Systematic Detection of capability leaks in stock android smartphones

Slides:



Advertisements
Similar presentations
Syracuse University, New York, USA
Advertisements

PScout: Analyzing the Android Permission Specification
DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis Lok Kwong Yan, and Heng Yin Syracuse University.
Presented By Abhishek Singh Computer Science Department Kent state University WILLIAM ENCK, MACHIGAR ONGTANG, AND PATRICK MCDANIEL.
Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.
CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerability Chao Shi CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities.
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID David Barrera, H. Güne¸s Kayacık, P.C. van Oorschot,
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
Security of Mobile Applications Vitaly Shmatikov CS 6431.
ANDROID PROGRAMMING MODULE 1 – GETTING STARTED
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
IOS & Android Security, Hacking and Tweaking Workshop D.Papamartzivanos University Of the Aegean – Info Sec Lab Android Security – Cydia Substrate Dimitris.
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.
박 종 혁 컴퓨터 보안 및 운영체제 연구실 MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications,
Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang Department of Computer Science North Carolina State University CCS 2013.
Detecting and Preventing Privilege- Escalation on Android Jiaojiao Fu 1.
Harvesting Developer Credentials in Android Apps
Authors: William Enck The Pennsylvania State University Peter Gilbert Duke University Byung-Gon Chun Intel Labs Landon P. Cox Duke University Jaeyeon Jung.
Information Systems Security Computer System Life Cycle Security.
APKInspector -Static Analysis of Android Applications Student: Yuan Tian Mentor: Cong Zheng Backup Mentor: Anthony Kara Jianwei 08/22/2012.
Permission Evolution in the Android Ecosystem Xuetao Wei, Lorenzo Gomez, Iulian Neamtiu, Michalis Faloutsos Department of Computer Science and Engineering.
Presented by: Tom Staley. Introduction Rising security concerns in the smartphone app community Use of private data: Passwords Financial records GPS locations.
TRUST NEGOTIATION IN ONLINE BUSINESS TRANSACTIONS BY CHANDRAKANTH REDDY.
Rajab Davudov. Agenda Eclipse, ADT and Android SDK APK file Fundamentals – Activity – Service – Content Provider – Broadcast Receiver – Intent Hello World.
University of Central Florida TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Written by Enck, Gilbert,
Effective Real-time Android Application Auditing
2011/12/20 1 Tongbo Luo, Hao Hao, Wenliang Du, Yifei Wang, and Heng Yin Syracuse University ACSAC 2011.
CompSci 725 RiskRanker Authors Michael Grace - North Carolina State University, Raleigh, NC, USA & NQ Mobile Security Research Center, Beijing, China Yajin.
Grace. M, Zhou. Y, Shilong. Z, Jiang. X.  RiskRanker analyses the paths within an android application  Potentially malicious security risks are flagged.
Leave Me Alone: App- level Protection Against Runtime Information Gathering on Android NAN ZHANG, KAN YUAN, MUHAMMAD NAVEED†, XIAOYONG ZHOU AND XIAOFENG.
Protecting Browsers from Extension Vulnerabilities Paper by: Adam Barth, Adrienne Porter Felt, Prateek Saxena at University of California, Berkeley and.
Android Permissions Demystified
Android Permissions Remystified: A Field Study on Contextual Integrity Presenter: Hongyang Zhao Primal Wijesekera (UBC) Arjun Baokar (UC Berkeley) Ashkan.
Android and IOS Permissions Why are they here and what do they want from me?
“What the is That? Deception and Countermeasures in the Android User Interface” Presented by Luke Moors.
The Ingredients of Android Applications. A simple application in a process In a classical programming environment, the OS would load the program code.
Input Validation vulnerabilities in Android System Services Sukwon Choi scho668.
WHAT THE APP IS THAT? DECEPTION AND COUNTERMEASURES IN THE ANDROID USER INTERFACE.
Database and Cloud Security
CS457 Introduction to Information Security Systems
Mobile Hacking - Fundamentals
BUILD SECURE PRODUCTS AND SERVICES
Smartphone Security Evaluation
Threat Modeling for Cloud Computing
More Security and Programming Language Work on SmartPhones
Android Mobile Application Development
Free for All! Assessing User Data Exposure to Advertising Libraries on Android Campbell Foskin.
CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.
Security and Programming Language Work on SmartPhones
TriggerScope: Towards Detecting Logic Bombs in Android Applications
Understanding Android Security
Android System Security
Android Runtime – Dalvik VM
AUDACIOUS: USER DRIVEN ACCESS CONTROL WITH UNMODIFIED OPERATING SYSTEM
Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques Presented by Vikraman Mohan.
Presented by Xiaohui (Amy) Lin
SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities Yuchen Zhou, and David Evans 23rd USENIX Security Symposium, August,
Presented by Hussein Almulla
TriggerScope Towards detecting logic bombs in android applications
Analyzing WebView Vulnerabilities in Android Applications
All You Ever Wanted to Know About Dynamic Taint Analysis & Forward Symbolic Execution (but might have been afraid to ask) Edward J. Schwartz, Thanassis.
Systems Analysis and Design
Graph Coverage for Specifications CS 4501 / 6501 Software Testing
Mobile App Advertisements
Understanding Android Security
Mobile Programming Dr. Mohsin Ali Memon.
Presentation transcript:

Systematic Detection of capability leaks in stock android smartphones 2018/9/20 Systematic Detection of capability leaks in stock android smartphones Michael Grace, Yajin Zhou, Zhi Wang, Xuxian Jiang North Carolina State University NDSS 2012

Outline Introduction System Design Implementation Evaluation 2018/9/20 Outline Introduction System Design Implementation Evaluation Discussion Related Work Conclusions

2018/9/20 Introduction Wookpecker systematically analyzes each app on the phone to explore the reachability of a dangerous permission from a public, unguarded interface.

Introduction Explicit Capability Leaks Implicit Capability Leaks 2018/9/20 Introduction Explicit Capability Leaks Allow an app to successfully access certain permissions by exploiting some publicly-accessible interfaces or services without actually requesting these permissions by itself Implicit Capability Leaks Allow the same, but instead of exploiting some public interfaces or services, permit an app to acquire or “inherit” permissions from another app with the same signing key (presumably by the same author)

2018/9/20 Introduction Focus on 13 representative privileged permissions that protect sensitive user data or phone features Among these 13 privileged permissions, 11 were explicitly leaked, with individual phones leaking up to eight permissions

2018/9/20 System Design Focus on those permissions used by the pre-loaded apps as part of an Android phone’s firmware, since the firmware has access to some permissions that are too privileged to be granted to third-party apps

2018/9/20 System Design Starting from some public interface, there exists an execution path that can reach some use of the capability If this public interface is not guarded by a permission requirement, and the execution path does not have sanity checking in place to prevent it from being invoked by another unrelated app, we consider the capability leaked.

2018/9/20 System Design Implicit capability leaks arise from the abuse of an optional attribute in the manifest file, i.e.,“sharedUserId” As permissions are granted to user identifiers, this causes all the apps sharing the same identifier to be granted the union of all the permissions requested by each app.

System Design - Explicit Capability Leak Detection 2018/9/20 System Design - Explicit Capability Leak Detection First: possible-path identification Extract a pre-loaded app’s Dalvik bytecode, then build a CFG to locate possible execution paths Issue 1: object references Issue 2: extensive use of callbacks

System Design - Explicit Capability Leak Detection 2018/9/20 System Design - Explicit Capability Leak Detection Second: feasible path refinement Symbolic path simulation Many potential paths exist Most are either impossible or uninteresting Must prune these uninteresting paths Explicit permission checks are “infeasible paths”

System Design - Implicit Capability Leak Detection 2018/9/20 System Design - Implicit Capability Leak Detection If an app has a sharedUserId in its manifest but does not request a certain (dangerous) permission, we also need to investigate the possibility of an implicit capability leak

System Design - Implicit Capability Leak Detection 2018/9/20 System Design - Implicit Capability Leak Detection We consider a capability to have been implicitly leaked if there is any way to exercise it, which is different from explicit capability leak detection

Implementation Using baksmali disassembler tool Using adb to obtain 2018/9/20 Implementation Using baksmali disassembler tool Using adb to obtain /system/app and /system/framework AndroidManifest.xml sharedUserId attribute Compute the actual set of permissions granted to each pre-loaded app classes.dex or odex

Implementation Control-Flow Graph Construction Entry Point AIDL 2018/9/20 Implementation Control-Flow Graph Construction Entry Point AIDL Binder.onTransact() Callbacks EX: Thread().start()  run() onTransact() 是 Service 收到 request 的處理函數

2018/9/20 Implementation Cover 13 permissions:

Implementation Capability Leak Detection 2018/9/20 Implementation Capability Leak Detection List the related APIs that might exercise the permissions The available API documentation is incomplete about which APIs a permission grants access to “android.permission.MASTER_CLEAR” – for factory reset Explicit If a state exists that contains a dangerous-call field modification and does not have the corresponding permission-check flag set

2018/9/20 Evaluation Eight studied Android smartphones:

2018/9/20 Evaluation Capability leak results

2018/9/20 Evaluation Smartphones with more pre-loaded apps tend to be more likely to have explicit capability leaks Nexus One / Nexus S com.svox.pico defines which can be tricked to remove another app, com.svox.pico.langpack.installer by any other third-party app

Evaluation – Case Study 2018/9/20 Evaluation – Case Study Explicit Capability Leaks (without Arguments) Samsung Epic 4G com.sec.android.app.SelectiveReset app Intent android.intent.action.SELECTIVE_RESETIntent SelectiveResetService Intent SelectiveResetReceiver SelectiveResetApp masterClear()

Evaluation – Case Study 2018/9/20 Evaluation – Case Study Explicit Capability Leaks (without Arguments) HTC EVO 4G REBOOT and SHUTDOWN FREESE

Evaluation – Case Study 2018/9/20 Evaluation – Case Study Explicit Capability Leaks (with Arguments) HTC com.android.mms  com.htc.messaging.service.SmsSenderService Intent with Extras

Evaluation – Case Study 2018/9/20 Evaluation – Case Study Explicit Capability Leaks (with Arguments) Samsung Epic 4G CALL_PHONE Technical assistance HTC RECORD_AUDIO

Evaluation – Case Study 2018/9/20 Evaluation – Case Study Implicit Capability Leaks HTC Wildfire S com.android.MessageTab Use CALL_PRIVILEGED w/o declaring it in manifest file sharedUserId: “android.uid.shared” com.android.MessageTab.ContactDetailMessageActivity2 android.mms.ui.MessageUtils.getMakeCallDirectlyIntent()

2018/9/20 Evaluation Performance – processing time

Discussion Confused deputy attack Avoid unsafely exposing capabilities 2018/9/20 Discussion Confused deputy attack Inter-app interactions are usually application-specific, so it’s hard for Android framework to infer the associated semantics Avoid unsafely exposing capabilities Develop a validator tool releasing w/ Android SDK App-defined permissions 3rd-party capability leaks

Related Work Problems with Permissions Information Leak Detection 2018/9/20 Related Work Problems with Permissions Kirin, Soundcomber, Guess Who’s Texting You Information Leak Detection TaintDroid Market Issue DroidRanger

2018/9/20 Conclusions Capability leaks present a tangible threat to security and privacy on existing Android smartphones We present a system, Woodpecker, to detect these capability leaks

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.