CloudAppSec : Cloud Based Application Security for Android Applications Animesh Nandanwar85843974 Kshitij Desai 64167444 Mayuresh Randive26924684.

Slides:



Advertisements
Similar presentations
Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University.
Advertisements

The Threat Landscape Jan Threat Report 2.
Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.
3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.
Security of Mobile Applications Vitaly Shmatikov CS 6431.
Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.
ANDROID PROGRAMMING MODULE 1 – GETTING STARTED
William Enck, Machigar Ongtang, and Patrick McDaniel.
CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
Presentation By Deepak Katta
Motivation. Part of Deutsche Telekom project:
Introduction to Mobile Malware
Sophos Mobile Security
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.
Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang Department of Computer Science North Carolina State University CCS 2013.
Testing Tools. Categories of testing tools Black box testing, or functional testing Testing performed via GUI. The tool helps in emulating end-user actions.
박 종 혁 컴퓨터 보안 및 운영체제 연구실 Workshop on Mobile Security Technologies (MoST)
Byron Alleman Will Galloway Jesse McCall. Permission Based Security Model Users can only use features for which their permissions grant them access Abstracts.
Presented by: Kushal Mehta University of Central Florida Michael Spreitzenbarth, Felix Freiling Friedrich-Alexander- University Erlangen, Germany michael.spreitzenbart,
ANDROID Presented By Mastan Vali.SK. © artesis 2008 | 2 1. Introduction 2. Platform 3. Software development 4. Advantages Main topics.
{ Active Directory Security Why bother?.   Law #1: Nobody believes anything bad can happen to them, until it does   Law #2: Security only works if.
Attacking Applications: SQL Injection & Buffer Overflows.
CSE 548 Advanced Computer Network Security Document Search in MobiCloud using Hadoop Framework Sayan Cole Jaya Chakladar Group No: 1.
Android Security Auditing Slides and projects at samsclass.info.
Operating Systems Security
Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.
Title of Presentation DD/MM/YYYY © 2015 Skycure Why Are Hackers Winning the Mobile Malware Battle.
Sky Advanced Threat Prevention
Android Permissions Demystified
Dilip Dwarakanath.  The topic I’m about to present was taken from a paper titled “Apple iOS 4 Security Evaluation” written by Dino A Dai Zovi.  Dino.
Research data management using Globus ESIP Summer Meeting 2015 Rachana Ananthakrishnan University of Chicago
Security API discussion Group Name: SEC Source: Shingo Fujimoto, FUJITSU Meeting Date: Agenda Item: Security API.
THE WINDOWS OPERATING SYSTEM Computer Basics 1.2.
Lecture 2: Android Concepts
Modern Development Technologies in SharePoint SHAREPOINT SATURDAY OMAHA APRIL, 2016.
DeepDroid Dynamically Enforcing Enterprise Policy Manwoong (Andy) Choi
THREATS, VULNERABILITIES IN ANDROID OS BY DNYANADA PRAMOD ARJUNWADKAR AJINKYA THORVE Guided by, Prof. Shambhu Upadhyay.
Android and IOS Permissions Why are they here and what do they want from me?
Heat-seeking Honeypots: Design and Experience John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy and Martin Abadi WWW 2011 Presented by Elias P.
“What the is That? Deception and Countermeasures in the Android User Interface” Presented by Luke Moors.
The eCSG Mobile App Mario Torrisi INFN – Division of Catania 24 June 2013 Webinar on the eCSG 1.
(Part 1). Before we get started…  Why Facebook? Built in Audience ○ 800 Million users as of July 1 st 2011 ○ Users “share” applications with each other,
Input Validation vulnerabilities in Android System Services Sukwon Choi scho668.
WHAT THE APP IS THAT? DECEPTION AND COUNTERMEASURES IN THE ANDROID USER INTERFACE.
ANDROID ACCESS CONTROL Presented by: Justin Williams Masters of Computer Science Candidate.
What mobile ads know about mobile users
Joshua Garcia Institute for Software Research
REDCap Mobile Application
More Security and Programming Language Work on SmartPhones
What Mobile Ads know about mobile users
Free for All! Assessing User Data Exposure to Advertising Libraries on Android Campbell Foskin.
TriggerScope: Towards Detecting Logic Bombs in Android Applications
Journey to Microsoft Secure Cloud
Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques Presented by Vikraman Mohan.
Presented by Xiaohui (Amy) Lin
Who owns your phone? Who feels that they have the right to use your phone for their purposes or on your behalf?
Fix to Quick Heal Update Error 1002 Call
Mobile Device Development
Android Mobile apps development services company in India
How to Fix Norton Antivirus Sonar Protection Error.
Webroot Antivirus offers a hassle-free scan option and helps which prevent your important data and system from the virus and malware attack.
Securing Cloud-Native Applications Jason Schmitt CEO
Mobile Pen Testing w/ drozer
Work Order & Mobile Devices
MyLion Registration Website | Mobile device
When Machine Learning Meets Security – Secure ML or Use ML to Secure sth.? ECE 693.
Presentation transcript:

CloudAppSec : Cloud Based Application Security for Android Applications Animesh Nandanwar Kshitij Desai Mayuresh Randive

CloudAppSec Cloud based service to analyze privileges required for an android mobile application Protects and notifies mobile device user from malicious application that do not conform to security privileges

Motivation Widespread adoption of android devices Large number of mobile applications and application developers Open Source : Useful for attackers and defenders But.. no way to verify authenticity of application In past, many application like iCalendar compromised user security Hence, design goal is to provide user security from applications

Malware Analysis of android application Applications use Manifest.xml to request permissions All Android apps must declare the permissions they want to have  Maps directly to what’s displayed on-screen when you install the application  Nobody actually pays attention when they install them Some permission applications just don’t require e.g. iCalendar requires SEND_SMS permission

Static vs. Dynamic Malware Analysis Two options when analyzing any given program: static or dynamic analysis Static analysis = examining code, do analysis on android.Apk file, analyze APIs used in application Dynamic analysis = running application and observing code paths, logging system calls

CloudAppSec Design Static analysis on app.APK file  Extract.apk and run static analysis to determine application permissions  Perform API search in extracted files, map searched APIs to permissions using API mapper Notify user application permissions in users understandable manner and let users decide if they want to keep or uninstall application  iCalendar application analysis will return “Application is using SEND_SMS API” to user  User learns this and decides to uninstall application

CloudApp Architecture Cloud Storage 1. User selects.APK file 6. User analyzes permission 2. Upload.APK 3. Access API mapping 4. Return API mappings 5. Return APIs accessed by App and corresponding permissions

Placeholder for screenshots and Results

Thank you for your interest in our Project !!! ANY QUESTIONS??