Presentation is loading. Please wait.

Presentation is loading. Please wait.

Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw (ONL)

Published byRolf Underwood Modified over 9 years ago

Similar presentations

Presentation on theme: "Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw (ONL)"— Presentation transcript:

1 Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw (ONL)

2 Outline The problem and why it is important Our solution and why it is better Proof of concept LKM syscall table hook Preliminary Design Defensive syscall integrity LKM Android VMM Preliminary Results

3 The Problem Detecting rootkits on Android smart phones This is important because: Smart phone use is tremendously growing (especially Android, it just took 1 st place) Phones are starting to be used like mini computers Phones carry lots of sensitive data (more than a computer at times) GPS location, contacts, text messages, call data, People make purchases on their phones (billing info)

4 The Problem (cont.) Rootkits are a major problem on any traditional monolithic operating system on our desktop computers Android OS is modeled after the Linux kernel This means that many of the attack methods (LKM rootkits) that are targeted for the Linux OS may be applicable to Android Currently, power consumption is a major factor in the prevention methods

5 Our Solution Two part solution: VMM layer to live below the guest Android OS Layer below approach to ensure integrity of the LKM that lives alongside the kernel This is necessary in the event that another LKM attempts to hook into our LKM Minimal execution in the VMM to preserve power LKM that monitors the integrity of the syscall table and corresponding functions Would be executed at regular intervals

6 Proof of concept Demonstrating that the syscall table can be hooked This is how a rootkit can try to hide from the operating system (NOTE: We need to add a design picture of the syscall hooking LKM)

7 Preliminary Design (cont.) Android VMM lives a layer below the guest operating system, the Android kernel Android VMM will check integrity of the LKM that monitors the syscall table and pointed to functions (picture will go here of our VMM design)

8 Preliminary Design (cont.) Modifying the boot order is not enough We must also modify the QEMU emulator to trap to our VMM This allows our VMM to get execution after booting the Android guest OS (picture will go here of our VMM interaction with qemu, how we trap into our VMM)

9 Preliminary Design (cont.) (Picture will go here of our design for our LKM that checks integrity of syscall table and the functions contained within) LKM checks integrity of syscall table and functions pointed to This is checked periodically Root of trust is placed within the VMM The VMM checks integrity of this LKM from a layer below

10 Preliminary Results (boot time) Boot times of normal Android (zImage) image versus the VMM (zVmm) image were measured. The results to the right demonstrate the average of three boots for each image. The Linux ‘time’ utility was used to obtain the ‘real’, ‘user’, and ‘sys’ running times of each boot. The ‘boot time’ was measured as the time from booting the image in the Android emulator to the time it took for the emulator to boot up and unlock the initial screen.

11 Preliminary Results (boot time)

12 Preliminary Results (cont.) If we get the syscall hooking LKM up and running, maybe we can show some data here (Or, we might be able to do some power measurements by invoking some random function that does a hash of memory every minute or something, be creative)

Download ppt "Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw (ONL)"

Similar presentations

8. 1+5+9+13+……+(4n-3) = n(2n-1) P 1 = 1(2(1)-1)=1 check.

……+(4n-3) = n(2n-1) P 1 = 1(2(1)-1)=1 check.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Operating System Security : David Phillips A Study of Windows Rootkits.

Operating System Security : David Phillips A Study of Windows Rootkits.
Rootkits on Smart Phones: Attacks, Implications and Opportunities Jeffrey Bickford, Ryan O’Hare, Arati Baliga, Vinod Ganapathy, and Liviu Iftode Department.

Rootkits on Smart Phones: Attacks, Implications and Opportunities Jeffrey Bickford, Ryan O’Hare, Arati Baliga, Vinod Ganapathy, and Liviu Iftode Department.
1 Future Technologies Group Shane Canon, canon at nersc dot govSummer Linux Kernel Class Root Kit Protection and Detection Shane Canon October 23 2003.

1 Future Technologies Group Shane Canon, canon at nersc dot govSummer Linux Kernel Class Root Kit Protection and Detection Shane Canon October
Malwares – Types & Defense Raghunathan Srinivasan Sept 25, 2007 CSE 466/598 Computer Systems Security.

Malwares – Types & Defense Raghunathan Srinivasan Sept 25, 2007 CSE 466/598 Computer Systems Security.
Operating System Structure. Announcements Make sure you are registered for CS 415 First CS 415 project is up –Initial design documents due next Friday,

Operating System Structure. Announcements Make sure you are registered for CS 415 First CS 415 project is up –Initial design documents due next Friday,
Presented by Boris Yurovitsky

Presented by Boris Yurovitsky
Towards Application Security On Untrusted OS

Towards Application Security On Untrusted OS
@ NCSU Zhi NCSU Xuxian Microsoft Research Weidong Microsoft NCSU Peng NCSU ACM CCS’09.

@ NCSU Zhi NCSU Xuxian Microsoft Research Weidong Microsoft NCSU Peng NCSU ACM CCS’09.
Buffer Overflow Attacks Figure 9-21. (a) Situation when the main program is running. (b) After the procedure A has been called. (c) Buffer overflow shown.

Buffer Overflow Attacks Figure (a) Situation when the main program is running. (b) After the procedure A has been called. (c) Buffer overflow shown.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #29-1 Chapter 33: Virtual Machines Virtual Machine Structure Virtual Machine.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #29-1 Chapter 33: Virtual Machines Virtual Machine Structure Virtual Machine.
SubVirt: Implementing malware with virtual machines Yi-Min Wang Chad Verbowski Helen J. Wang Jacob R. Lorch Microsoft Research Samuel T. King Peter M.

SubVirt: Implementing malware with virtual machines Yi-Min Wang Chad Verbowski Helen J. Wang Jacob R. Lorch Microsoft Research Samuel T. King Peter M.
Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.

Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.
LINUX Virtualization Running other code under LINUX.

LINUX Virtualization Running other code under LINUX.
Introduction Our Topic: Mobile Security Why is mobile security important?

Introduction Our Topic: Mobile Security Why is mobile security important?
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)
All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영 2015. 04. 21.

All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영
Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文.

Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文.

Similar presentations

Ads by Google