Analysis of the Communication between Colluding Applications on Modern Smartphones Claudio Marforio 1, Hubert Ritzdorf 1, Aurélien Francillon 2, Srdjan.

Slides:

Advertisements

Similar presentations

Operating Systems Components of OS

Advertisements

Section 6.2. Record data by magnetizing the binary code on the surface of a disk. Data area is reusable Allows for both sequential and direct access file.

Hi-Fi: Collecting High-Fidelity Whole-System Provenance Devin J.Pohly 1, Stephen McLaughlin 1, Patrick McDaniel 1, Kevin Butler 2 1 Pennsylvania State.

Roman Schlegel City University of Hong Kong Kehuan Zhang Xiaoyong Zhou Mehool Intwala Apu Kapadia XiaoFeng Wang Indiana University Bloomington NDSS SYMPOSIUM.

CS 443 Advanced OS Fabián E. Bustamante, Spring 2005 Resource Containers: A new Facility for Resource Management in Server Systems G. Banga, P. Druschel,

Location Cheating: A Security Challenge to Location- based Social Network Services Wenbo He 1, Xue Liu 2, Mai Ren 1 1 University of Nebraska-Lincoln 2.

1/1/ / faculty of Electrical Engineering eindhoven university of technology Introduction Part 3: Input/output and co-processors dr.ir. A.C. Verschueren.

Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.

Intraship Integration Control Instructor: TV Prabakar.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.

INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.

Introduction to Systems Architecture Kieran Mathieson.

3.5 Interprocess Communication Many operating systems provide mechanisms for interprocess communication (IPC) –Processes must communicate with one another.

2: OS Structures 1 Jerry Breecher OPERATING SYSTEMS STRUCTURES.

Chapter 12 File Management Systems

1 Chapter 4 Threads Threads: Resource ownership and execution.

Input/Output and Communication

Introduction. Why Study OS? Understand model of operation –Easier to see how to use the system –Enables you to write efficient code Learn to design an.

SIMULATING ERRORS IN WEB SERVICES International Journal of Simulation: Systems, Sciences and Technology 2004 Nik Looker, Malcolm Munro and Jie Xu.

Operating Systems.

Slide 1-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 1.

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.

Detecting and Preventing Privilege- Escalation on Android Jiaojiao Fu 1.

D2Taint: Differentiated and Dynamic Information Flow Tracking on Smartphones for Numerous Data Sources Boxuan Gu, Xinfeng Li, Gang Li, Adam C. Champion,

Authors: William Enck The Pennsylvania State University Peter Gilbert Duke University Byung-Gon Chun Intel Labs Landon P. Cox Duke University Jaeyeon Jung.

All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영

Presented by: Kushal Mehta University of Central Florida Michael Spreitzenbarth, Felix Freiling Friedrich-Alexander- University Erlangen, Germany michael.spreitzenbart,

Chapter 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System.

Chapter 6 Operating System Support. This chapter describes how middleware is supported by the operating system facilities at the nodes of a distributed.

Operating Systems  A collection of programs that  Coordinates computer usage among users  Manages computer resources  Handle Common Tasks.

Composition and Evolution of Operating Systems Introduction to Operating Systems: Module 2.

Rensselaer Polytechnic Institute CSCI-4210 – Operating Systems CSCI-6140 – Computer Operating Systems David Goldschmidt, Ph.D.

CS 390- Unix Programming Environment CS 390 Unix Programming Environment Topics to be covered: Distributed Computing Fundamentals.

University of Central Florida TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Written by Enck, Gilbert,

Silberschatz, Galvin and Gagne  Operating System Concepts Chapter 3: Operating-System Structures System Components Operating System Services.

Lecture 3 Process Concepts. What is a Process? A process is the dynamic execution context of an executing program. Several processes may run concurrently,

Introduction to dCache Zhenping (Jane) Liu ATLAS Computing Facility, Physics Department Brookhaven National Lab 09/12 – 09/13, 2005 USATLAS Tier-1 & Tier-2.

Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3.

ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.

The Amiga Operating System: Past and Present Aaron Hensley Kayla Zinn Brad Campbell Gregory Mathurin Josh Benson.

Android Security Extensions. Android Security Model Main objective is simplicity Users should not be bothered Does the user care? Most do not care…until.

November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:

1 3 Computing System Fundamentals 3.3 Computer Systems.

Lecture 1: Network Operating Systems (NOS) An Introduction.

Major OS Components CS 416: Operating Systems Design, Spring 2001 Department of Computer Science Rutgers University

Mike Switlick. Overview What is a covert channel? Storage / Timing Requirements Bunratty attack Covert_tcp Questions.

Embedded Real-Time Systems Processing interrupts Lecturer Department University.

OPERATING SYSTEM REVIEW. System Software The programs that control and maintain the operation of the computer and its devices The two parts of system.

CSCI/CMPE 4334 Operating Systems Review: Exam 1 1.

1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.

System Components Operating System Services System Calls.

CT101: Computing Systems Introduction to Operating Systems.

CMPS Operating Systems Prof. Scott Brandt Computer Science Department University of California, Santa Cruz.

Android’s Malware Attack, Stealthiness and Defense: An Improvement Mohammad Ali, Humayun Ali and Zahid Anwar 2011 Frontiers of Information Technology.

Introduction to Operating Systems Concepts

Chapter 4 – Thread Concepts

Hands-On Microsoft Windows Server 2008

Outline What does the OS protect? Authentication for operating systems

TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime Sadiq Basha.

Chapter 4 – Thread Concepts

Introduction to Operating System (OS)

Outline What does the OS protect? Authentication for operating systems

File Management.

Basic Concepts Protection: Security:

Chapter 2: Operating-System Structures

Operating Systems: A Modern Perspective, Chapter 3

Co-designed Virtual Machines for Reliable Computer Systems

OPERATING SYSTEMS STRUCTURES

Chapter 2: Operating-System Structures

Presentation transcript:

Analysis of the Communication between Colluding Applications on Modern Smartphones Claudio Marforio 1, Hubert Ritzdorf 1, Aurélien Francillon 2, Srdjan Capkun 1 1 Institute of Information Security, ETH Zurich 2 Networking and Security Group, Eurecom Annual Computer Security Applications Conference (ACSAC) 2012 左昌國 10/29, 2012, ADLab, NCU

Introduction Channels Classification Channels Overt Channels in Android Covert Channels in Android Communication Channel with External Agents Results of the Analysis Existing Tools TaintDroid XManDroid Mitigation Techniques Conclusion Outline 2

Permission-based security models Assumption: Apps can be independently restricted in accessing resources and then safely composed on a single platform Collusion Attacks SoundComber (link)link Introduction 3 channel

This paper… demonstrates the practicality of application collusion attacks on Android measures the throughput of these attacks confirms that TaintDroid and XManDroid still fail to detect several of the implemented channels proposes countermeasures which limit the throughput Introduction 4

Application API: Android’s Java API, Windows Phone 7 C# / Silverlight APIs, iOS’s Object-C API OS Native calls Hardware Exploiting hardware functionalities Channels Classification 5

Shared Preferences (Application) The sink app uses an API to create an Android preference XML file World-readable and world-writable The source app writes ASCII data to it Internal Storage (Application) The source app writes a world-readable file to the internal storage The sink app reads it External Storage (Application) WRITE_EXTERNAL_STORAGE Overt Channels in Android 6

Broadcast Intents (Application) The source app adds private data as extra payload to a broadcast message The sink app registers itself to receive the message System Log (Application) The source writes a specially-crafted message to the system log The sink reads to extract the information READ_LOGS 4000 characters limit Overt Channels in Android 7

UNIX Socket Communication (OS) The source sends the data through a UNIX socket that the sink app opened Overt Channels in Android 8

Single and Multiple Settings (Application) The source modifies a general setting on the phone and the sink reads it SoundComber Multiple settings can be changed at the same time to achieve higher throughput Most settings can be changed without permissions Type of Intents (Application) The source sends a broadcast message to the sink and encodes the data into the type of the intent Flags, action, particular extra data Covert Channels in Android 9

Automatic Intents (Application/OS) The source modifies particular settings that trigger automatic broadcasts by the system to registered apps The vibration setting in SoundComber Ex: vibration on = 1; vibration off = 0 Threads Enumeration (OS) The source spawns a number of threads and the sink reads how many threads are currently active for the source app /proc filesystem Covert Channels in Android 10

UNIX Socket Discovery (OS) The source uses 2 sockets, a synchronization socket and a communication socket The sink checks if the source communication socket is open, and infer the transferred bit The synchronization socket is open if the communication socket can be checked Covert Channels in Android 11

Free Space on Filesystem (OS) The source app writes or deletes data on the disk to encode the information Ex: the source allocates 3 blocks to encode a ‘1’ and clears 3 blocks to encode a ‘0’ The sink checks the available blocks at predefined time intervals 75ms for Nexus One; 100ms for Galaxy S Bit-errors percentages 0.01% (Nexus One) 0.03% (Galaxy S) Covert Channels in Android 12

Reading /proc/stat (OS) The source app performs some computations, while the sink monitors the processor usage statistics Covert Channels in Android 13

Timing Channel (Hardware) The source runs CPU-intensive tasks as to send bit ‘1’ The sink continuously runs computation-intensive operations and records the time required to complete them An initial learning period is used to benchmark the system behavior Majority vote(out of 5) to eliminate noise Transmitting time interval: 6ms (Nexus One) Bit-errors percentages 0.10% (Nexus One) 0.05% (Galaxy S) Covert Channels in Android 14

Processor Frequency (Hardware) Similar to Timing Channel Improving the throughput and reducing the synchronization time Dynamic Frequency Scaling Source: the same as in the case of Timing Channel The sink monitors the trend of the processor frequency and decodes the current bit Afterward, the source waits for the CPU to “slow down” before the next transmission Bit-errors percentages 0.14% (Nexus One) 4.67% (Galaxy S) Covert Channels in Android 15

Covert Channels in Android 16

Similar to Processor Frequency covert channel The source either tries to increase the processor frequency or sleeps The sink measures how many dummy RC4 operations it can perform in a fix time period 1.29 bps (Nexus One) Communication Channel With External Agents 17

Low throughput: Timing channel (3.70 bps) GPS coordinates: 19.4 sec 135 byte contacts: sec Processor Frequency (4.88 bps) GPS coordinates: 14.8 sec 135 byte contacts: sec High throughput: Type of Intents or UNIX Socket Discovery Less than a second Results of the Analysis 18

Overt Channels Internal Storage and Broadcast Intents … ok External Storage The external storage uses the FAT filesystem w/o extended attributes Shared Preferences System Log TaintDroid is not currently capable to extend tagging to native code Removing the taint from tainted variables n-way Switch Statement: Mbps Java Exception Handling: kbps File-based: 680 bps Timing-based: 98 bps Existing Tools: TaintDroid 19

Policy enforcement Modifying the Android reference monitor to check for direct IPC calls at runtime indirect communication through Android system components The prototype successfully detected all Overt Channels except the System Log channel XManDroid would be able to detect the System Log channel Covert Channels Type of Intents and UNIX Socket Discovery … ok Reading /proc/stat and Threads Enumeration … ok Free Space on Filesystem, Processor Frequency, and Timing Channel Existing Tools: XManDroid 20

General Purpose Techniques User control on private data access Limiting APIs Limiting Multitasking Application Review Policy-Based Installation Strategy Application-Level Channels Operating-System-Level Channels Hardware-Level Channels REQUIRE_PRECISE_TIMING Mitigation Techniques 21

Collusion attacks against the permission-based mechanisms are a serious threat Covert channels with low throughput are sufficient to leak private data Current solutions do not provide a complete solution Conclusion 22