L.C.Smith College of Engineering and Computer Science Efficient, Context-Aware Privacy Leakage Confinement for Android Applications without Firmware Modding.

Slides:



Advertisements
Similar presentations
Enhancing Users’ Comprehension of Android Permissions Liu Yang, Nader Boushehrinejad, Pallab Roy, Vinod Ganapathy, Liviu Iftode Department of Computer.
Advertisements

Aurasium: Practical Policy Enforcement for Android Applications
L.C.Smith College of Engineering and Computer Science AppSealer : Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking.
Compiler Optimized Dynamic Taint Analysis James Kasten Alex Crowell.
2014 Network and Distributed System Security Symposium AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijecking.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.
Mobile Security: Android Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the last slide.
William Enck, Peter Gilbert, Byung-Gon Chun, Landon P
Machigar Ongtang, Stephen McLaughlin, William Enck, Patrick McDaniel Department of Computer Science and Engineering The Pennsylvania State University ACSCA.
Rootkits on Smart Phones: Attacks, Implications and Opportunities Jeffrey Bickford, Ryan O’Hare, Arati Baliga, Vinod Ganapathy, and Liviu Iftode Department.
Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson.
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.
1 Low Overhead Program Monitoring and Profiling Department of Computer Science University of Pittsburgh Pittsburgh, Pennsylvania {naveen,
ReferencesReferences DiscussionDiscussion Vulnerability Example: SQL injection Auditing Tool for Eclipse LAPSE: a Security Auditing Tool for Eclipse IntroductionIntroductionResultsResults.
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.
Polyglot: An Extensible Compiler Framework for Java Nathaniel Nystrom, Michael R. Clarkson, and Andrew C. Myers Presentation by Aaron Kimball & Ben Lerner.
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
Automatic Creation of SQL Injection and Cross-Site Scripting Attacks 2nd-order XSS attacks 1st-order XSS attacks SQLI attacks Adam Kiezun, Philip J. Guo,
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
William Enck, Machigar Ongtang, and Patrick McDaniel.
Efficient Privilege De-Escalation for Ad Libraries in Mobile Apps Bin Liu (SRA), Bin Liu (CMU), Hongxia Jin (SRA), Ramesh Govindan (USC)
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.
Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis Authors: Heng Yin, Dawn Song, Manuel Egele, Christoper Kruegel, and.
Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang Department of Computer Science North Carolina State University CCS 2013.
Enhancing User Privacy on Android Devices Bachelor of Computer Science (Honours) Name: Quang Do Supervisor: Raymond Choo Associate Supervisor: Ben Martini.
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)
Harvesting Developer Credentials in Android Apps
Authors: William Enck The Pennsylvania State University Peter Gilbert Duke University Byung-Gon Chun Intel Labs Landon P. Cox Duke University Jaeyeon Jung.
SUPOR : Precise and Scalable Sensitive User Input Detection for Android Apps Jianjun Huang, Zhichun Li, Xusheng Xiao, Zhenyu Wu, Kangjie Lu, Xiangyu Zhang,
Presented by: Tom Staley. Introduction Rising security concerns in the smartphone app community Use of private data: Passwords Financial records GPS locations.
A Presentation Of TaintDroid & Related Topics
University of Central Florida TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Written by Enck, Gilbert,
AppShield: A Virtual File System in Enterprise Mobility Management Zhengyang Qu 1 Northwestern University, IL, US,
Security Issues in Distributed Heterogeneous Systems Somesh Jha Computer Sciences Department University of Wisconsin Madison, WI
An Offloaded Dynamic Taint Analysis Approach for Privacy Leakage Detection on Android Hui Xu 1.
PORSCHA PORSCHA : POLICY ORIENTED SECURE CONTENT HANDLING IN ANDROID Machigar Ongtang, Kevin Butler, Patrick McDaniel Dhurakij Pundit University, University.
Android Security Extensions. Android Security Model Main objective is simplicity Users should not be bothered Does the user care? Most do not care…until.
BEGINNING PROGRAMMING.  Literally – giving instructions to a computer so that it does what you want  Practically – using a programming language (such.
FireDroid: Hardening Security in Almost-Stock Android Presented By: Kenneth Siu.
Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.
Hui Xu, Yangfan Zhou, Cuiyun Gao, Yu Kang, Michael R. Lyu
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.
CRePE: Context-Related Policy Enforcement for Android Mauro Conti, Vu Thien Nga Nguyen and Bruno Crispo Proceedings of the 13 th International Conference.
Challenges.
Enhancing Mobile Apps to Use Sensor Hubs without Programmer Effort Haichen Shen, Aruna Balasubramanian, Anthony LaMarca, David Wetherall 1.
1 Android malicious apps about privacy leakage 1. Impracticability and hazards of security enhanced Android framework ҉ Many apps,even benign ones, could.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style JFlow: Practical Mostly-Static Information Flow Control.
NTHU CS ISLAB 國立清華大學 資訊工程研究所 資訊安全實驗室 Semantically Rich Application- Centric Security in Android Machigar Ongtang, Stephen McLaughlin, William Enck and.
DeepDroid Dynamically Enforcing Enterprise Policy Manwoong (Andy) Choi
AppAudit Effective Real-time Android Application Auditing Andrew Jeong
Better Performance Through Thread-local Emulation Ali Razeen, Valentin Pistol, Alexander Meijer, and Landon P. Cox Duke University.
Phoenix Based Dynamic Slicing Debugging Tool Eric Cheng Lin Xu Matt Gruskin Ravi Ramaseshan Microsoft Phoenix Intern Team (Summer '06)
Authors: William Enck & Patrick McDaniel In collaboration with: Duke University and Intel Labs Presentation: Ed Novak 1.
Optimistic Hybrid Analysis
Security and Programming Language Work on SmartPhones
Understanding Android Security
Android System Security
TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime Sadiq Basha.
Taint tracking Suman Jana.
Methodologies for Data Preservation in IoT Platform
All You Ever Wanted to Know About Dynamic Taint Analysis & Forward Symbolic Execution (but might have been afraid to ask) Edward J. Schwartz, Thanassis.
Mobile Computing With Android ACST 4550 Toast
Can Carlak, Jiwon Joung, Brandon Nguyen, Won Park
Mobile App Advertisements
Understanding Android Security
Presentation transcript:

L.C.Smith College of Engineering and Computer Science Efficient, Context-Aware Privacy Leakage Confinement for Android Applications without Firmware Modding Mu Zhang Heng Yin Department of EECS, Syracuse University 1

Motivation: We need a practical solution for privacy leakage confinement in Android What does a practical solution mean? – Information-flow based security Most of existing solutions are end-point solutions – Context-aware policy enforcement Existing solutions are all-or-nothing protection – No firmware modding All existing solutions require firmware modding – Low runtime overhead Taint tracking is slow! 2

Capper: Context-Aware Privacy Policy Enforcement with Re-writing Key Techniques – Bytecode Rewriting for Information Flow Tracking and Control – Context-aware Policy Enforcement 3

BRIFT : Bytecode Rewriting for Information Flow Tracking and Control Key: to place minimally required code into a bytecode program to accurately keep track of privacy leakage. Resources DEX Android App Translation IR Static Analysis Slices Static Instrumentation New IR Optimization Optimized IR Code Generation Resources DEX’ New App 4

BRIFT : Some Technical Details Static Data-flow Analysis – Similar to CHEX[Lu et al. CCS’12] – Discover entry points, compute program splits, and perform permutation on the splits Static Instrumentation – Create shadow variables – Insert taint propagation statements – Pass shadow parameters across function boundary Optimization – Remove unnecessary shadow parameters – Lift taint propagation logic into the function caller – Other built-in optimizations, such as constant propagation, dead code elimination, etc. 5

BRIFT : A Running Example 1 public class Leakage extends Activity{ 2 private byte key = DEFAULT_KEY; 3 private String addr = DEFAULT_ADDR; 4 private static String deviceId; 5 6 public String getIMEI (){ 7 TelephonyManager manager = (TelephonyManager) getSystemService(“phone”); 8 String imei = manager.getDeviceId(); 9 if(imei==null){ 10 imei = “”; 11 }else{ 12 imei = manager.getDeviceId(); 13 } 14 return imei; 15 } public byte crypt(byte plain){ 18 return (byte)(plain ^ key); 19 } public void post (String addr, byte[] bytes ){ 22 OutputStream output = conn.getOutputStream(); 23 output.write( bytes, 0, bytes.length); } public void toastIMEI(String imei){ 28 Context app = getApplicationContext(); 29 String text = “Your IMEI is ” + imei; 30 int duration = Toast.LENGTH_SHORT; 31 Toast toast = Toast.makeText(app, text, duration); 32 toast.show(); 33 } public void onStart (){ 36 Leakage.deviceId = getIMEI (); 37 } public void onResume(){ 40 toastIMEI(Leakage.deviceId); 41 } public void onDestroy (){ 44 String imei = Leakage.deviceId; 45 byte[] bytes = location.getBytes(); 46 for(int i=0; i<bytes.length; i++) 47 bytes[i] = crypt(bytes[i]); 48 } 49 post ( addr, bytes ); 50 } 51} 6

BRIFT: the Rewritten Program 7 1 public class Leakage extends Activity{... 4 private static String deviceId; I public static boolean deviceId_s0_t;... BoolWrapper ret_s0_wrapper 6 public String getIMEI(BoolWrapper ret_s0_wrapper){... 8 String imei = manager.getDeviceId(); 9 if(imei==null){ 10 imei = “”; I imei_s0_t = false; 11 }else{ 12 imei = manager.getDeviceId(); I imei_s0_t = true; 13 } I ret_s0_wrapper.status = imei_s0_t; 14 return imei; 15 } public void post(String addr, byte[] bytes, BoolWrapper bytes_s0_w){ BoolWrapper bytes_s0_w){ I boolean bytes_s0_t = bytes_s0_wrapper.status; 22 OutputStream output = conn.getOutputStream(); I boolean isAllow = false; I if(bytes_s0_t == true) I isAllow = queryPolicyService(0, 0, addr); I if(isAllow) 23 output.write(bytes, 0, bytes.length);} I else{} I else{...} } public void onStart(){ I BoolWrapper ret_s0_wrapper = new BoolWrapper(); I ret_s0_wrapper.status = false; ret_s0_wrapper 36 Leakage.deviceId = getIMEI(ret_s0_wrapper); I Leakage.deviceId_s0_t = ret_s0_wrapper.status; 37 } public void onDestroy(){ 44 String imei = Leakage.deviceId; 45 byte[] bytes = imei.getBytes(); I boolean bytes_s0_t = Leakage.deviceId_s0_t; 46 for(int i=0,; i< bytes.length; i++){ 47 bytes[i] = crypt(bytes[i]); I bytes_s0_t = bytes_s0_t || false; 48 } I BoolWrapper bytes_s0_wrapper = new BoolWrapper(); I bytes_s0_wrapper.status = bytes_s0_t; P BoolWrapper url_s0_w = new BoolWrapper(); 49 post(addr, bytes, bytes_s0_wrapper); 50 } 51 } See more details in our NDSS’14 paper

Context-Aware Policy: How to model the context of an information flow Taint Propagation Trace – Heavy-weight – Overly precise Source and Sink Call-sites – Light-weight – Mimicry attack? Parameterized Source and Sink Pairs 8

Evaluation: Overview 4723 apps real-world apps evaluated – 1414 (33%) are risky (may leak information) – Increase of Program Size – Runtime Performance of Analysis and Rewriting – Runtime Overhead – Effectiveness 9

Related Work Extend install-time constraints – Kirin, CCS’09; Saint, ACSAC’09 Enforce finer-grained/flexible permissions – MockDroid, HotMobile’11; CRePE, ISC’10; Apex, ASIACCS’10; TISSA, TRUST’11 Improve isolations – Cells, SOSP’11; SPSM’11; AdSplit, Usenix Security’12 Ask for user approval – Livshits and Jung, Usenix Security’13; Aurasium, Usenix Security’12 Information flow based solution – TaintDroid, OSDI’10; AppFence, CCS’11 10

Conclusion: We achieved four goals G1: Information-flow based security – Yes, we track sensitive information flow by rewriting G2: Context-aware policy enforcement – Yes, we model the context of an information flow, and bind this context with user’s decision G3: No firmware modding – Yes, we only rewrite apps and install a policy service G4: Low runtime overhead – Yes, we only insert a minimal amount of code to keep track of sensitive information flow 11

Questions? 12

Related Work [1] W. Enck, M. Ongtang, and P. McDaniel. On Lightweight Mobile Phone Application Certification. In Proceedings of CCS’09. [2] M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel. Semantically Rich Application-Centric Security in Android. In Proceedings of ACSAC’09. [3] A. R. Beresford, A. Rice, N. Skehin, and R. Sohan. MockDroid: Trading Privacy for Application Functionality on Smartphones. In Proceedings of HotMobile’11. [4] M. Conti, V. T. N. Nguyen, and B. Crispo. CRePE: Context-Related Policy Enforcement for Android. In Proceedings of ISC’10. [5] M. Nauman, S. Khan, and X. Zhang. Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints. In Proceedings of ASIACCS’10. [6] Y. Zhou, X. Zhang, X. Jiang, and V. W. Freeh. Taming Information-Stealing Smartphone Applications (on Android). In Proceedings of TRUST’11. [7] J. Andrus, C. Dall, A. V. Hof, O. Laadan, and J. Nieh. Cells: A Virtual Mobile Smartphone Architecture. In Proceedings of SOSP’11. [8] M. Lange, S. Liebergeld, A. Lackorzynski, A. Warg, and M. Peter. L4Android: A Generic Operating System Framework for Secure Smartphones. In Proceedings of SPSM’11. [9] S. Shekhar, M. Dietz, and D. S. Wallach. AdSplit: Separating Smartphone Advertising from Applications. In Proceedings of Usenix Security ’12. [10] B. Livshits and J. Jung. Automatic Mediation of Privacy-Sensitive Resource Access in Smartphone Applications. In Proceedings of Usenix Security’13. [11] R. Xu, H. Saïdi, and R. Anderson. Aurasium: Practical Policy Enforcement for Android Applications. In Proceedings of USENIX Security’12. [12] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of OSDI’10. [13] P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall. These Aren’t The Droids You’re Looking For: Retrofitting Android to Protect Data from Imperious Applications. In Proceedings CCS’11. 13

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.