Android Declassification Infrastructure Matan David Yuval Evron Project Advisor: Roei Schuster 1.

Slides:



Advertisements
Similar presentations
MicroKernel Pattern Presented by Sahibzada Sami ud din Kashif Khurshid.
Advertisements

Prepared by: Prepared by: Jameela Rabaya Jameela Rabaya Fatima Darawsha Fatima Darawsha.
Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Advanced Techniques in Forensic Examination of Smartphones (C) Oxygen Software,
U N C L A S S I F I E D LA-UR LANL Exchange / Blackberry Deployment June 2, 2009 Anil Karmel Solutions Architect Network and Infrastructure Engineering.
28.2 Functionality Application Software Provides Applications supply the high-level services that user access, and determine how users perceive the capabilities.
SOCIAL NETWORK INFORMATION CONSOLIDATION Developers:  Klasquin Tomer  Nisimov Yaron  Rabih Erez Advisors:  Academic: Prof. Elovici Yuval  Technical:
DeVry University Donelle Vance. GRAB - The Cross Platform iPhone, iPad & Android Phone Sharing Application August 2011.
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets with Internet Applications, 4e By Douglas.
SMS. Short Message Service – Primarily text messages between mobile phones – First one sent December 3, 1982 “Merry Christmas” – In 2008 Approximately.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
Advanced Techniques in Forensic Examination of Smartphones 2012 (C) Oxygen Software,
Selling Pre-Owned Medical Equipment On MedWOW.com.
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
Winner Follow Me Presented by Telecom Transborder Services.
Android Declassification Infrastructure Matan David Yuval Evron Project Advisor: Roei Schuster 1.
 An electrical device that sends or receives radio or television signals through electromagnetic waves.
Android Security What is out there? Waqar Aziz. Android Market Share - I 2.
Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC.
A+ Certification Guide Chapter 10 Mobile Devices.
Presence Applications in the Real World Patrick Ferriter VP of Product Marketing.
Presentation By Deepak Katta
Introduction to Comcare’s Customer Information System Presentation.
Introduction Our Topic: Mobile Security Why is mobile security important?
Improving organizational communication with advanced Outlook features SCPS Market Research Solutions SCPS Nick Riedel December 17, 2013.
Introduction to Android Swapnil Pathak Advanced Malware Analysis Training Series.
Ken Dorsey KA8OAD. What is EchoLink? The simple answer is EchoLink software uses VoIP technology to link ham radio stations together around the world.
Module 8: Managing Client Configuration and Connectivity.
All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영
Open Exchange 7 The Collaborative Suite For All Your Needs.
Web Migration Project Update for ATC April 28, 2009.
Phones and fieldTask. Session Objective Be familiar with: – selecting smart phones for a survey, – configuring them – and using them – fieldTask (c) Smap.
Leveraging The Telecom Transition to IP Communications Infrastructure CANTO June 2005 Dennis Haar President & CEO.
CASE STUDY 1: Linux and Android Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Mobile Application Development using Android Lecture 2.
NEARBY: HYBRID NETWORK MOBILE APPLICATION Shuai Zhang, Ziwen Zhang, Jikai Yin.
GEOREMINDERS ANDROID APPLICATION BY: ADRIENNE KECK.
Telephony and sms API’S. Objective Telephony ➤ Initiating phone calls ➤ Reading the phone, network, data connectivity, and SIM states ➤ Monitoring changes.
© 2016 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Android Boot Camp.
MAKANI ANDROID APPLICATION Prepared by: Asma’ Hamayel Alaa Shaheen.
Android Declassification Infrastructure Matan David Yuval Evron Project Advisor: Roei Schuster 1.
Basics of testing mobile apps
The Client-Server Model And the Socket API. Client-Server (1) The datagram service does not require cooperation between the peer applications but such.
Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.
Cosc 4735 Primer: Marshmallow Changes and new APIs in android 6.0 (api 23)
Services Background operating component without a visual interface Running in the background indefinitely Differently from Activity, Service in Android.
Security API discussion Group Name: SEC Source: Shingo Fujimoto, FUJITSU Meeting Date: Agenda Item: Security API.
Mobile Phone Forensics Michael Jones. Overview Mobile phones in crime The mobile phone system Components of a mobile phone The challenge of forensics.
Collecting Copyright Transfers and Disclosures via Editorial Manager™ -- Editorial Office Guide 2015.
By: Collin Molnar. Overview  Intro to Android  Security basics  Android architecture  Application isolation  Application permissions  Physical access.
BLACKBERRY TECHNOLOGY PRESENTED BY SHAIK TABREZ (09J01A1225 )
“ Unleash the power of trusted collaboration” PortalTalk is a ready-made and complete solution for trusted collaboration in the cloud. It seamlessly integrates.
The Ingredients of Android Applications. A simple application in a process In a classical programming environment, the OS would load the program code.
By Hello Team Awesome World™.  To avoid strangers using others’ keys, cards, and passwords to enter the buildings, our team will develop a face recognition-based.
1. 2 Android location services Determining a device’s current location Tracking device movements Proximity alerts.
Facebook privacy policy
Content Providers And Content Resolvers
Android System Security
Design Your Own Android App
MICROSOFT OUTLOOK and Outlook service Provider
Content Providers.
Android Programming Lecture 9
Skyhigh Enables Enterprises to Use Productivity Tools of Microsoft Office 365 While Meeting Their Security, Compliance & Governance Requirements Partner.
OPERATING SYSTEMS.
Get Enterprise-Grade Call Handling and Control for Microsoft Office 365 and Skype for Business with the Bridge Boss-Admin Executive Console OFFICE 365.
The Nelson Medical Practice Privacy Notice
Personal Mobile Device Acceptable Use Policy Training Slideshow
Presentation transcript:

Android Declassification Infrastructure Matan David Yuval Evron Project Advisor: Roei Schuster 1

A Short Reminder… Android’s built-in permissions are very coarse grained. We aim to provide a better solution at the application level (without having to change the OS). Security is of the essence. 2

A Short Reminder… We introduced a new permission mechanism – “A Declassifier”. The Declassifier would request high permission levels, while exporting lower, finer grained, permissions to third parties. 3

Android’s Security Model Android is a Linux-based OS. Unlike other popular Oses, in Android each app runs in a separate process under a distinct UID. Android offers several ways for apps to communicate with one another (IPC). There are several ways to implement IPC. We chose to use BroadcastReceivers and Intents. 4

BroadcastReceiver Utilizes Android’s permissions mechanism. Filters incoming intents by caller permissions. (i.e. Does this app have sufficient permissions?) Enables a callback mechanism which allows sending back the answer privately. Each 3 rd party app creates its own BroadcastReceiver to handle the returned result. 5

BroadcastReceiver – A Closer Look Upon installation, our Declassifier requests all of the Native OS permissions it plans on using. In the Manifest, the Declassifier creates custom permissions that the 3 rd party apps will need to use. 6 Declassifier PHONE_STATE_READ_SIM_SERIAL_NUMBER_PERMISSION PHONE_STATE_READ_SUBSCRIBER_ID_PERMISSION PHONE_STATE_READ_DEVICE_ID_PERMISSION PHONE_STATE_READ_PHONE_TYPE_PERMISSION PHONE_STATE_READ_CALL_STATE_PERMISSION APP OS READ_PHONE_STATE

BroadcastReceiver – A Closer Look Upon installation, the 3 rd party app requests only the permissions it needs from the Declassifier (It never asks for a Native OS permission). 7

BroadcastReceiver – A Closer Look The app sends a BroadcastReceiver request, with all the information encapsulated inside an Intent. Intent i = new Intent("com.example.Declassifier.CALENDAR_EVENT_BY_TITLE_ACTION"); i.putExtra("Title",titleNameStr); One of the parameters the app supplies in the request, is a custom BroadcastReceiver which will handle the Declassifier’s result (The Callback mechanism). 8

BroadcastReceiver – A Closer Look Calendar_App_GetEventByTitle_BR eventByTitleReceiver = new Calendar_App_GetEventByTitle_BR(); sendOrderedBroadcast(i,"android.permission.READ_CALENDAR", eventByTitleReceiver, null, Activity.RESULT_OK, null, null); At this stage, the Declassifier filters out requests which to not satisfy the relevant permissions. In a similar way, the 3 rd party app filters out returned results from unauthorized sources. With this model, we ensure that Intents reach the designated destination and make their way back securely. 9

Where We Are Today Contacts Calendar SD Card Phone State 10

Contacts 1.Contact phone by Name. 2.Contact address by Name. 3.Contact address by Name. 4.Contact picture by Name. Queries are interchangeable (you can search for contact name by phone number as well). 11

Calendar 1. Calendar Event by Title 2. Calendar Event by Date 3. Calendar Event by Location Some queries may produce several results. i.e. entering “June” as a date will present all event in the month of June. 12

SD Card Management 1.Each application gets its own folder using its unique UID. 2.Writing and Reading is limited to this folder only, using the Declassifier’s interface. Now no application is granted the WRITE_EXTERNAL_STORAGE permission and thus, can not manipulate the information on the SD Card. 13

Phone State READ_PHONE_STATE permission may seem a bit vague to the average user. It actually grants access to many of the phone’s settings (IMEI, IMSI, Cellular data connection state, Call state, Sim serial number, etc.). Our Declassifier subdivides the READ_PHONE_STATE permission to sub permissions. 14

Stay Tuned…. Audio Record Requests – We found that when granted RECORD_AUDIO permission, audio recording is possible at any time without any user consent. Wifi – The ACCESS_WIFI_STATE permission grants the app the ability to know the wireless connection’s current state, to connect to a Wi-Fi network, etc. These permissions present a security risk, as well as a coarse permission granularity as to how applications may use the Wi-Fi / Audio devices on the Android Phone. 15

Phone State Demo 16

Phone State Demo 17

Phone State Demo 18

Phone State Demo 19

Phone State Demo 20

Phone State Demo 21

Phone State Demo 22

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.