Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Example of an Android Security Extension YAASE - Yet Another Android Security Extension.

Published byKamryn Ormes Modified over 9 years ago

Similar presentations

Presentation on theme: "An Example of an Android Security Extension YAASE - Yet Another Android Security Extension."— Presentation transcript:

1 An Example of an Android Security Extension YAASE - Yet Another Android Security Extension

2 YAASE Main Features A Policy-based System for Controlling Information Flow Fine-grained Data Filtering No modifications to Android API No trust on apps Control over IPC and system-level calls (internet) Data filtering capabilities Tuneable

3 YAASE Architecture Grey = New components added Dashed = Modified Android components

4 Policy-based AC Terms A policy is a rule that governs the behaviour of a system PEP stands for Policy Enforcement Point It is responsible for intercepting the requests and enforcing the access control decisions PDP stands for Policy Decision Point It is responsible for evaluating policies and coming up with a decision Policy Provider is the repository where policies are stored

5 YAASE Policy Language PolicyName: Requester can do operation on Resource [have to perform action] handle dataLabelExpression By default, if no policy is specified no action is granted!

6 Example of a Privilege Escalation FeedMe: A news feed app requiring access to internet NavApp: A navigation app requiring access to GPS

7 Policies for Apps PolFeedMe: FeedME can do send on Internet handle “NoLabels” PolNavApp: NavApp can do access on GPS handle “FineLocation”

8 Restrict Approach Sandbox System Sandbox P2P1 FeedMeNavAppAndroid Apps C P1 GPS P2 NET SS AA Policy Provider YAASE PDP Access to NavApp PEP

9 Sandbox System Sandbox P2P1 FeedMeNavAppAndroid Apps C P1 GPS P2 NET SS AA Policy Provider YAASE PDP PEP Restrict Approach

10 Sandbox System Sandbox P2P1 FeedMeNavAppAndroid Apps C P1 GPS P2 NET SS AA Policy Provider YAASE PDP PEP

11 Restrict Approach Sandbox System Sandbox P2P1 FeedMeNavAppAndroid Apps C P1 GPS P2 NET SS AA NO ACCESS Policy Provider YAASE PDP PEP

12 Relaxed Approach Sandbox System Sandbox P2P1 FeedMeNavAppAndroid Apps C P1 GPS P2 NET SS AA Policy Provider YAASE PDP PEP

13 Relaxed Approach Sandbox System Sandbox P2P1 FeedMe D:FL NavAppAndroid Apps C P1 GPS P2 NET SS AA Policy Provider YAASE PDP PEP

14 Relaxed Approach Sandbox System Sandbox P2P1 FeedMeNavAppAndroid Apps C P1 GPS P2 NET SS AA Policy Provider YAASE PDP INTERNET D:FL PEP

15 Enforced Policy PolFeedMe: FeedME can do send on Internet handle “NoLabels”

16 Relaxed Approach Sandbox System Sandbox P2P1 FeedMeNavAppAndroid Apps C P1 GPS P2 NET SS AA Policy Provider YAASE PDP INTERNET D:FL PEP

17 Final Thoughts Standard Android Security framework is insufficient Plethora of security extensions have been presented Now it is time that Google starts to take some actions

18 Readings Russello, Giovanni, et al. "Yaase: Yet another android security extension." Privacy, security, risk and trust (passat), 2011 ieee third international conference on and 2011 ieee third international conference on social computing (socialcom). IEEE, 2011.

19 Questions?

Download ppt "An Example of an Android Security Extension YAASE - Yet Another Android Security Extension."

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
Presented By Abhishek Singh Computer Science Department Kent state University WILLIAM ENCK, MACHIGAR ONGTANG, AND PATRICK MCDANIEL.

Presented By Abhishek Singh Computer Science Department Kent state University WILLIAM ENCK, MACHIGAR ONGTANG, AND PATRICK MCDANIEL.
Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.

Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.
ECOS: Leveraging Software-Defined Networks to Support Mobile Application Offloading Aaron Gember, Christopher Dragga, Aditya Akella University of Wisconsin-Madison.

ECOS: Leveraging Software-Defined Networks to Support Mobile Application Offloading Aaron Gember, Christopher Dragga, Aditya Akella University of Wisconsin-Madison.
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.

Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID David Barrera, H. Güne¸s Kayacık, P.C. van Oorschot,

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID David Barrera, H. Güne¸s Kayacık, P.C. van Oorschot,
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
Make Secure Information Sharing (SIS) Easy and an Reality C. Edward Chow, PI Osama Khaleel Bill Kretschmer C. Edward Chow, PI Osama Khaleel Bill Kretschmer.

Make Secure Information Sharing (SIS) Easy and an Reality C. Edward Chow, PI Osama Khaleel Bill Kretschmer C. Edward Chow, PI Osama Khaleel Bill Kretschmer.
Authz work in GGF David Chadwick

Authz work in GGF David Chadwick
XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Google Android as a mobile development platform T-110.7111 Internet Technologies for Mobile Computing Olli Mäkinen.

Google Android as a mobile development platform T Internet Technologies for Mobile Computing Olli Mäkinen.
Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,

Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,
XACML By Ganesh Godavari Craig Peltier. Information Sharing Information Sharing relates to the sharing of information between two or more entities. Entities.

XACML By Ganesh Godavari Craig Peltier. Information Sharing Information Sharing relates to the sharing of information between two or more entities. Entities.
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)

Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)

Similar presentations

Ads by Google