Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Android malicious apps about privacy leakage 1. Impracticability and hazards of security enhanced Android framework ҉ Many apps,even benign ones, could.

Published byRichard West Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Android malicious apps about privacy leakage 1. Impracticability and hazards of security enhanced Android framework ҉ Many apps,even benign ones, could."— Presentation transcript:

1 1 Android malicious apps about privacy leakage 1. Impracticability and hazards of security enhanced Android framework ҉ Many apps,even benign ones, could leak sensitive information without user awareness or consent. ҉ Previous solutions always require to modify the Android or could be easily defeated by malicious apps easily. ҉ IAC:The Android inter-application communication(IAC) is implemented as a message passing system, where messages are encapsulated as Intent objects, which enables reuse of functionality across apps and app components via message passing. ҉ Risk:A malicious app can embed a payload into an IAC message, thereby driving the recipient app into a potentially vulnerable behavior if the message is processed without its fields first being sanitized or validated. 2. Impracticability and hazards of security enhanced Android framework

2 2 Solutions 1 App Sandbox  1 Qihoo 360 and NCSU proposed AppCage,which can confine the run-time behavior of Android apps without requiring framework modifications or root privilege. AppCage creates a new app to wrap the original one, and leverages two complimentary user-level sandboxes to interpose and regulate an app’s access to sensitive APIs. (AppCage, ASIACCS’15)  2 Saarland University presents the first concept for full-fledged app sandboxing on Android, based on application virtualization and process-based privilege separation to encapsulate untrusted apps in an isolated environment, without firmware modifications, app code modifications or root privileges. (Boxify, USENIX’2015)

3 Solutions 2 IntentDroid  IBM Security(Isreal)与IBM T. J. Watson Research Center, present the first comprehensive testing algorithm for Android IAC, and describe a catalog, stemming from our field experience, of 8 concrete vulnerability types that can potentially arise due to unsafe handling of incoming IAC messages.They have realized their testing approach as the IntentDroid system, available as a commercial cloud service.  IntentDroid utilizes lightweight platform-level instrumentation, implemented via debug breakpoints (to run atop any Android device without any setup or customization), to recover IAC-relevant app- level behaviors. (IntentDroid, ISSTA’2015) Scanning results

Download ppt "1 Android malicious apps about privacy leakage 1. Impracticability and hazards of security enhanced Android framework ҉ Many apps,even benign ones, could."

Similar presentations

Syracuse University, New York, USA

Syracuse University, New York, USA
Senior Design 2014 Presented By: Alex Bouvy, Matt Freifeld, Doug Kerr, Mike Steele, Anselm Tamasang, Gavin White.

Senior Design 2014 Presented By: Alex Bouvy, Matt Freifeld, Doug Kerr, Mike Steele, Anselm Tamasang, Gavin White.
An Evaluation of the Google Chrome Extension Security Architecture

An Evaluation of the Google Chrome Extension Security Architecture
By : Versha Thakur Shravani Aishwarya

By : Versha Thakur Shravani Aishwarya
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID David Barrera, H. Güne¸s Kayacık, P.C. van Oorschot,

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID David Barrera, H. Güne¸s Kayacık, P.C. van Oorschot,
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
SWE 4743 Strategy Patterns Richard Gesick. CSE 1301 2-13 Strategy Pattern the strategy pattern (also known as the policy pattern) is a software design.

SWE 4743 Strategy Patterns Richard Gesick. CSE Strategy Pattern the strategy pattern (also known as the policy pattern) is a software design.
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Author: Texas Instruments ®, Sitara™ ARM ® Processors Building Blocks for PRU Development Module 2 PRU Firmware Development This session covers how to.

Author: Texas Instruments ®, Sitara™ ARM ® Processors Building Blocks for PRU Development Module 2 PRU Firmware Development This session covers how to.
Reusability and Portability Chapter 8 CSCI 4320. Reusability and Portability  The length of the development process is critical.  No matter how high.

Reusability and Portability Chapter 8 CSCI Reusability and Portability  The length of the development process is critical.  No matter how high.
Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.

Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.
Enterprise Resource Planning

Enterprise Resource Planning
IOS & Android Security, Hacking and Tweaking Workshop D.Papamartzivanos University Of the Aegean – Info Sec Lab Android Security – Cydia Substrate Dimitris.

IOS & Android Security, Hacking and Tweaking Workshop D.Papamartzivanos University Of the Aegean – Info Sec Lab Android Security – Cydia Substrate Dimitris.
Emerging Platform#4: Android Bina Ramamurthy.  Android is an Operating system.  Android is an emerging platform for mobile devices.  Initially developed.

Emerging Platform#4: Android Bina Ramamurthy.  Android is an Operating system.  Android is an emerging platform for mobile devices.  Initially developed.
OWASP Mobile Top 10 Why They Matter and What We Can Do

OWASP Mobile Top 10 Why They Matter and What We Can Do
Presentation By Deepak Katta

Presentation By Deepak Katta
Security and privacy in the age of software controlled surroundings Prashanth Mohan David Culler.

Security and privacy in the age of software controlled surroundings Prashanth Mohan David Culler.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

Similar presentations

Ads by Google