Presentation is loading. Please wait.

Presentation is loading. Please wait.

Aurasium: Practical Policy Enforcement for Android Applications

Published byPhillip Peckham Modified over 10 years ago

Similar presentations

Presentation on theme: "Aurasium: Practical Policy Enforcement for Android Applications"— Presentation transcript:

1 Aurasium: Practical Policy Enforcement for Android Applications
Rubin Xu University of Cambridge Hassen Saidi SRI International Ross Anderson University of Cambridge USENIX Security Symposium 2012

2 Goal Address the multiple threats posed by malicious applications on Android

3 Android Malicious Apps

4 Introduction to Android
Security Features Process Isolation Linux user/group permission App requests permission to OS functionalities Most checked in remote end i.e. system services A few (Internet, Camera) checked in Kernel, as special user group

5 Introduction to Android
Security Features com.android.demo. app Process Boundary System Services Framework Code Application Code Activity Service Broadcast Receiver Content Provider Framework Code Telephony Manger Location Manger Activity Manager Package Manager …… Android Runtime (Dalvik VM) Permission Check Kernel Boundary Permission Check Socket Camera Binder (IPC)

6 Malicious Android Apps
Abuse permissions: Permissions are granted for as long as an App is installed on a device No restrictions on how often resources and data are accessed Access and transmit private data Access to malicious remote servers application-level privilege escalation Confused deputy attacks Gain root privilege

7 Alternative Approaches
App vetting: Google’s Bouncer 40% decrease in malware Ineffective once App installed on the device AV products: Scanning Have no visibility into the runtime of an App Fine grain permissions checking Require modifications to the OS Virtualization Require modification to the OS

8 Related work Existing Work Limitations TaintDroid (OSDI 10)
CRePE (ISC 10) AppFence (CCS 11) Quire (USENIX Security 2011) SELinux on Android Taming Privilege-Escalation (NDSS 2012) Limitations Modify OS – requires rooting and flashing firmware.

9 Related Approaches Android Middleware Linux kernel Hardware Quire
Information flow Access control Call chain IPC Android Middleware Quire SELinux TainDroid AppFence CRePE Linux kernel Hardware

10 X X Solution: Aurasium Android Middleware Linux kernel Hardware
Repackage Apps to intercept all Interactions with the OS Information flow Access control Call chain IPC and many more! X Android Middleware X Linux kernel Hardware

11 Aurasium Internals Two Problems to Solve
Introducing alien code to arbitrary application package Reliably intercepting application interaction with the OS

12 Aurasium Internals How to add code to existing applications
Android application building and packaging process javac Java Source Code .class files dx Classes.dex Application Resource Zip & Sign Compiled Resources Application Package (.apk) aapt AndroidManifest.xml Other Files

13 Insert Our Native Library
Aurasium Internals How to add code to existing applications apktool .smali files Insert Our Java Code apktool Classes.dex Textual AndroidManifest.xml Insert Metadata Application Package Compiled Resources Secured Application apktool Application Resources Other Files Insert Our Native Library

14 Enforcing Security & Privacy Policy
Aurasium way Per-application basis No need to root phone and flash firmware Almost non-bypassable com.android.demo.SecuredApp Framework Code Application Code Activity Service Broadcast Receiver Content Provider Aurasium Kernel

15 Framework Code - Native (C++)
Aurasium Internals How to Intercept A closer look at app process Application Code Framework Code - Java Java Native Interface Framework Code - Native (C++) libdvm.so libandroid_runtime.so libbinder.so ……. libc.so libm.so libstdc++.so Kernel

16 Aurasium Internals How to Intercept Example: Socket Connection
Application Code ApkMonitorActivity.onClick() HttpURLConnectionImpl.makeConnection() HttpConnection.<init>() Socket.connect() PlainSocketImpl.connect() OSNetworkSystem.connect() libnativehelper.so libc.so Framework - Java Java Native Interface Framework - Native Native Libraries

17 Aurasium Internals How to Intercept Example: Send SMS Framework - Java
Application Code ApkMonitorActivity.onClick() SmsManager.sendTextMessage() Isms$Stub$Proxy.sendText() BinderProxy.transact() libbinder.so libc.so Framework - Java Java Native Interface Framework - Native Native Libraries

18 Framework Code – Native (C++)
Aurasium Internals How to Intercept Intercept at lowest boundary – libc.so Application Code Framework Code - Java Java Native Interface Framework Code – Native (C++) libdvm.so libandroid_runtime.so libbinder.so ……. Detour Monitoring Code libc.so libm.so libstdc++.so

19 Aurasium Internals How to Intercept
Look closer at library calls - dynamic linking libbinder.so libc.so Control flow transfer Indirect memory reference

20 Aurasium Internals X How to Intercept
Key: Dynamically linked shared object file Essence: Redo dynamic linking with pointers to our detour code. Monitoring Code somelib.so libc.so X

21 Aurasium Internals How to Intercept Implemented in native code
Almost non-bypassable Java code cannot modify arbitrary memory Java code cannot issue syscall directly Attempts to load native code is monitored dlopen()

22 What can you do with Aurasium?
Total visibility into the interactions of an App with the OS and other Apps Internet connections connect() IPC Binder communications ioctl() File system manipulations write(), read() Access to resources Ioctl(), read, write() Linux system calls fork(), execvp()

23 Aurasium Internals How to add code to existing applications
Inevitably destroy original signature In Android, signature = authorship Individual app not a problem

24 Insert Our Native Library
Aurasium Internals How to add code to existing applications apktool GUI & Policy .smali files Insert Our Java Code apktool Classes.dex Point to Detour Activity Textual AndroidManifest.xml Insert Metadata Application Package Compiled Resources Secured Application apktool Application Resources Other Files Insert Our Native Library Detour libc calls

25 Evaluation

26 Evaluation

27 Evaluation

28 Evaluation

29 Evaluation

30 Evaluation Tested on Real-world Apps
3491 apps from third-party application store. 1260 malware corpus from Android Genome. Results Repackaging: 3476/1258 succeed (99.6%/99.8%) Failure mode: apktool/baksmali assembly crashes Device runs Nexus S under Monkey – UI Exerciser in SDK Intercept calls from all of 3189 runnable application.

31 Limitations 99.9% is not 100% Rely on robustness of apktool Manual edit of Apps as a workaround Native code can potentially bypass Aurasium: Already seen examples of native code in the wild that is capable of doing so Some mitigation techniques exist

32 Conclusion New approach to Android security/privacy
Per-app basis, no need to root phone Tested against many real world apps Have certain limitations

33 The End Try it out at

Download ppt "Aurasium: Practical Policy Enforcement for Android Applications"

Similar presentations

Android Application Development A Tutorial Driven Course.

Android Application Development A Tutorial Driven Course.
Dynamic Analysis of Windows Phone 7 apps Behrang Fouladi, SensePost.

Dynamic Analysis of Windows Phone 7 apps Behrang Fouladi, SensePost.
Syracuse University, New York, USA

Syracuse University, New York, USA
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Presented By Abhishek Singh Computer Science Department Kent state University WILLIAM ENCK, MACHIGAR ONGTANG, AND PATRICK MCDANIEL.

Presented By Abhishek Singh Computer Science Department Kent state University WILLIAM ENCK, MACHIGAR ONGTANG, AND PATRICK MCDANIEL.
Android architecture overview

Android architecture overview
Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.

Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.
Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.

Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.
Implementation of an Android Phone Based Video Streamer 2010 IEEE/ACM International Conference on Green Computing and Communications 2010 IEEE/ACM International.

Implementation of an Android Phone Based Video Streamer 2010 IEEE/ACM International Conference on Green Computing and Communications 2010 IEEE/ACM International.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson.
Mobile Application Development

Mobile Application Development
This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit

This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit
WebQuilt and Mobile Devices: A Web Usability Testing and Analysis Tool for the Mobile Internet Tara Matthews Seattle University April 5, 2001 Faculty Mentor:

WebQuilt and Mobile Devices: A Web Usability Testing and Analysis Tool for the Mobile Internet Tara Matthews Seattle University April 5, 2001 Faculty Mentor:
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
Case study 2 Android – Mobile OS.

Case study 2 Android – Mobile OS.
CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.

CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
Android Introduction Platform Overview.

Android Introduction Platform Overview.
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.

Similar presentations

Ads by Google