Binder Attack Surface in Android

Slides:



Advertisements
Similar presentations
Win the Cyberwar on Mobile Banking and Payments
Advertisements

Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
SAFETYCHECK Eric Hatch | David Allen |Bailee Lucas| Austin Rhodes.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson.
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.
Security of Mobile Applications Vitaly Shmatikov CS 6431.
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
Emerging Platform#4: Android Bina Ramamurthy.  Android is an Operating system.  Android is an emerging platform for mobile devices.  Initially developed.
CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
Presentation By Deepak Katta
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
About me Yichuan Wang Android Basics Credit goes to Google and UMBC.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Smart Phone Laboratory ECEN 489 Srinivas Shakkottai.
Ether: Malware Analysis via Hardware Virtualization Extensions Author: Artem Dinaburg, Paul Royal, Monirul Sharif, Wenke Lee Presenter: Yi Yang Presenter:
User Interface Toolkit Mechanisms For Securing Interface Elements Franziska Roesner, James Fogarty, Tadayoshi Kohno Computer Science & Engineering DUB.
Crowd-sourced Lost and Found Application Motivation and Goals Architecture Implementation Details Progress References By- Jwala Mohith Girisha, Rajani.
ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.
Android Security Model that Provide a Base Operating System Presented: Hayder Abdulhameed.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Mobile Application Security on Android Originally presented by Jesse Burns at Black Hat
CISC Machine Learning for Solving Systems Problems Presented by: Suman Chander B Dept of Computer & Information Sciences University of Delaware Automatic.
Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.
Speaker: Xiaojiang Du Authors: Xiali Hei, Xiaojiang Du and Shan Lin Temple University.
VMM Based Rootkit Detection on Android
Java Programming: Advanced Topics 1 Building Web Applications Chapter 13.
TCS Internal Security. 2 TCS Internal Objective Objective :  Android Platform Security Architecture.
Implementation of Simple Cloud-based Distributed File System Group ID: 4 Baolin Wu, Liushan Yang, Pengyu Ji.
Nguyen Thi Thanh Nha HMCL by Roelof Kemp, Nicholas Palmer, Thilo Kielmann, and Henri Bal MOBICASE 2010, LNICST 2012 Cuckoo: A Computation Offloading Framework.
DeepDroid Dynamically Enforcing Enterprise Policy Manwoong (Andy) Choi
THREATS, VULNERABILITIES IN ANDROID OS BY DNYANADA PRAMOD ARJUNWADKAR AJINKYA THORVE Guided by, Prof. Shambhu Upadhyay.
“What the is That? Deception and Countermeasures in the Android User Interface” Presented by Luke Moors.
CopperDroid Logan Horton. Android - Background Android is complicated to analyse due to having 2 places to check for code execution Normally, code is.
COMPSCI 702 DeepDroid Dynamically Enforcing Enterprise Policy on Android Devices Presenter: Jie Yuan (Jeff)
Mary Ganesan and Lora Strother Campus Tours Using a Mobile Device.
The Troubleshooting Process. Hardware Maintenance Make sure that the hardware is operating properly.  Check the condition of parts.  Repair or replace.
ANDROID ACCESS CONTROL Presented by: Justin Williams Masters of Computer Science Candidate.
Mobile Hacking - Fundamentals
Understanding and Defending Binder Attack Surface in Android
Security of Digital Signatures
Containers as a Service with Docker to Extend an Open Platform
Android Application -Architecture.
More Security and Programming Language Work on SmartPhones
Free for All! Assessing User Data Exposure to Advertising Libraries on Android Campbell Foskin.
Understanding Android Security
Boxify: Full-fledged App Sandboxing for Stock Android
Android System Security
Defending Binder Attack Surfaces in Android
Sangeun Oh, Hyuck Yoo, Dae R. Jeong, Duc Hoang Bui, and Insik Shin
A Security Review Process for Existing Software Applications
Enterprise Computing Collaboration System Example
MobiSys 2017 Symbolic Execution of Android Framework with Applications to Vulnerability Discovery and Exploit Generation Qiang Zeng joint work with Lannan.
Understanding and Defending Binder Attack Surface in Android
Security mechanisms and vulnerabilities in .NET
Epidemic Alerts EECS E6898: TOPICS – INFORMATION PROCESSING: From Data to Solutions Alexander Loh May 5, 2016.
The Top 10 Reasons Why Federated Can’t Succeed
Software Defined Networking (SDN)
Application Development A Tutorial Driven Course
Android Topics UI Thread and Limited processing resources
Android Developer Fundamentals V2
Mobile App Advertisements
Understanding Android Security
Emerging Platform#3 Android & Programming an App
Lecture 6: Process, Thread, Task
AI Discovery Template IBM Cloud Architecture Center
Mobile Security What is mobile secuirty & Identifying smartphone security holes& Sayed Hashimi Proposal Project.
When Machine Learning Meets Security – Secure ML or Use ML to Secure sth.? ECE 693.
Presentation transcript:

Binder Attack Surface in Android Compsci 702 – Mobile Security Article by Huan Feng and Kang G. Shin 3/May/2017 Seung Ho Lee

Motivation Android dominates the global market. Share of more than 82% Over 1.4 billion android devices and 1.6 million mobile apps in Google Play in 2015 The applications are not always safe. Inexperienced Careless Malicious Multiple reports on Common Vulnerabilities and Exposures(CVE). Exploiting the Binder interface Isolation between apps and the system. Improves: Robustness Security

Background Android communication mechanism for system services. Inter-Process Communication (IPC) mechanism Binder as cornerstone Binder. Client-server architecture An attack gateway (entry point) 137 vulnerabilities were identified and 115 of them were analysed. Less security checks after client side API call Misconception on the security boundary in Android system service.

Research Question System developers overlook the security principles of client-server, why does this happen and what can be done to improve this problem?

Problems Root Cause Analysis Binder Driver Binder Interface System Services X-Manager X-Manager.Stub.Proxy AIDL Attacker1 Attacker2 Severe sanity checks Sporadic sanity checks RPC(Input parameters) Serialized Bytes Write to Parcel Injecting faulty transaction Calling public APIs Root Cause Analysis Hidden (private) RPC methods are never exposed to public APIs. Bypassing sanity checks around the public APIs. Malicious inputs are de-serialized in the server side.

Solutions Precautionary Testing Framework. BinderCracker. Runtime Diagnostics and Defences. System layer diagnostic tool.

BinderCracker Context-aware fuzzing framework Recording component -> collects detailed information of transactions, e.g., parameter types, structure and dependencies. Fuzzing component -> replays and manipulates the schema that is gathered from the recording component. Taget.handle – the serivce, obtained by replaying. Code – RPC method to fuzz Data – serialized bytes of the list of parameters Face Recognition Camera Explicit Input: A picture with face Implicit Input: Camera (byte)

OS level runtime diagnostic support Can be implemented by using the recording component in BinderCracker. The sender of a transaction => Binder.getCallingUid() The package name of the sender => querying PackageManagerService with the id If an incoming transaction fails: Records the sender’s detail Content, schema and parsing status are dumped into a report The user can review it and block the same transaction in the future Warns the user with visual prompt

Results BinderCracker OS level runtime diagnostic support 89 vulnerabilities are detected in Android 5.1 and Android 6.0 that is 7x more vulnerabilities than a simple black-box fuzzing approach OS level runtime diagnostic support User receives a visual prompt when a transaction fails and can block the same transaction in future.

Summary System developers overlooked the security of system services Security principle is disobeyed Attacks on Binder interface Precautionary testing framework & Runtime diagnosis Better performance on the vulnerability discovery & protection

Issues BinderCracker Runtime Diagnostic Support The effectiveness depends on the coverage and quality of the transactions Doesn’t solve the problem Runtime Diagnostic Support Still fails at the first time

System transaction storage Improvements System call Runtime Simulator/VM System transaction storage First time BinderCracker Unsafe, notify the user Safe to be called Proven to be safe from previous transactions System Service UI Unsafe, notify the user

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.