DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Fall 2015 Instructor: Kun Sun, Ph.D.

Slides:



Advertisements
Similar presentations
Android Application Development A Tutorial Driven Course.
Advertisements

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)
FireDroid: Hardening Security in Almost-Stock Android Giovanni Russello, Arturo Blas Jimenez, Habib Naderi, Wannes van der Mark 1 University of Auckland,
PScout: Analyzing the Android Permission Specification
DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis Lok Kwong Yan, and Heng Yin Syracuse University.
Android architecture overview
Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.
Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.
By : Versha Thakur Shravani Aishwarya
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson.
Middleware Technologies compiled by: Thomas M. Cosley.
Chapter 13 Embedded Systems
Figure 1.1 Interaction between applications and the operating system.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.
Android An open handset alliance project Janice Garcia September 18, 2008 MIS 304.
@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.
Introduction to Android Platform Overview
Case study 2 Android – Mobile OS.
CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
Android Middleware Bo Pang
Presentation By Deepak Katta
Mobile Application Development with ANDROID Tejas Lagvankar UMBC 29 April 2009.
About me Yichuan Wang Android Basics Credit goes to Google and UMBC.
Introduction to Android Swapnil Pathak Advanced Malware Analysis Training Series.
Enhancing User Privacy on Android Devices Bachelor of Computer Science (Honours) Name: Quang Do Supervisor: Raymond Choo Associate Supervisor: Ben Martini.
Android Introduction Based on slides made by
Authors: William Enck The Pennsylvania State University Peter Gilbert Duke University Byung-Gon Chun Intel Labs Landon P. Cox Duke University Jaeyeon Jung.
@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.
Chapter 6 Operating System Support. This chapter describes how middleware is supported by the operating system facilities at the nodes of a distributed.
01. Introduction to Android Prof. Oum Saokosal Master of Engineering in Information Systems, South Korea
Permission Evolution in the Android Ecosystem Xuetao Wei, Lorenzo Gomez, Iulian Neamtiu, Michalis Faloutsos Department of Computer Science and Engineering.
CASE STUDY 1: Linux and Android Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Android for Java Developers Denver Java Users Group Jan 11, Mike
AppShield: A Virtual File System in Enterprise Mobility Management Zhengyang Qu 1 Northwestern University, IL, US,
SEMINOR. INTRODUCTION 1. Middleware is connectivity software that provides a mechanism for processes to interact with other processes running on multiple.
ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.
Android Security Model that Provide a Base Operating System Presented: Hayder Abdulhameed.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
07/09/04 Johan Muskens ( TU/e Computer Science, System Architecture and Networking.
Symphony A Java-Based Composition and Manipulation Framework for Computational Grids Dennis Kafura Markus Lorch This work is supported by the Virginia.
Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.
1 Distributed Systems Distributed Object-Based Systems Chapter 10.
Cosc 4735 Permissions Asking for them in API 23+.
1 Android Workshop Platform Overview. 2 What is Android?  Android is a software stack for mobile devices that includes an operating system, middleware.
Analysis And Research Of System Security Based On.
A Multi-Dimensional Configurable Access Control Framework for Mobile Applications By: Yaira K. Rivera Sánchez Major Advisor: Steven A. Demurjian.
DeepDroid Dynamically Enforcing Enterprise Policy Manwoong (Andy) Choi
Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java.
COMPSCI 702 DeepDroid Dynamically Enforcing Enterprise Policy on Android Devices Presenter: Jie Yuan (Jeff)
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
ANDROID ACCESS CONTROL Presented by: Justin Williams Masters of Computer Science Candidate.
Android Mobile Application Development
Segments Introduction: slides 2–6, 8 10 minutes
Android Application -Architecture.
Chapter 4: Threads.
Visit for more Learning Resources
Boxify: Full-fledged App Sandboxing for Stock Android
Android System Security
AppShield: Enabling Multi-entity Access Control Cross Platforms for Mobile App Management Zhengyang Qu1, Guanyu Guo2, Zhengyue Shao2, Vaibhav Rastogi3,
Operating System Structure
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S
Suwen Zhu, Long Lu, Kapil Singh
Application Development A Tutorial Driven Course
Chapter 17: Client/Server Computing
Chapter 2: Operating-System Structures
Android Introduction Platform Mihail L. Sichitiu.
Understanding Android Security
Chapter 2: Operating-System Structures
Presentation transcript:

DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Fall 2015 Instructor: Kun Sun, Ph.D.

Roadmap  Introduction  Overview  DeepDroid-Permission  DeepDroid-Behavior  Evaluation  Conclusion

Introduction  Smartphones are increasingly adopted in workspace  “51% of end users rely on smartphones to perform daily business activities.”——Cisco  However, Android devices are not easily managed for system design  Permission: Coarse and not configurable  Device Administration API  SEAndroid: legacy phones(85.8%<version 4.3), inadequate MAC in middleware

Current Status  Device OEMs add their own management APIs  Samsung SAFE & Knox  HTC APIs  3LM APIs  …  MDM vendors bustle about all these extended APIs

Current Research  Customize system to enforce policies  Require tremendous modification to source code  Portability issue for Android branches and OEMs  Rewrite Android apps  Intercept security sensitive APIs from multiple layers  Lack of isolation between App and management code

Roadmap  Introduction  Overview  DeepDroid-Permission  DeepDroid-Behavior  Evaluation  Conclusion

Overview  centralized controller  system_server for middleware permissions  client-server architecture  system services, content providers, etc.  Communication-Binder  RPC to services/Callbacks  Intent  Content Providers  Messengers  Ashmem  … system_server / system/bin/mediaserver com.android.phone android.process.acore android.process.media ……

Overview (cont.)  Operations inside of process boundary  Based on Linux system calls  Comply with Linux DAC  Linux privilege authorized right after process creation  setgroups/setresgid/setresuid Activity Manager Create process that can: read/write sdcard access network use camera read contacts

Our approach  Dynamic memory instrumentation / system/bin/mediaserver com.android.phone android.process.acore android.process.media …… system_server behavior extraction & enforcement flexible permission

Our approach (cont.)  System call tracking  Tracking process creation for privilege authorization  Tracking process operations zygote app1 app2 app3

Why our approach?  Stable system architecture  permission mechanism, system services, binder realization, etc.  Reduce source code modification to configuration  carry little burden on vendor customization  Central management  isolation  transparent to apps

Roadmap  Introduction  Overview  DeepDroid-Permission  DeepDroid-Behavior  Evaluation  Conclusion

DeepDroid-Permission  system_server is the core of permission mechanism.  A few checking interfaces Permission Check inter- process Monitoring Code  Enterprise Policy Repository system_server  Key: Java method redirection

DeepDroid-Permission

--runtime-init --setuid= setgid= setgroups=1015, 3003, 1006, 1007 android.app.ActivityThread DeepDroid-Permission  Some permissions (user groups) are checked in Kernel. system_server zygoteapp process monitoring fork 1: launch request 2: recognize app 3: reset groups & track until setuid

Roadmap  Introduction  Overview  DeepDroid-Permission  DeepDroid-Behavior  Evaluation  Conclusion

DeepDroid-Behavior  Interactions between apps and system services  ioctl(binderFd, BINDER_WRITE_READ, &bwr)  By tampering Global Offset Table (GOT) of libbinder.so access to services call-backs Intent ContentProviders Messenger ashmem …… app libc.so system_serverandroid.process.acore libbinder.so … Behavior Enforcement upper layers upper layers Binder driver

DeepDroid-Behavior  Synchronous invocation  E.g., getLastKnownLocation(), getDeviceId() return value requests system process BR_TRANSACTION BC_REPLY pairwise within binder thread interfaces defined in aidl & in.java reflect on write buffer

DeepDroid-Behavior  Asynchronous invocation  With oneway callback(e.g., onLocationChanged) callback value get a remote handle system process BC_TRANSACTION reflect on write buffer interfaces defined in aidl or in.java counterpart recognization 1)servicemanager 2)IBinder instances

DeepDroid-Behavior  Parameter types  IBinder: map remote handles to uid/pid  ParcelFileDescriptor: shared memory (content provider, media, etc.)  Parcelable: rebuild objects with built-in CREATOR

Roadmap  Introduction  Overview  DeepDroid-Permission  DeepDroid-Behavior  Evaluation  Conclusion

Tested Resources ResourcePermissionGroupPEP 1 Process IMEI READ_PHONE_STATE package com.android.phone Phone # READ_PHONE_STATE package location ACCESS_FINE_LOCATION packagesystem_server contacts READ_CONTACTS packageandroid.process.acore camera CAMERA camerapackage/ PCG 2 mediaserver account GET_ACCOUNTS packagesystem_server logs READ_LOGS log PCG 2 app process network INTERNET inetpackage/ PCG 2 SMS SEND_SMS package com.android.phone 1 PEP: permission enforcement point 2 PCG : Process Creation Guard

Tested Devices DeviceAndroid OS Nexus S(Samsung)Android OS Sony LT29iAndroid OS Android OS Galaxy Nexus(Samsung)Android OS 4.0 Samsung Galaxy Note IIAndroid OS 4.1 Samsung Galaxy Note 3Android OS 4.3 Nexus 5(LG)Android OS 4.4 Meizu MX IIFlyme 3.2 (Android OS 4.2.1) Huawei Honor 3cAndroid OS 4.2

Performance

Performance (cont.)

Normal Quadrant Traced Quadrant Normal CaffeineMark Trace CaffeineMark MX II LT29i Nexus S Benchmark Scores

Roadmap  Introduction  Overview  DeepDroid-Permission  DeepDroid-Behavior  Evaluation  Conclusion

Conclusion  We propose a framework to achieve a fine- grained control on Android resources.  DeepDroid dynamically instruments and traces core processes of Android system. Based on stable structures across multiple OS versions, DeepDroid is easily ported.  DeepDroid requires little firmware configuration rather than customizing Android source code.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.