Download presentation
Presentation is loading. Please wait.
Published byDebra Lawson Modified over 8 years ago
1
What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources Literature by S. Demetriou et al. Presented by Emma Hu Literature by S. Demetriou et al. Presented by Emma Hu
2
Motivation Increase use in smartphone accessories such as Bluetooth earpieces, health devices, fitness bands etc. Increase in malicious attacks Previous studies show that external devices connected to Android are vulnerable Increase use in smartphone accessories such as Bluetooth earpieces, health devices, fitness bands etc. Increase in malicious attacks Previous studies show that external devices connected to Android are vulnerable
3
Background Android security model Discretionary access control (DAC) system SEAndroid (Security Enhanced Android) Mandatory access control (MAC) system built on top of android Security context user: role: domain or type [:level] and a SID Android security model Discretionary access control (DAC) system SEAndroid (Security Enhanced Android) Mandatory access control (MAC) system built on top of android Security context user: role: domain or type [:level] and a SID
4
Problem SEAndroid does not have the granularity for controlling external resources Bluetooth, NFC, SMS ID, Audio port SEAndroid does not have the granularity for controlling external resources Bluetooth, NFC, SMS ID, Audio port
5
Results SMS SMSDispatcher broadcasts to all apps that register with the event have the RECEIVE_SMS permission SMS and MMS fully exposed to those with READ_SMS or RECEIVE_SMS permissions Audio Completely unprotected when connected to the phone’s Audio jack NFC 5/17 popular NDC apps include storage of sensitive information No authentication and encryption protection SMS SMSDispatcher broadcasts to all apps that register with the event have the RECEIVE_SMS permission SMS and MMS fully exposed to those with READ_SMS or RECEIVE_SMS permissions Audio Completely unprotected when connected to the phone’s Audio jack NFC 5/17 popular NDC apps include storage of sensitive information No authentication and encryption protection
6
Table 1: 13500 top apps from Google play Figure 1: example of a Bluetooth app
7
SEACAT Employs a hybrid MAC & DAC approach Extends SEAndroid’s MAC to protect resources with distinct identifier e.g. SMS, NFC Adds in a DAC module to allow user and app developer to specify interaction rules Focuses on protecting Bluetooth, Audio, NFC, Internet, and SMS channels Employs a hybrid MAC & DAC approach Extends SEAndroid’s MAC to protect resources with distinct identifier e.g. SMS, NFC Adds in a DAC module to allow user and app developer to specify interaction rules Focuses on protecting Bluetooth, Audio, NFC, Internet, and SMS channels
8
Details Challenges SEAndroid does not model external resources Integration with current Android DAC and SEAndroid Mac Design Implementation Policy specification – new categories of types e.g. BT_type, NFC_type App labelling – grant trusted apps permissions External resource labelling Challenges SEAndroid does not model external resources Integration with current Android DAC and SEAndroid Mac Design Implementation Policy specification – new categories of types e.g. BT_type, NFC_type App labelling – grant trusted apps permissions External resource labelling
9
Fig 2. Screenshot of SEACAT App labelling and Device labelling
10
Fig 3. SEACAT Architecture
11
Fig 4. SEACAT Security hook
12
SEACAT Results Effectiveness Successfully prevents unauthorised resource access Performance Overhead is mostly negligible Largest overhead is 279.9ms (total time 1434.4) for Bluetooth pairing Effectiveness Successfully prevents unauthorised resource access Performance Overhead is mostly negligible Largest overhead is 279.9ms (total time 1434.4) for Bluetooth pairing
13
Paper Summary Android is not designed to handle external resources SEACAT is introduced as a new security system to extend Android’s security model MAC and DAC across different Android layers Android is not designed to handle external resources SEACAT is introduced as a new security system to extend Android’s security model MAC and DAC across different Android layers
14
Issues and Improvements The paper only looks at Bluetooth, NFC, Audio, SMS, and Internet Doesn’t account for other channels like Wireless and Infrared Doesn’t offer MAC protection for audio devices as it can’t distinguish between types of audio devices. Only analysed one “Audio” device (Jawbone UP) User / developer has to manually construct security rules / policies which decreases usability Doesn’t protect against spoofing attacks SEACAT assumes kernel is not compromised The paper only looks at Bluetooth, NFC, Audio, SMS, and Internet Doesn’t account for other channels like Wireless and Infrared Doesn’t offer MAC protection for audio devices as it can’t distinguish between types of audio devices. Only analysed one “Audio” device (Jawbone UP) User / developer has to manually construct security rules / policies which decreases usability Doesn’t protect against spoofing attacks SEACAT assumes kernel is not compromised
15
References [1] Demetriou, S., Zhou, X. Y., Naveed, M., Lee, Y., Yuan, K., Wang, X., & Gunter, C. A. (2015). What's in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources. In NDSS. [2] Demetriou, S. (2014). Android at risk: current threats stemming from unprotected local and external resources. [1] Demetriou, S., Zhou, X. Y., Naveed, M., Lee, Y., Yuan, K., Wang, X., & Gunter, C. A. (2015). What's in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources. In NDSS. [2] Demetriou, S. (2014). Android at risk: current threats stemming from unprotected local and external resources.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.