Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.

Slides:

Advertisements

Similar presentations

Android Application Development A Tutorial Driven Course.

Advertisements

Android OS : Core Concepts Dr. Jeyakesavan Veerasamy Sr. Lecturer University of Texas at Dallas

Aurasium: Practical Policy Enforcement for Android Applications

DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis Lok Kwong Yan, and Heng Yin Syracuse University.

Android architecture overview

Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.

Implementation of an Android Phone Based Video Streamer 2010 IEEE/ACM International Conference on Green Computing and Communications 2010 IEEE/ACM International.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson.

DEPARTMENT OF COMPUTER ENGINEERING

This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit

Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department.

Case study 2 Android – Mobile OS.

Emerging Platform#4: Android Bina Ramamurthy.  Android is an Operating system.  Android is an emerging platform for mobile devices.  Initially developed.

Android Middleware Bo Pang

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

Android Introduction Platform Overview.

Mobile Application Development with ANDROID. Agenda Mobile Application Development (MAD) Intro to Android platform Platform architecture Application building.

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

Introduction to Android Swapnil Pathak Advanced Malware Analysis Training Series.

Detecting and Preventing Privilege- Escalation on Android Jiaojiao Fu 1.

Authors: William Enck The Pennsylvania State University Peter Gilbert Duke University Byung-Gon Chun Intel Labs Landon P. Cox Duke University Jaeyeon Jung.

All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영

Presented by: Kushal Mehta University of Central Florida Michael Spreitzenbarth, Felix Freiling Friedrich-Alexander- University Erlangen, Germany michael.spreitzenbart,

APKInspector -Static Analysis of Android Applications Student: Yuan Tian Mentor: Cong Zheng Backup Mentor: Anthony Kara Jianwei 08/22/2012.

Copyright© Jeffrey Jongko, Ateneo de Manila University Android.

ANDROID Presented By Mastan Vali.SK. © artesis 2008 | 2 1. Introduction 2. Platform 3. Software development 4. Advantages Main topics.

Monitoring Malware at Runtime. From Last Lecture Malware authors use advanced coding for avoiding detection AnserverBot is a very sophisticate piece of.

DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Fall 2015 Instructor: Kun Sun, Ph.D.

Android for Java Developers Denver Java Users Group Jan 11, Mike

University of Central Florida TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Written by Enck, Gilbert,

AppShield: A Virtual File System in Enterprise Mobility Management Zhengyang Qu 1 Northwestern University, IL, US,

Android Security Auditing Slides and projects at samsclass.info.

Android Security Extensions. Android Security Model Main objective is simplicity Users should not be bothered Does the user care? Most do not care…until.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

ANDROID BY:-AANCHAL MEHTA MNW-880-2K11. Introduction to Android Open software platform for mobile development A complete stack – OS, Middleware, Applications.

Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.

Wireless and Mobile Security

Dynamic Vetting Android Applications for Privilege-escalation Risks Jiaojiao Fu 1.

VMM Based Rootkit Detection on Android

TCS Internal Security. 2 TCS Internal Objective Objective :  Android Platform Security Architecture.

Nguyen Thi Thanh Nha HMCL by Roelof Kemp, Nicholas Palmer, Thilo Kielmann, and Henri Bal MOBICASE 2010, LNICST 2012 Cuckoo: A Computation Offloading Framework.

Analysis And Research Of System Security Based On.

Android operating system N. Sravani M. Tech(CSE) (09251D5804)

By: Collin Molnar. Overview  Intro to Android  Security basics  Android architecture  Application isolation  Application permissions  Physical access.

DeepDroid Dynamically Enforcing Enterprise Policy Manwoong (Andy) Choi

Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java.

The Ingredients of Android Applications. A simple application in a process In a classical programming environment, the OS would load the program code.

COMPSCI 702 DeepDroid Dynamically Enforcing Enterprise Policy on Android Devices Presenter: Jie Yuan (Jeff)

ANDROID ACCESS CONTROL Presented by: Justin Williams Masters of Computer Science Candidate.

The Basics of Android App Development Sankarshan Mridha Satadal Sengupta.

Intro To Android Programming

Module 51 (Mobile Device Fundamentals - Android)

Computer System Structures

Android Mobile Application Development

Android Development.

Understanding Android Security

Boxify: Full-fledged App Sandboxing for Stock Android

Android System Security

Android Runtime – Dalvik VM

Chapter 2: Operating-System Structures

CMPE419 Mobile Application Development

Mobile Pen Testing w/ drozer

Suwen Zhu, Long Lu, Kapil Singh

Application Development A Tutorial Driven Course

Understanding Android Security

Android Platform, Android App Basic Components

Emerging Platform#3 Android & Programming an App

Presentation transcript:

Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012

Goal Address the multiple threats posed by malicious applications on Android

Android Malicious Apps

Introduction to Android Security Features  Process Isolation  Linux user/group permission  App requests permission to OS functionalities Most checked in remote end i.e. system services A few (Internet, Camera) checked in Kernel, as special user group

Introduction to Android Security Features Application Code Activity Service Broadcast Receiver Content Provider Framework Code Kernel Boundary Process Boundary com.android.demo. app Binder (IPC) Telephony Manger Location Manger Activity Manager Package Manager …… Framework Code Socket Camera System Services Permission Check Permission Check Android Runtime (Dalvik VM)

Malicious Android Apps Abuse permissions Access and transmit private data Access to malicious remote servers Application-level privilege escalation Gain root privilege

Alternative Approaches App vetting: Google’s Bouncer  40% decrease in malware  Ineffective once App installed on the device AV products:  Scanning  Have no visibility into the runtime of an App Fine grain permissions checking  Require modifications to the OS Virtualization  Require modification to the OS

Related work Existing Work  TaintDroid (OSDI 10)  CRePE (ISC 10)  AppFence (CCS 11)  Quire (USENIX Security 2011)  SELinux on Android  Taming Privilege-Escalation (NDSS 2012) Limitations  Modify OS – requires rooting and flashing firmware.

Related Approaches Hardware Linux kernel Android Middleware QuireSELinux TainDroid AppFence CRePE Information flow Access control Call chain IPC

Solution: Aurasium Hardware Linux kernel Android Middleware X Repackage Apps to intercept all Interactions with the OS Information flow Access control Call chain IPC and many more! X

Aurasium Internals Two Problems to Solve  Introducing alien code to arbitrary application package  Reliably intercepting application interaction with the OS

Aurasium Internals How to add code to existing applications  Android application building and packaging process Java Source Code Application Resource.class files Classes.dex javacdx Compiled Resources AndroidManifest.xml Application Package (.apk) aapt Other Files Zip & Sign

Aurasium Internals How to add code to existing applications  apktool Application Resources.smali files Classes.dex Compiled Resources Textual AndroidManifest.xml Application Package Insert Our Java Code Other Files Insert Metadata Insert Our Native Library apktool Secured Application apktool

Aurasium Internals How to Intercept  A closer look at app process Application Code Framework Code - Java Kernel Framework Code - Native (C++) Java Native Interface libdvm.solibandroid_runtime.solibbinder.so ……. libm.solibstdc++.solibc.so

Aurasium Internals How to Intercept  Example: Socket Connection Application Code Framework - Java Framework - Native Java Native Interface Native Libraries ApkMonitorActivity.onClick() HttpURLConnectionImpl.makeConnection() HttpConnection. () Socket.connect() PlainSocketImpl.connect() OSNetworkSystem.connect() libnativehelper.so libc.so

Aurasium Internals How to Intercept  Intercept at lowest boundary – libc.so Application Code Framework Code – Native (C++) Framework Code - Java Java Native Interface libdvm.solibandroid_runtime.solibbinder.so ……. libm.solibstdc++.solibc.so Monitoring Code Detour

Aurasium Internals How to Intercept  Key: Dynamically linked shared object file  Essence: Redo dynamic linking with pointers to our detour code. somelib.so libc.so Monitoring Code X

What can you do with Aurasium? Total visibility into the interactions of an App with the OS and other Apps Internet connections  connect() IPC Binder communications  ioctl() File system manipulations  write(), read() Access to resources  Ioctl(), read, write() Linux system calls  fork(), execvp()

Aurasium Overview How to add code to existing applications  apktool Application Resources.smali files Classes.dex Compiled Resources Textual AndroidManifest.xml Application Package Insert Our Java Code Other Files Insert Metadata Insert Our Native Library apktool Secured Application apktool Detour libc calls Point to Detour Activity GUI & Policy

Evaluation

Tested on Real-world Apps  3491 apps from third-party application store.  1260 malware corpus from Android Genome.  Results Repackaging:  3476/1258 succeed (99.6%/99.8%)  Failure mode: apktool/baksmali assembly crashes Device runs  Nexus S under Monkey – UI Exerciser in SDK  Intercept calls from all of 3189 runnable application.

Limitations 99.9% is not 100% Manual edit of Apps as a workaround Native code can potentially bypass Aurasium Repackaging time: very slow Security policies defined by developers

Conclusion New approach to Android security/privacy Per-app basis, no need to root phone Tested against many real world apps Have certain limitations

The End Try it out at