ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.

Slides:

Advertisements

Similar presentations

Enabling Secure Internet Access with ISA Server

Advertisements

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Operating System Security

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

JENNIS SHRESTHA CSC 345 April 22, Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.

Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

William Enck, Machigar Ongtang, and Patrick McDaniel.

Web-based Document Management System By Group 3 Xinyi Dong Matthew Downs Joshua Ferguson Sriram Gopinath Sayan Kole.

OWASP Mobile Top 10 Why They Matter and What We Can Do

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

Introduction Our Topic: Mobile Security Why is mobile security important?

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

Detecting and Preventing Privilege- Escalation on Android Jiaojiao Fu 1.

Enforcing Concurrent Logon Policies with UserLock.

Switch off your Mobiles Phones or Change Profile to Silent Mode.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

OFC290 Information Rights Management in Microsoft Office 2003 Lauren Antonoff Group Program Manager.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

Android Security Model that Provide a Base Operating System Presented: Hayder Abdulhameed.

Android Security Extensions. Android Security Model Main objective is simplicity Users should not be bothered Does the user care? Most do not care…until.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

Legion - A Grid OS. Object Model Everything is object Core objects - processing resource– host object - stable storage - vault object - definition of.

Leave Me Alone: App- level Protection Against Runtime Information Gathering on Android NAN ZHANG, KAN YUAN, MUHAMMAD NAVEED†, XIAOYONG ZHOU AND XIAOFENG.

1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.

Access Controls Henry Parks SSAC 2012 Presentation Outline Purpose of Access Controls Access Control Models –Mandatory –Nondiscretionary/Discretionary.

Module 7: Implementing Security Using Group Policy.

Wireless and Mobile Security

Academic Year 2014 Spring Academic Year 2014 Spring.

The SELinux of First Look. Prologue After many discussions with a lot of Linux users, I’ve come to realize that most of them seem to disable SELinux rather.

Privilege Management Chapter 22.

VMM Based Rootkit Detection on Android

4P13 Week 5 Talking Points 1. Security Provided by BSD a self-protecting Trusted Computing Base (TCB) spanning kernel and userspace; kernel isolation.

INFSO-RI Enabling Grids for E-sciencE NPM Security Alistair K Phipps (NeSC) JRA4 Face To Face, CERN, Geneva.

Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK

Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.

Android and IOS Permissions Why are they here and what do they want from me?

What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources Literature by S. Demetriou et al. Presented.

Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N.

Your data, protected and under control wherever they go SealPath Enterprise – IRM

ANDROID ACCESS CONTROL Presented by: Justin Williams Masters of Computer Science Candidate.

Android’s Malware Attack, Stealthiness and Defense: An Improvement Mohammad Ali, Humayun Ali and Zahid Anwar 2011 Frontiers of Information Technology.

ArcGIS for Server Security: Advanced

Mobile Hacking - Fundamentals

What Mobile Ads know about mobile users

Access Control Model SAM-5.

Free for All! Assessing User Data Exposure to Advertising Libraries on Android Campbell Foskin.

Web Application Vulnerabilities, Detection Mechanisms, and Defenses

Understanding Android Security

Power BI Security Best Practices

NAAS 2.0 Features and Enhancements

Suwen Zhu, Long Lu, Kapil Singh

SECURITY IN THE LINUX OPERATING SYSTEM

OS Access Control Mauricio Sifontes.

Shielding applications from an untrusted cloud with Haven

Understanding Android Security

Presentation transcript:

ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources

Lots of Apps and Services

More Sensitive Information

Is Your Information Secure? Does Android protect external resources? Most external resources are not protected Protecting resources limits capabilities, higher overhead, etc.

Why is it Unsecure? Apps can obtain sensitive information from permissions (SMS, MMS, Audio, Bluetooth) The only apps that should have access are android and the necessary application

Understanding the Threat

How Real is This Problem? Out of 13,500 top rated apps, 560 require SMS permission Once permission is granted, it is granted fully The authors hacked Jawbone UP wristband activity trackers and gathered all information from it Can steal information from the Audio jack

Further Security Analysis When a text message comes in through the channel, it broadcasts the message to apps that register with SMS_RECEIVED_ACTION and have permissions RECEIVE_SMS Similar with the MMS, which is over 160 characters Every app they tested was vulnerable to exposing information that was sent Some apps asked for permissions that were not necessary for them to have Found vulnerabilities in SMS, Audio and NFC

Data on All Applications

Outline Introduction to Problem Understanding the Threat Existing Solutions  (SE)Android  Porscha Novelty SEACAT  Policies  Design  Architecture  Walkthrough  What is Protected Experiment and Results Conclusion / Quiz

What are Android’s Solutions? Sandbox Apps Androids DAC (discretionary access control) controls access to local resources DAC permissions are binary SEAndroid (Security enhanced android) SEAndroid has a MAC, but only for local resources SEAndroid cannot even assign a security tag to an external resource Lacks types for different channels (audio, SMS, NFC and Bluetooth)

Porscha Solution Controls the content an app can access by way of an IBE encrypted message to a Porscha proxy Proxies further authorize apps according to the set of policies Porscha must make changes to the SMS, adding the proxy to intercept messages Does not offer layered protection (i.e. kernel and framework layer)

Novelty of This Paper New approach called SEACAT, which is integrated into SEAndroid Investigation of a new set of channels that have never been studied before Protection of different external resources over the channels Allow system admins and users to specify how to allow use of external resources

SEACAT Security Enhanced Android Channel Control integrates MAC and DAC in a way that compliance checks and enforcement go through the same mechanism MAC is more powerful than DAC since DAC is user controlled Incorporates security hooks, which check an applications ability to access a channel Creates policies and types for external resources Major assumption, the kernel cannot be compromised

Policies Policy example: Type is what dictates access to all objects All apps associated with domain untrusted_app are allow to perform read and write permissions on objects associated with shell_data_file which is of class file. Policy files are read only allow untrusted_app shell_data_file:file rw_file_perms

How Do These Policies Help? A policy enables a certain application to to access a specific resource of a certain type DAC policies can enable only the com.android.sms and the sensitive application to read text messages from that application DAC is controlled by user, and is the same for kernel and frameworks levels Can restrict channel while in use, then release control after

How Are Policies Determined? MAC policies are determined by administrators that grant trusted apps permissions to use external resources Audio doesn’t have MAC policies because there is no specific audio device that can be mapped, and there is no way to identify it DAC policies are determined by the user, but those policies cannot undermine the MAC policies The application can specify the external resources it uses (e.g. facebook app messages) User can always edit the DAC policies, and this is done through simple question interface rather than low level questions

Design of SEACAT Policy module stores security polices and provides an efficient compliance check service to the framework and kernel layers MAC is static while DAC is dynamic and can be updated during runtime Policy engine performs the compliance checks SEACAT labels apps, as well as resources and then checks to see if an apps attempts to access a resource that it is not assigned to

Architecture Policy management service handles DAC rules (user interface) The policy module handles both framework and kernel layer compliance checks Enforces MAC and DAC policies with same hooks Each AVC (access vector caches) caches the policies recently enforced using a hash map DAC policies in the same format as MAC rules so that the AVC and policy engine can serve both

Refined Walkthrough Let me read a text message Let me see your credentials We got angry birds here wanting to look at message Here is angry birds permissions You don’t have the right. App Security HookMAC and DAC Tables AVC Denied Entry to Channel

What Is Protected? NFC protection places hooks in essential functions for connecting to NFC device Internet controlled inside the kernel with hooks at the different socket operations Audio, which is only hooked at the framework layer and locks the channel if the app using it is approved.

Evaluation The evaluation has two nexus 4 phones, one with Android 4.4 the other with 4.3 One phone has unmodified OS, the other with SEACAT All channels were protected under MAC and DAC policies except for audio Attempts were made to assign a resource specified by MAC by way of a DAC user policy Checked performance overhead on installation of apps and different processes

Attacks

Results All attacks on unmodified OS were successful, while none were successful with SEACAT Labeling resources takes a long time at 189 ms Assigning apps to domains takes 49 ms, security hooks happens almost instantaneously Does not include the delay from human intervention There are some user experience issues, specifically with the NFC protections

Performance Measurements

Conclusions SEACAT was designed to provide integrated security control through both MAC and DAC across different Android Layers MAC and DAC policies guide the access to external resources and are enforced by security hooks Misconfigured DAC rules will not override MAC policies

Quiz Questions What is one vulnerability that SEACAT has and can it be avoided? What is the fail safe in SEACAT that attempts to block attacks when the vulnerability in question 1 happens? What is one channel not included in the MAC policies and why?