Understanding and Defending Binder Attack Surface in Android

Slides:



Advertisements
Similar presentations
Slides on cross-domain call and Remote Procedure Call (RPC)
Advertisements

Remote Procedure Call (RPC)
Remote Procedure Call Design issues Implementation RPC programming
The Intelligent Fuzzing in TTCN-3 Xu Luo, Wu Ji, Liu Chao Software Engineering Institute Beihang University
Implementing Remote Procedure Calls Andrew Birrell and Bruce Nelson Presented by Kai Cong.
Tutorials 2 A programmer can use two approaches when designing a distributed application. Describe what are they? Communication-Oriented Design Begin with.
Middleware Technologies compiled by: Thomas M. Cosley.
Apache Axis: A Set of Java Tools for SOAP Web Services.
Outcomes What is RPC? The difference between conventional procedure call and RPC? Understand the function of client and server stubs How many steps could.
490dp Prelude: Design Report Remote Invocation Robert Grimm (borrowing some from Hank Levy)
Remote Procedure Calls. 2 Client/Server Paradigm Common model for structuring distributed computations A server is a program (or collection of programs)
.NET Mobile Application Development Remote Procedure Call.
K. Jamroendararasame*, T. Matsuzaki, T. Suzuki, and T. Tokuda Department of Computer Science, Tokyo Institute of Technology, JAPAN Two Generators of Secure.
Silberschatz, Galvin and Gagne  2002 Modified for CSCI 399, Royden, Operating System Concepts Operating Systems Lecture 12 Communicating over.
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Other Topics RPC & Middleware.
1 Chapter 38 RPC and Middleware. 2 Middleware  Tools to help programmers  Makes client-server programming  Easier  Faster  Makes resulting software.
Distributed Processing and Client/Server
11 September 2008CIS 340 # 1 Topics To examine the variety of approaches to handle the middle- interaction (continued) 1.RPC-based systems 2.TP monitors.
Introduction to Distributed Systems Slides for CSCI 3171 Lectures E. W. Grundke.
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
SEMINOR. INTRODUCTION 1. Middleware is connectivity software that provides a mechanism for processes to interact with other processes running on multiple.
CE Operating Systems Lecture 3 Overview of OS functions and structure.
 Remote Procedure Call (RPC) is a high-level model for client-sever communication.  It provides the programmers with a familiar mechanism for building.
CSE 451: Operating Systems Winter 2015 Module 22 Remote Procedure Call (RPC) Mark Zbikowski Allen Center 476 © 2013 Gribble, Lazowska,
INTRODUCTION TO DBS Database: a collection of data describing the activities of one or more related organizations DBMS: software designed to assist in.
Shuman Guo CSc 8320 Advanced Operating Systems
WINDOWS NT Network Architecture Amy, Mei-Hsuan Lu CML/CSIE/NTU August 19, 1998.
Remote Method Invocation by James Hunt, Joel Dominic, and Adam Mcculloch.
1 Chapter 38 RPC and Middleware. 2 Middleware  Tools to help programmers  Makes client-server programming  Easier  Faster  Makes resulting software.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
Analyzing Input Validation vulnerabilities in Android System Services NAMJUN PARK (NPAR350)
CopperDroid Logan Horton. Android - Background Android is complicated to analyse due to having 2 places to check for code execution Normally, code is.
Topic 4: Distributed Objects Dr. Ayman Srour Faculty of Applied Engineering and Urban Planning University of Palestine.
Object Interaction: RMI and RPC 1. Overview 2 Distributed applications programming - distributed objects model - RMI, invocation semantics - RPC Products.
Introduction to Distributed Systems Slides for CSCI 3171 Lectures E. W. Grundke.
Identify internal hardware devices (e. g
Java Distributed Computing
Understanding and Defending Binder Attack Surface in Android
Boxify: Full-fledged App Sandboxing for Stock Android
Credits: 3 CIE: 50 Marks SEE:100 Marks Lab: Embedded and IOT Lab
Karthik Dantu and Steve Ko
CS533 Concepts of Operating Systems
Defending Binder Attack Surfaces in Android
Out-of-Process Components
Binder Attack Surface in Android
Knowledge Byte In this section, you will learn about:
CSE 451: Operating Systems Winter 2006 Module 20 Remote Procedure Call (RPC) Ed Lazowska Allen Center
Interpreter Style Examples
DISTRIBUTED COMPUTING
Lecture 4: RPC Remote Procedure Call Coulouris et al: Chapter 5
Sarah Diesburg Operating Systems COP 4610
CSE 451: Operating Systems Autumn 2003 Lecture 16 RPC
CSE 451: Operating Systems Winter 2007 Module 20 Remote Procedure Call (RPC) Ed Lazowska Allen Center
Lecture 4: RPC Remote Procedure Call CDK: Chapter 5
CSE 451: Operating Systems Winter 2004 Module 19 Remote Procedure Call (RPC) Ed Lazowska Allen Center
CSE 451: Operating Systems Spring 2012 Module 22 Remote Procedure Call (RPC) Ed Lazowska Allen Center
CSE 451: Operating Systems Autumn 2009 Module 21 Remote Procedure Call (RPC) Ed Lazowska Allen Center
Presented by Neha Agrawal
Remote Procedure Call Hank Levy 1.
Introduction to Web Services
Lecture 6: RPC (exercises/questions)
Out-of-Process Components
Remote Procedure Call Hank Levy 1.
CSE 451: Operating Systems Autumn 2010 Module 21 Remote Procedure Call (RPC) Ed Lazowska Allen Center
Lecture 6: RPC (exercises/questions)
Lecture 7: RPC (exercises/questions)
CSE 451: Operating Systems Winter 2003 Lecture 16 RPC
Remote Procedure Call Hank Levy 1.
Last Class: Communication in Distributed Systems
CSE 451: Operating Systems Messaging and Remote Procedure Call (RPC)
Presentation transcript:

Understanding and Defending Binder Attack Surface in Android By Wen-Kai Chen

Motivation Android as the most popular smartphone OS Developers not trust worthy Inter-process communication (IPC) Different attack methods (DoS, Information Leakage, Crash System…etc.) Where are the security boundaries in Android? What are the vulnerabilities in Android? Solutions? Prevent attack? Diagnose Attack?

Background: Communication [Part 1] Client side Server side IPC (Inter Process Communication) Binder Specific IPC Communication between 2 processes ioctl with Binder Library syscall with kernel level driver Transaction marshalled into parcel object Client/Server architecture

Background: Communication [Part 2] AIDL (Android Interface Definition Language) Relieves tasks on developer Hide details on binder and RPC (Remote Procedural Call) Stubs and Proxy created Remote Procedural Call (RPC) Initiated by client Sends message to remote server Message contains parameter including data types – packed by stubs (aka marshalling) Within Binder Transaction [1] https://developer.android.com/reference/android/os/Binder.html

Problems Analyzed 115 Android Source Codes Sanity check client-side public API RPC parameters unchecked and deserialization process unprotected. Fuzzing - Binder transaction with non-primitive data types Uncaught exception & Erroneous Input (Crash + Reboot) Null parameters also causes crash Manipulate RPC parameters Inputs an important factor of security Injection on client-side

Ideas/Solutions for Security [Part 1] Root cause analysis (Suggestion) Server double checks on input parameters Precautionary Testing (Suggestion) Before ROM release Static code analysis tool (aka “lint”). Inspection/Add metadata E.g @NonNull “lint” on RPC input Introduction of BinderCracker software (Implmented) Testing Binder-Based RPC Used before each product release Identify vulnerabilities report to AOSP (Android Open Source Project) Manage dependencies across transactions Recording component Fuzzing component

Ideas/Solutions for Security [Part 2] BinderCracker Matching input/output of adjacent transaction, construction of dependency graph Record seed transactions and dependencies, then fuzz system service Monitor input/output Replay transaction before fuzzing Runtime Diagnostic Tool Maintains sender, schema, content, passing information for each transaction in case of failure. Provide detailed report of transaction. Warn user with visual prompt Diagnose instead of preventing problems

What’s Wrong? [Part 1] BinderCracker Only identifies vulnerabilities in Binder based RPC Insufficient solutions Effectiveness of reporting to AOSP Actual solution? 18 Fixes out of 137 Vulnerabilities found

What’s Wrong? [Part 2] Data types within RPC Hard to sanitize Root cause analysis, precautionary analysis and runtime diagnostic tool as suggestion Clear boundaries/rules not identified Not being able to identify who causes the crash and why it crashed DoS Attack is not fixed by BinderCracker

Improvements Implementation of ”lint” to RPC should be carried out and used with BinderCracker Collaborate diagnostic tool with BinderCracker Report + Vulnerabilities BinderCracker itself does not fix the problem identified, rather it only act as vulnerability identifier.

My Opinion Article is mainly about identifying vulnerabilities Developer should be careful with IPC Sanity check is important in both client and server side Not only attack in Binder, other attacks on cryptography is important too.

Thanks for listening

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.