Barbara
DeFacto Planning on the Powerful Microsoft Azure Platform Puts the Power of Intelligent and Timely Planning at Any Business Manager’s Fingertips Partner.
Suwen Zhu, Long Lu, Kapil Singh
Top Reasons to Choose Android Today. Over the years the Android OS has progressed largely by acquiring major percent of global market share. A number.
Top Reasons to Choose Android Today. Over the years the Android OS has progressed largely by acquiring major percent of global market share. A number.
Shielding applications from an untrusted cloud with Haven
Understanding Android Security
Getting Started with Android…
Gesto: Mapping UI Events to Gestures and Voice Commands
Presentation transcript:

AppShield: Enabling Multi-entity Access Control Cross Platforms for Mobile App Management Zhengyang Qu1, Guanyu Guo2, Zhengyue Shao2, Vaibhav Rastogi3, Yan Chen1, Hao Chen4, Wangjun Hong1 1Northwestern University 2Zhejiang University 3University of Wisconsin, Madison 4University of California, Davis

Mobile OS Market Share, by dazeinfo.com Android OS dominance Android is the most dominant smartphone OS, which should be attributed to the wide availability of mobile applications from application marketplaces such as Google Play1 . Mobile OS Market Share, by dazeinfo.com

Android malware/spyware

Birth of bring-your-own-device Enterprise Mobility Management (EMM) Overall ecosystem: content analysis, social media integration Mobile Application Management (MAM) Application Delivery Security and Policy Mobile Device Management (MDM) OS Management and Control

Policies required in BYOD

Outline Introduction Motivation System Overview Evaluation Conclusion

Common deployment of MAM Application rewriting Mocana, AirWatch Work on all devices, NOT on all applications SDK Good, Citrix, AirWatch Work on all applications, extra developer support OS Modification Android for work on Android 5.0 and above Dependencies on OS versions or customization Limitation of portability

Android segmentation Android OS distribution snapshot in March 2015 and September 2016

Desired system Generality Convert any personal app to a business version Ability of enforcing arbitrary access control policies Multi-entity management, Role-based access control (RBAC), granularity… Portability No modifications (dependencies) on OS Completeness Stealthy channels: reflection, native code, dynamic load Cross-platform Extend to other platforms, e.g. iOS

Challenges Lack of OS support Diversity of data access behavior Android storage mechanism supports either data sharing or data isolation alone Diversity of data access behavior Native code, Java reflection, Dynamic loading Performance penalty Popular resource virtualization-based solutions have the scalability issue Android KitKat 4.4 enables the private external sd card. Cannot assume the OS version. Sharing is difficult.

Contributions A proxy-based data access mechanism to enforce arbitrary access policies without OS dependency An application rewriting mechanism inject MAM features by hooking system calls to achieve complete mediation A prototype system with low latency and resource consumption

Outline Introduction Motivation System Overview Evaluation Conclusion

Security model

Application rewriting Application decompilation Native Customized system calls, e.g., ioctl(), open() Override Global Offset Table (GOT) Bytecode Service: wrap the app, overwrite the GOT before app starts Activity: message popup, e.g., policy violation Manifest file Declaring the Service and Activity injected Request the permission to access mirror content provider Repack and sign

Proxy-based data access mechanism

Shield the privileged data File-system open(), creat(), rename(), mkdir(), remove(): rewrite the file path to the internal storage of AppShield stat(), lstat(): pass the file descriptor to business file to fstat() Content provider Mirror content provider System call ioctl(): redirect data request

Security policies File isolation Multi-entity management & RBAC Fine-grained file access control Content provider isolation

Outline Introduction Motivation System Overview Evaluation Conclusion

Effectiveness Select 50 popular apps from Google Play 35 file related apps, 15 contact provider related apps 1 app crashes; 2 apps file path “/./sdcard” 1 app cannot be rewritten; use “Intent” to directly start system contact manager app File isolation Multi-entity management & RBAC File-level granularity Content provider isolation Succeed 33/35 31/35 14/15

Reliability Select 1000 apps by popularity from Google Play in categories: Business, Finance, Medical, Productivity Execute by ADB Monkey Original version also crash: 29 in 35 Crash without code modification: 6 in 35 Total Succeed Rewriting failure Crash 1000 953 (95.3%) 12 (1.2%) 35 (3.5%)

Impact of application rewriting Micro: overall latency in 1000 data access: Macro: overall time for human to open/close a window rendering the privileged data File system Content provider Original AppShield Micro (s) 0.180 0.382 7.303 9.014 Macro (s) 1.472 1.524 1.068 1.194 Average memory usage increment: 28840.3KB Average code size increment: 33.7KB

Comparision AirWatch MOCANA GOOD Citrix Android L AppShield * Method SDK & App rewriting App rewriting SDK OS modification Isolation Sandbox Encryption DAC Multi-entity management No Yes RBAC Granularity Static Coarse dynamic File-level dynamic Sharing Online Local Portability High Low

Conclusion AppShield enforces arbitrary access control policies in the scenario of MAM Application rewriting No dependency on OS, high portability System call hooking, complete mediation Low overhead and impact on the original app

Thank you! Questions? http://list.cs.northwestern.edu/mobile/

System call hooking

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.