Arpit Jain Mtech2. Outline Introduction Attacks Solution Experimental Evaluation References.

Slides:



Advertisements
Similar presentations
An Example of an Android Security Extension YAASE - Yet Another Android Security Extension.
Advertisements

Roman Schlegel City University of Hong Kong Kehuan Zhang Xiaoyong Zhou Mehool Intwala Apu Kapadia XiaoFeng Wang Indiana University Bloomington NDSS SYMPOSIUM.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Defending against Sniffing Attacks on Mobile Phones Liang Cai (University of California, Davis), Sridhar Machiraju (Sprint Applied Research), Hao Chen.
U.S. Department of Energy Pacific Northwest National Laboratory July 2004 Presented by Jeffery Mauth Pacific Northwest National Laboratory
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
SAFETYCHECK Eric Hatch | David Allen |Bailee Lucas| Austin Rhodes.
OneDrive for Business Introduction First Time Use First Time Use Access from Computer Access from Computer Access from Internet Access from Internet Access.
 Smartphone overview › Platform comparison  App Construction  Smartphone malware and viruses  Security threats  Keeping your Smartphone clean.
KB-IDS. Academic Advisor: Dr. Yuval Elovici Technical Advisor: Asaf Shabtai Team Members: Eliya Rahamim Elad Ankry Uri Kanonov.
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
William Enck, Machigar Ongtang, and Patrick McDaniel.
CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
Presentation By Deepak Katta
Unsafe Exposure Analysis of Mobile In-App Advertisements Offense: Rachel Stonehirsch.
Introduction to Mobile Malware
Sophos Mobile Security
A.C. Chen ADL M Zubair Rafique Muhammad Khurram Khan Khaled Alghathbar Muddassar Farooq The 8th FTRA International Conference on Secure and.
Introduction Our Topic: Mobile Security Why is mobile security important?
박 종 혁 컴퓨터 보안 및 운영체제 연구실 MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications,
Lightweight Mobile Applications Certification: Prepared By: Rahul Biswas.
Detecting and Preventing Privilege- Escalation on Android Jiaojiao Fu 1.
Mobile Device Security Challenges  Mustaque Ahamad, Director, Georgia Tech Information Security Center  Patricia Titus, VP and Global Chief Information.
All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영
Lecture 32 Risk Management (Cont’d)
INTEROP 2014 Mobile Issues in the Network. Mobile Issues Data loss – Hardware theft or failure – Data corruption Data theft – Hardware theft – Spyware,
AUTHORS: ASAF SHABTAI, URI KANONOV, YUVAL ELOVICI, CHANAN GLEZER, AND YAEL WEISS "ANDROMALY": A BEHAVIORAL MALWARE DETECTION FRAMEWORK FOR ANDROID.
Security Mark A. Magumba. Definitions Security implies the minimization of threats and vulnerabilities A security threat is a harmful event or object.
University of Central Florida TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Written by Enck, Gilbert,
Joseph Eckstrom. The issue  A Dr. Xuxian Jiang at NCSU studied 100,000 apps and the ad libraries that they used. He made some unsettling discoveries.
A multi-Criteria-based Evaluation of Android Application Andrea Saracino, G. Dini, F. Martinelli, I. Matteucci, M.Petrocchi, D. Sgandurra InTrust 2012.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Android Security Auditing Slides and projects at samsclass.info.
ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.
Android Security Extensions. Android Security Model Main objective is simplicity Users should not be bothered Does the user care? Most do not care…until.
S. A. Shonola & M. S. Joy Security Framework for Mobile Learning Environments.
Leave Me Alone: App- level Protection Against Runtime Information Gathering on Android NAN ZHANG, KAN YUAN, MUHAMMAD NAVEED†, XIAOYONG ZHOU AND XIAOFENG.
Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.
Copyright © 2011, A Behavior-based Methodology for Malware Detection Student: Hsun-Yi Tsai Advisor: Dr. Kuo-Chen Wang 2012/04/30.
Unix Security Assessing vulnerabilities. Classifying vulnerability types Several models have been proposed to classify vulnerabilities in UNIX-type Oses.
Security Issues in Distributed Sensor Networks Yi Sun Department of Computer Science and Electrical Engineering University of Maryland, Baltimore County.
Android Permissions Remystified: A Field Study on Contextual Integrity Presenter: Hongyang Zhao Primal Wijesekera (UBC) Arjun Baokar (UC Berkeley) Ashkan.
A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang1 A Comparison of Commercial and Military Computer Security Policies Authors:
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Security aspects.
Mobile Security Tom Taylor. Roadmap Security Risks Security Risks Examples of Attacks Examples of Attacks Personal Protection Personal Protection Business.
©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.
By: Collin Molnar. Overview  Intro to Android  Security basics  Android architecture  Application isolation  Application permissions  Physical access.
Android and IOS Permissions Why are they here and what do they want from me?
What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources Literature by S. Demetriou et al. Presented.
Principles of Information Security, Fourth Edition Risk Management Ch4 Part I.
Team Electronics Automation & Machinery S-17, DLF Ind. Area, Phase-1, Sec-32, Faridabad ,
Android’s Malware Attack, Stealthiness and Defense: An Improvement Mohammad Ali, Humayun Ali and Zahid Anwar 2011 Frontiers of Information Technology.
Introduction to Android Programming. Features of Android.
ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) This Network is Infected: HoSTaGe - a Low-Interaction Honeypot for Mobile.
    Customer Profile: If you have tech savvy customers, having your site secured for mobile users is recommended. Business Needs: With the growing number.
Android App Permission Manager
Talal H. Noor, Quan Z. Sheng, Lina Yao,
A Presentation on Paper:
Honeypot in Mobile Network Security
Android Application Permission Manager
Cybersecurity EXERCISE (CE) ATD Scenario intro
Firewalls.
Anindya Maiti, Murtuza Jadliwala, Jibo He Igor Bilogrevic
Amar B. Patel , Shushan Zhao
Cybersecurity ATD Scenario conclusion
Graph-based Security and Privacy Analytics via Collective Classification with Joint Weight Learning and Propagation Binghui Wang, Jinyuan Jia, and Neil.
FACTORING PUBLIC SENTIMENT ON CYBERCRIME
Formalization of Trust, Fraud, and Vulnerability Analysis
Chapter 10. Mobile Device Security
Presentation transcript:

Arpit Jain Mtech2

Outline Introduction Attacks Solution Experimental Evaluation References

Attacks in Android Android uses sandbox model and permission based label to avoid malware attacks. Permissions assigned to an application restricts the operation application can perform on smart phone. But still vulnerable to geinimi, a type of Trojan which packages with the legitimate applications and takes extra permissions then would have been required by that application without trojan.

Permissions

Solution Security based Model: SD figure- represents the risk level of permission pairs SD Rules- defines how to determine SD of certain permission pairs. And based on this SD figure decides whether to allow application.

Types of SD Safe SD represents a safe combination of security permissions that has a threat point of 0. Normal SD means a permission pair has no clear security threat with a threat point of 1. Dangerous SD with a threat point of 5 indicates a permission combination may have threat. Severe dangerous SD with a threat point of 25 means a permission pair with serious threat to the mobile phone security.

Classification of Security Permission When analyzing the Android security permission list, we can classify them by their functions. For example: READ_SMS, RECEIVE_SMS, SEND_SMS, WRITE SMS, BROADCAST_SMS permissions all related to the SMS function.

Measuring SD dc- closed SD of the application, dij and djk – related unclosed SD, subscript i and k represent the different permission of the two pairs, and subscript j represents the same permission of the two pairs. G stands for the number of classifications the application used.

Using SD model

Evaluation Result Test with 100 of Applications, found major having threat around 20. The application affected by Geinimi get a threat point over 500

References [1]A. Shabtai, Y. Fledel, U. Kanonov, et al. “Google Android: A Comprehensive Security assessment”, IEEE Security and Privacy. [2] X. Zhang, O. Aciiçmez, and J. Seifert. “A Trusted Mobile Phone Reference Architecture via Secure Kernel”. In Proceedings of ACM workshop on Scalable Trusted Computing, November 2007.