Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security and Programming Language Work on SmartPhones

Published byAlexis Hudson Modified over 6 years ago

Similar presentations

Presentation on theme: "Security and Programming Language Work on SmartPhones"— Presentation transcript:

1 Security and Programming Language Work on SmartPhones
Karthik Dantu and Steve Ko

2 CHEX: Motivation Wide-spread app development leads to large variance in app quality and security vulnerabilities One example of vulnerability is the component hijacking vulnerability in Android Many applications implement access control improperly on external requests or accidentally leak private data or privileges Need a scalable vulnerability filtering system for app markets

3 Component Hijacking Attacks
An unauthorized app, issuing requests to one or more public components in a vulnerable app, seeks to: READ sensitive data WRITE to critical region Perform a combination

4 Challenges Reliably discovering all types of entry points (or event handlers) in their completeness Soundly modeling the asynchronous invocations of entry points for analysis Assessing the collective side-effects of individual data-flows and identifying converged flows of interest Tracking data flows across splits and components Analyzing framework code is hard: Just model it wrt data flow

5 Entry-point Discovery

6 Handling Split Flows Sources SensSrc InputSrc Sinks PublicSink
SpecifiedSink CriticalSink

7 SDS and PDS PDS generated by two simple operations – link and unlink an SDS Data-flow edges Heap variables sharing the same location-key tuple Framework API pairs that transit data among splits Tag_TransSink, Tag_TransSrc Depth-first search for pruning

8 Implementation Dalysis : APK  IR
DexLib: Programmatically read embedded data WALA: Static analysis framework for Java (used for IR) Chose 180 sources and sinks that match tags defined by policies 1-3 Create Data Dependence Graphs for PDS analysis

9 Selective Instrumentation Framework
Performance analysis as well as security motivate the need for app instrumentation Selective instrumentation useful for performance Permit path inspection between specified codepoints Accurately estimate the instrumentation overhead Three main mechanisms Source code instrumentation Runtime instrumentation Binary instrumentation

10 App Instrumentation in Mobile Space
Instrumentation to analyze the critical path e.g., AppInsight Enable fine-grained permission checking Sensor auditing for security reasons e.g., CHEX

11 SIF Inputs App binary SIFScript Workload Description Instrumenter
Overhead Estimator Log output

12 SIFScript: Codepoint Set
Codepoint Set: Encapsulates a set of instructions that share one or more attributes setMethod setByteCode setPermissions setLoops Instrumenter.place: Before, After, At, PlaceLoops()

13 SIFScript: Path Set Path Set: Encapsulates a set of dynamically traversed paths that satisfy a user-specified constraint Path: Collection of paths traversed by the app when it is executed Contains: All intra-procedural paths that contains atleast one of the specified codepoints Sequence: All paths that contain all specified codepoints Report: stacktrace

14 SIF Design: Control Flow Analysis
Incorporates Efficient Path Profiling – Ball and Larus Assign weights to edges on a CFG such that each unique traversal returns a unique sum along edges thereby identifying the unique execution path Single counter per method sufficient for instrumentation Key idea: Instrument path segments

15 SIF Design: Codepoint Abstraction
Three steps Find target instrumentation positions Enable access to local data variables Insert user-defined code Instrumentation done as callbacks Contains – straightforward Sequence – complicated Perform reachability analysis Instrument all possible paths Include all exception handlers in reachability analysis

16 SIF Design: Overhead Estimator
Two sources Instructions inserted by SIF components User-defined instrumentation code User provides workflow description App only instrumented with Ball-Larus profiler User executes regular workload Output is the workflow for overhead estimation

17 SIF Implementation Language abstractions implemented as an extension to Java Apktool  dex2jar  converts app to java bytecode BCEL library used to read and modify java bytecode Android SDK used to convert java bytecode to dalvik bytecode and re-package app Does not handle reflection and dynamically loaded code No visibility into native code

Download ppt "Security and Programming Language Work on SmartPhones"

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
SIF: A Selective Instrumentation Framework for Mobile Apps Shuai Hao, Ding Li, William G.J. Halfond Ramesh Govindan.

SIF: A Selective Instrumentation Framework for Mobile Apps Shuai Hao, Ding Li, William G.J. Halfond Ramesh Govindan.
Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.

Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.
Compiler Optimized Dynamic Taint Analysis James Kasten Alex Crowell.

Compiler Optimized Dynamic Taint Analysis James Kasten Alex Crowell.
When Role Models Have Flaws: Static Validation of Enterprise Security Policies Marco Pistoia IBM T. J. Watson Research Center Hawthorne, New York

When Role Models Have Flaws: Static Validation of Enterprise Security Policies Marco Pistoia IBM T. J. Watson Research Center Hawthorne, New York
2014 Network and Distributed System Security Symposium AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijecking.

2014 Network and Distributed System Security Symposium AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijecking.
CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerability Chao Shi CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities.

CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerability Chao Shi CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities.
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.

Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.
Program Representations. Representing programs Goals.

Program Representations. Representing programs Goals.
Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee and Guofei Jiang CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerability.

Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee and Guofei Jiang CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerability.
VanarSena: Automated App Testing. App Testing Test the app for – performance problems – crashes Testing app in the cloud – Upload app to a service – App.

VanarSena: Automated App Testing. App Testing Test the app for – performance problems – crashes Testing app in the cloud – Upload app to a service – App.
By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)

By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)
Representing programs Goals. Representing programs Primary goals –analysis is easy and effective just a few cases to handle directly link related things.

Representing programs Goals. Representing programs Primary goals –analysis is easy and effective just a few cases to handle directly link related things.
OSGi: Open Services Gateway Initiative Richard Chapman 5 Sept. 2002.

OSGi: Open Services Gateway Initiative Richard Chapman 5 Sept
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
Security of Mobile Applications Vitaly Shmatikov CS 6431.

Security of Mobile Applications Vitaly Shmatikov CS 6431.
Lecture 2 – MapReduce CPE 458 – Parallel Programming, Spring 2009 Except as otherwise noted, the content of this presentation is licensed under the Creative.

Lecture 2 – MapReduce CPE 458 – Parallel Programming, Spring 2009 Except as otherwise noted, the content of this presentation is licensed under the Creative.
Efficient Privilege De-Escalation for Ad Libraries in Mobile Apps Bin Liu (SRA), Bin Liu (CMU), Hongxia Jin (SRA), Ramesh Govindan (USC)

Efficient Privilege De-Escalation for Ad Libraries in Mobile Apps Bin Liu (SRA), Bin Liu (CMU), Hongxia Jin (SRA), Ramesh Govindan (USC)
Chapter 6 – Architectural Design Lecture 2 1Chapter 6 Architectural design.

Chapter 6 – Architectural Design Lecture 2 1Chapter 6 Architectural design.

Similar presentations

Ads by Google