Presentation is loading. Please wait.

Presentation is loading. Please wait.

DeepDroid Dynamically Enforcing Enterprise Policy Manwoong (Andy) Choi 6440429.

Published byEileen McGee Modified over 8 years ago

Similar presentations

Presentation on theme: "DeepDroid Dynamically Enforcing Enterprise Policy Manwoong (Andy) Choi 6440429."— Presentation transcript:

1 DeepDroid Dynamically Enforcing Enterprise Policy Manwoong (Andy) Choi 6440429

2 Introduction Motivation: Company’s require a means of limiting access to resources in mobile devices belonging to employees to protect company assets.  Android  market share of 81%  “all-or-nothing” installation option  continuous access of approved permissions  Solutions  Android 4.3, experimental feature called “App Ops”  Device Administration APIs provided by Google  DeepDroid

3 Android Resource Access  Resource Access through Android Middleware  Resource Access through Linux kernel  Binder encapsulates inter-process communication (IPC) messages and interprets them to corresponding procedure calls  system_server acts as permission checking center with built-in permissions  Native code can bypass middleware permission checking mechanism  Group of IDs which are responsible for determining accessible resources for the app

4 DeepDroid  Portability  Fine Granularity  Trustworthy  Ease to Use  Solution is deployed on different Android versions and devices with minimum configuration  Various enterprise policies are supported by supervising and regulating  Access control policy rules are strictly enforced, so that no app can violate any rules  How easy the solution is deployed on different Android versions and devices

5 DeepDroid Enterprise Policy Center  Authenticate mobile devices  Distribute enterprise policies  Monitor mobile devices DeepDroid On-device  Device Monitor  Bridge between the mobile device and Enterprise Policy Center  Privilege Enforcement  Authorises access privilege to apps  Permission Configurator - middleware  Process Creation Guard - kernel  Context Enforcement  Monitor resource access  Trace system calls to regulate app operations  Policy Engine  Stores and maintains policy rules

6 Evaluations & Results Functional EvaluationPortability Evaluation Performance Evaluation

7 Summary  Dynamic enterprise security policy enforcement scheme on Android  Memory instrumentation  Evaluation  Portable  Negligible performance overhead

8 Criticism  Collusion Attack  Combination of privileges to cause malicious behavior  Communication through a covert channel  Policy rules are user defined  In report assumed to be trustworthy  May not be the case, no tracking of policies

9 Questions????

Download ppt "DeepDroid Dynamically Enforcing Enterprise Policy Manwoong (Andy) Choi 6440429."

Similar presentations

User Authentication on Mobile Devices Google Two Factor Authentication OTP (One Time Password)

User Authentication on Mobile Devices Google Two Factor Authentication OTP (One Time Password)
MOOC on M4D 2013 I NTRODUCTION TO THE A NDROID P LATFORM Ashish Agrawal Indian Institute of Technology Kanpur.

MOOC on M4D 2013 I NTRODUCTION TO THE A NDROID P LATFORM Ashish Agrawal Indian Institute of Technology Kanpur.
© 2009 VMware Inc. All rights reserved VMware Horizon Mobile Intro - NetHope Deepak Puri Director Mobile Business Development +1 (415) 606-4416

© 2009 VMware Inc. All rights reserved VMware Horizon Mobile Intro - NetHope Deepak Puri Director Mobile Business Development +1 (415)
Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.

Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.
Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.

Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.

Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
Security and Personnel

Security and Personnel
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
William Enck, Machigar Ongtang, and Patrick McDaniel.

William Enck, Machigar Ongtang, and Patrick McDaniel.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
Authors: William Enck The Pennsylvania State University Peter Gilbert Duke University Byung-Gon Chun Intel Labs Landon P. Cox Duke University Jaeyeon Jung.

Authors: William Enck The Pennsylvania State University Peter Gilbert Duke University Byung-Gon Chun Intel Labs Landon P. Cox Duke University Jaeyeon Jung.
All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영 2015. 04. 21.

All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영

Similar presentations

Ads by Google