Presentation is loading. Please wait.

Presentation is loading. Please wait.

Review of “Towards Taming Privilege-Escalation Attacks on Android” Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad-Reza Sadeghi, Bhargava.

Published byThomasine Emmeline Garrett Modified over 9 years ago

Similar presentations

Presentation on theme: "Review of “Towards Taming Privilege-Escalation Attacks on Android” Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad-Reza Sadeghi, Bhargava."— Presentation transcript:

1 Review of “Towards Taming Privilege-Escalation Attacks on Android” Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad-Reza Sadeghi, Bhargava Shastry In Proceedings of the 19th Annual Network & Distributed System Security Symposium (February 2012)

2 Summary The authors of this paper has presented the design and implementation of a security framework that protects against both confused deputy attack and collusion attack Also included results for performance evaluation

3 Android architecture & Security framework architecture

4 Appreciation The first security framework that addresses both confused deputy attack and collusion attack System-centric solution that generally captures all application level privilege attacks: not dependent of applications, not just targeting attack subclasses Scalable performance over-head (adversary models: weak, basic, advanced and strong)

5 Criticism Heuristic evaluation: hard to simulate worst case scenario, sample size of 50 still sounds small given the amount of categories (27) Adversary model VS performance?? Separated test of “ICC based communication apps” and “File system and socket based communication” (I.E PDF plug-in for dolphin browser) (all tests were carried out where there’s only two nodes & single path, a mixed case would have more that two nodes and potentially multiple paths)

6 Sample scenario

7 Question Given that this security framework was built on a rather obsolete version of Android (2.2.1), do you think it will still satisfy the need on devices with newer Android versions ? (Android 4 had new features such as Android Beam, Screen Shots and On-device Encryption!)

Download ppt "Review of “Towards Taming Privilege-Escalation Attacks on Android” Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad-Reza Sadeghi, Bhargava."

Similar presentations

ACHIEVING NETWORK LEVEL PRIVACY IN WIRELESS SENSOR NETWORKS.

ACHIEVING NETWORK LEVEL PRIVACY IN WIRELESS SENSOR NETWORKS.
Vulnerability, Attack, Defense Split Tunneling Cross-Site Request Forgery And You Mary Henthorn OIT Senior Technology Analyst February 8, 2007.

Vulnerability, Attack, Defense Split Tunneling Cross-Site Request Forgery And You Mary Henthorn OIT Senior Technology Analyst February 8, 2007.
How to Design Wireless Security Mechanisms Manel Guerrero Zapata Mobile Networks Laboratory Nokia Research Center.

How to Design Wireless Security Mechanisms Manel Guerrero Zapata Mobile Networks Laboratory Nokia Research Center.
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.

Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
Open-MS (Open-Management System) Ethan Hann 3.30.2010.

Open-MS (Open-Management System) Ethan Hann
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan.

SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan.
Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.

Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.
Android 4: Creating Contents Kirk Scott 1. Outline 4.1 Planning Contents 4.2 GIMP and Free Sound Recorder 4.3 Using FlashCardMaker to Create an XML File.

Android 4: Creating Contents Kirk Scott 1. Outline 4.1 Planning Contents 4.2 GIMP and Free Sound Recorder 4.3 Using FlashCardMaker to Create an XML File.
Unsafe Exposure Analysis of Mobile In-App Advertisements Offense: Rachel Stonehirsch.

Unsafe Exposure Analysis of Mobile In-App Advertisements Offense: Rachel Stonehirsch.
Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.

Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.
Detecting and Preventing Privilege- Escalation on Android Jiaojiao Fu 1.

Detecting and Preventing Privilege- Escalation on Android Jiaojiao Fu 1.
RUNNING PARALLEL APPLICATIONS BEYOND EP WORKLOADS IN DISTRIBUTED COMPUTING ENVIRONMENTS Zholudev Yury.

RUNNING PARALLEL APPLICATIONS BEYOND EP WORKLOADS IN DISTRIBUTED COMPUTING ENVIRONMENTS Zholudev Yury.
Flatiron Mobile Device Security Monitor Thomas Horacek Lucas Greve.

Flatiron Mobile Device Security Monitor Thomas Horacek Lucas Greve.
Www.infotech.monash.edu.au Presented by Xiaoyu Qin 21637881 Virtualized Access Control & Firewall Virtualization.

Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.
TRACEREP: GATEWAY FOR SHARING AND COLLECTING TRACES IN HPC SYSTEMS Iván Pérez Enrique Vallejo José Luis Bosque University of Cantabria TraceRep IWSG'15.

TRACEREP: GATEWAY FOR SHARING AND COLLECTING TRACES IN HPC SYSTEMS Iván Pérez Enrique Vallejo José Luis Bosque University of Cantabria TraceRep IWSG'15.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.

The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.

Similar presentations

Ads by Google