USER DRIVEN ACCESS CONTROL: RETHINKING PERMISSION GRANTING IN MODERN OPERATING SYSTEM Presentation by: Manik Challana Presented at : IEEE Symposium on.

Slides:

Advertisements

Similar presentations

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.

Advertisements

Facts about Welcome to this video from Ozeki. In this video I will present what makes Ozeki Phone System XE the Worlds best on-site software PBX for Windows.

Operating System Security

Chapter Five Users, Groups, Profiles, and Policies.

Syracuse University, New York, USA

User-Driven Access Control Rethinking Permission Granting in Modern OSes Franziska Roesner, Tadayoshi Kohno University of Washington Alexander Moshchuk,

An investigation into the security features of Oracle 10g R2 Enterprise Edition Supervisor: Mr J Ebden.

Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.

Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.

Android 101 Application Fundamentals January 29, 2010.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

15.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Maintaining and Updating Windows Server 2008

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

H-1 Network Management Network management is the process of controlling a complex data network to maximize its efficiency and productivity The overall.

Microsoft Dynamics CRM 2011 Update Rollup 5 Enhancements Dana Martens Escalation Engineer Microsoft.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

Systems Analysis – Analyzing Requirements.  Analyzing requirement stage identifies user information needs and new systems requirements  IS dev team.

1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.

Week 9 Objectives Securing Files and Folders Protecting Shared Files and Folders by Using Shadow Copies Configuring Network Printing.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Chapter 7: WORKING WITH GROUPS

RECALL THE MAIN COMPONENTS OF KIM Functional User Interfaces We just looked at these Reference Implementation We will talk about these later Service Interface.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.

Computer Security and Penetration Testing

Developing Security Mobile Applications for Android Presenter, Joel Elixson Author, Jesse Burns of iSEC Partners.

The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.

Securing Embedded User Interfaces: Android and Beyond Franziska Roesner and Tadayoshi Kohno University of Washington Mohamed Grissa A presentation of USENIX.

Elsevier |MC Strategies 2009 Administrator Roundtable Administrative Permissions & Update on Design Work March 19, 2009.

10/12/ Recall The Team Skills 1. Analyzing the Problem (with 5 steps) 2. Understanding User and Stakeholder Needs 1. Interviews & questionnaires.

User Interface Toolkit Mechanisms For Securing Interface Elements Franziska Roesner, James Fogarty, Tadayoshi Kohno Computer Science & Engineering DUB.

Android Boot Camp for Developers Using Java, 3E

Supporting rapid design and evaluation of pervasive application: challenges and solutions Lei Tang 1,2, Zhiwen Yu 1, Xingshe Zhou 1, Hanbo Wang 1, Christian.

Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.

Information Security - City College1 Access Control in Collaborative Systems Authors: Emis Simo David Naco.

ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

1 Capturing Requirements As Use Cases To be discussed –Artifacts created in the requirements workflow –Workers participating in the requirements workflow.

M. Alexander Helen J. Wang Yunxin Liu Microsoft Research 1 Presented by Zhaoliang Duan.

Protecting Browsers from Extension Vulnerabilities Paper by: Adam Barth, Adrienne Porter Felt, Prateek Saxena at University of California, Berkeley and.

Cosc 4735 Primer: Marshmallow Changes and new APIs in android 6.0 (api 23)

Prepared By: Razif Razali 1 TMK 264: COMPUTER SECURITY CHAPTER SIX : ADMINISTERING SECURITY.

THE WINDOWS OPERATING SYSTEM Computer Basics 1.2.

Virtual Machine Abstractions for Nomadic Pervasive Computing (NPC) Environment Presented by: Hen-I Yang, Nov. 29, 2006.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK

| Mobile Accessibility Development Making an Accessible App Usable Scott McCormack.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

1 Chapter 12: Design Principles Overview –There are principles for many kinds of design Generally, a design should consider: Balance, Rhythm, Proportion,

Slide #13-1 Design Principles CS461/ECE422 Computer Security I Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

1 Design Principles CS461 / ECE422 Spring Overview Simplicity  Less to go wrong  Fewer possible inconsistencies  Easy to understand Restriction.

DeepDroid Dynamically Enforcing Enterprise Policy Manwoong (Andy) Choi

© ExplorNet’s Centers for Quality Teaching and Learning 1 Describe applications and services. Objective Course Weight 5%

What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources Literature by S. Demetriou et al. Presented.

Maintaining and Updating Windows Server 2008 Lesson 8.

WHAT THE APP IS THAT? DECEPTION AND COUNTERMEASURES IN THE ANDROID USER INTERFACE.

Database and Cloud Security

Understanding Android Security

Data and database administration

AUDACIOUS: USER DRIVEN ACCESS CONTROL WITH UNMODIFIED OPERATING SYSTEM

To Join the Teleconference

Introduction to Computers

How to Install Norton Antivirus on Android Phone? We are providing easy steps to install Norton antivirus on android phone. If you facing any technical issue related to installing then you should contact via support. Get more details to visit our website

Chapter 2: System Structures

Understanding Android Security

Introduction TO Operating SYSTEM

Presentation transcript:

USER DRIVEN ACCESS CONTROL: RETHINKING PERMISSION GRANTING IN MODERN OPERATING SYSTEM Presentation by: Manik Challana Presented at : IEEE Symposium on Security and Privicy,2012.(Best Practical Paper)

. “Every Program and every privilege user of the system should operate using least amount of privileges necessary to compute the job” -- Jerome Saltzer -- Jerome Saltzer

Abstract  Problem : Allowing user to grant access in a non-disruptive manner.  Principal of Least Privilege: Allowing only the privileges that are needed.  Approach : To built permission granting in context of application.  Goal

Flaws in Permission Granting  Globalizing Resources: Traditional desktops exposes user resources by globalizing them.  Manifests: Install time manifests are security hazard.  Prompts: Teaches user to ignore them in time. So, unhelpful.  No Access: Certain system and application do no support access to certain user owned resources.

Introduction  What is an ACG ? Permission Granting User interface elements to capture user’s intent. Permission Granting User interface elements to capture user’s intent.

System Model  Same Origin policy Applications are isolated based on some principal Applications are isolated based on some principal definition. definition.

System Model  Application Embedding Some application may Embed one or more applications. Some application may Embed one or more applications.  Role of Kernel

Resource Manager  It is a privileged application that mediates access to all user owned physical devices of particular resource type and maintain respective access control state.  It exposes to app: - 1. ACGs 1. ACGs 2. Device access APIs. 2. Device access APIs.

ACG Display Integrity  Display Isolation Application embedding an ACG shouldn’t be able to set ACG’s pixels. Application embedding an ACG shouldn’t be able to set ACG’s pixels.  Complete Visibility An malicious application might overlay the labels to reverse the meaning of an ACG’s copy/paste. Z ordering is used to determine which window is at top of display. An malicious application might overlay the labels to reverse the meaning of an ACG’s copy/paste. Z ordering is used to determine which window is at top of display.  Sufficient display duration Time based clicking attacks can be implemented if this is not taken into measures. Time based clicking attacks can be implemented if this is not taken into measures.

Authentic User Input  Its is Important to ensure that: 1. The input event on ACG come from user. 2. That Kernel grants permission to correct application.  Problem with Embedded applications A malicious ad in publisher.com might embed ACG for geo location access. Such app might mimics UI of publisher.com and trick user into thinking that ACG will grant access to publisher.com. A malicious ad in publisher.com might embed ACG for geo location access. Such app might mimics UI of publisher.com and trick user into thinking that ACG will grant access to publisher.com.

Authentic User Input  Only top lever application can embed ACG by default and embedded application can only embed ACG using PermissionToEmbed.

Access Semantics  Types of access durations 1.One-time : Such as taking a picture 2. Session : Such as recording a video. 3. Schedule : Such as sending a monthly SMS reminder for paying rent. 4. Permanent : Such as permanent to various resources for Apple’s digital assistant Siri.

ACG Composition  Allows single user action to initiate multiple user owned resources A user might want to take a picture and tag it at same time then Composition ACG (C-ACG) is used. A user might want to take a picture and tag it at same time then Composition ACG (C-ACG) is used.  Composition RM serves as UI proxy for RM’s of composed resources.  The C-ACG is designed such that its least privileged with no access to composition resources.

Permission via Input Sequence  Instead of interacting with ACGs some users prefer input method.  Sequence ownership It by default resides with top-level application. It can grant application to receive permission granting sequence with PermissionToReceiveSequence permission. It by default resides with top-level application. It can grant application to receive permission granting sequence with PermissionToReceiveSequence permission.  Sequence Conflicts 1. Two RM’s may attempt to define same global sequence 2. Application may assign global sequence to their own application specific functionality.

Design Evaluation  User Driven access control eliminates most of the vulnerabilities, 82% for chrome and 96% for Firefox.  A survey of android top apps show that user driven access control offers least privilege access to user owned resources for 95% of apps.  Vulnerabilities removes by user driven access control which were dominant category

Analysis of Android Apps

Conclusion Merits Merits  The System presented is very effective in providing user more grip over the device.  Since it has better insights in user activities helps eliminates many vulnerabilities.  The prototype presented is easy to implement and requires less tedious effort.

Conclusion Demerits Demerits  Its easier to launch social engineering attack on such system.  An Application can take advantage of permanent access.

. Questions Questions ?