Download presentation
Presentation is loading. Please wait.
Published byRudolf Nash Modified over 8 years ago
1
COMPSCI 702 DeepDroid Dynamically Enforcing Enterprise Policy on Android Devices Presenter: Jie Yuan (Jeff)
2
Agenda Introduction DeepDroid-Overview DeepDroid-Implementations DeepDroid-Evaluation Criticisms
3
Introduction Smartphones are increasingly adopted in workspace “51% of end users rely on smartphones to perform daily business activities.”——Cisco 2013 Android dominates the smartphone market Android took 84.6% smartphone share in Q3 2015”——Gartner 3
4
But Android devices are not easily managed Permission: Coarse-grained All-or-nothing Lack of run-time configuration SEAndroid Brings flexible MAC to Android (kernel) No middleware layer MAC support yet 4
5
Introduction - Current status OEM vendors usually implement their own management APIs Samsung Knox Customize system to enforce policies Require tremendous modification on source code Portability issue for Android branches and OEMs Rewrite Android apps Intercept security sensitive APIs from multiple layers Lack of isolation between App and monitoring code
6
DeepDroid Overview A dynamic enterprise security policy enforcement scheme. The Approaches to enforce policy: Dynamic memory instrumentation to hook the permission check inside DVM for java code Tracing (ptrace) system calls to monitor native code Tracing process creation (fork) in zygote for privilege authorization Tracking process operations in binder 6
7
7 DeepDroid Overview - Components DeepDroid On-device Device Monitor Monitors the mobile device Communicates to Enterprise Policy Center Privilege Enforcement Authorises access privilege to apps Permission Configurator from Android middleware Process Creation Guard monitoring native code Context Enforcement Monitor resource access Trace system calls to regulate app operations Policy Engine Maintains policy rules Enterprise Policy Center Authenticates mobile devices Distributes enterprise policies Monitors mobile devices
8
DeepDroid Implementation - Permission Configurator Intercepts system_sever to enforce runtime permission policies for standard java applications Leveraging ptrace system-call to control and manipulate the target process
9
DeepDroid Implementation - Process Creation Guard Traces zygote to monitor new process creation from native code 9
10
DeepDroid Implementation - Context Enforcement Introduces binder wrapper to intercept and regulate the service provision procedure An exception may arouse suspicion that the user is at some a secret location return a fake location to the app instead of an exception 10
11
Context Enforcement – Binder Interception 11 Binder interception Libbinder.so provide the interfaces for app based on binder driver (mainly ioctl) The ioctl system call was intercepted by binder interception module to a wrapper in libwrapper.so by modifying GOT (Global Offset Table) of libbinder.so By doing so, all system calls into binder driver was captured
12
Context Enforcement – Content Parsing The raw data is packaged into a binder_write_read buffer The parser converts the buffer into readable information like Descriptor of Service and Code for better understanding. 12
13
Context Enforcement – Transaction regulating 13 Thread #1 as the initiator Thread #2 as the service provider 2 type of processing are supported, pre and post E.g. a SMS to a suspicious number should be stopped before the operation.
14
Context Enforcement – Native Code Context Enforcement A supplement to the Process Creation Guard to provide fine grained control on native operations For instance, instead of disconnecting an app completely from the Internet, the app may be allowed to access some specific trusted web servers. Therefore, besides configuring inet group, we develop a native code context enforcement module to regulate network accessing operations by confining the context of socket calls, such as connect, recvfrom and sendto. This is more likely a future plan which has not been tested or even implemented, since the overhead will be quite high to trace data packet operations especially for network intensive apps. 14
15
Evaluated Resources ResourcePermissionGroupPEP 1 Process IMEI READ_PHONE_STATE package com.android.phone Phone # READ_PHONE_STATE package location ACCESS_FINE_LOCATION packagesystem_server contacts READ_CONTACTS packageandroid.process.acore camera CAMERA camerapackage/ PCG 2 mediaserver account GET_ACCOUNTS packagesystem_server logs READ_LOGS log PCG 2 app process network INTERNET inetpackage/ PCG 2 SMS SEND_SMS package com.android.phone 1 PEP: permission enforcement point 2 PCG : Process Creation Guard 15
16
Evaluated Devices DeviceAndroid OS Nexus S(Samsung)Android OS 2.3.6 Sony LT29iAndroid OS 4.1.2 Android OS 4.2.2 Galaxy Nexus(Samsung)Android OS 4.0 Samsung Galaxy Note IIAndroid OS 4.1 Samsung Galaxy Note 3Android OS 4.3 Nexus 5(LG)Android OS 4.4 Meizu MX IIFlyme 3.2 (Android OS 4.2.1) Huawei Honor 3cAndroid OS 4.2 16
17
Performance
18
Performance (cont.)
19
Normal Quadrant Traced QuadrantNormal CaffeineMark Trace CaffeineMark MX II2508.52507.66367.26207.5 LT29i4653.84553.614125.513998.5 Nexus S1750.01705.65982.85959.9 Benchmark Scores 19
20
Criticisms: Needs root privilege to instrument system components and trace zygote and binder, which is very dangerous to users, everything on this phone is monitored, supervised, no personal app was suggested. Highly rely on the central policy center, if it is compromised by attackers, all smartphones are endangered as the counterpart is running as root. The central policy center may become the bottleneck of the system and bring single point failure. Needs to communicate to the policy center time to time, highly rely on network. Doesn’t have an efficient support on image or voice recognition which limits its usage on high volume media-related resources like camera and audio. A spelling error exists even in the published version, “course-grained” in page 9 should be “coarse-grained” 20
21
References http://www.internetsociety.org/doc/deepdroid- dynamically-enforcing-enterprise-policy-android-devices http://slideplayer.com/slide/7388906/ http://www.internetsociety.org/sites/default/files/02Dee pDroid.slide.pdf http://www.internetsociety.org/sites/default/files/Prese ntation02_4.pdf http://elinux.org/Android_Booting https://www.samsungknox.com/en 21
22
Questions? 22
23
Backup 23
24
DeepDroid – Summary Portable on almost all Android devices Based on Dynamic code instrumentation and process tracing Fine-grained access control policy Both permission and behaviour level By hooking and tracing critical Android components Minimal impacts On both user experience and Android system Reduce the work on system customization 24
25
DeepDroid – Overview Centralized controller system_server for middleware permissions client-server architecture system services, content providers, etc. Communication-Binder RPC to services Intent Content Providers Operations inside of process boundary Based on Linux system calls Comply with Linux DAC Linux privilege authorized right after process creation setgroups/setresgid/setresuid 25
26
DeepDroid – check point Intercepts system_sever from the application side and zygote from linux side to enforce runtime permission policies 26
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.