Presentation is loading. Please wait.

Presentation is loading. Please wait.

ANDROID ACCESS CONTROL Presented by: Justin Williams Masters of Computer Science Candidate.

Published byNeal Atkinson Modified over 7 years ago

Similar presentations

Presentation on theme: "ANDROID ACCESS CONTROL Presented by: Justin Williams Masters of Computer Science Candidate."— Presentation transcript:

1 ANDROID ACCESS CONTROL Presented by: Justin Williams Masters of Computer Science Candidate

2 Introduction  Android is a widely used open source Operating system for mobile devices.  Has become one of the worlds most popular mobile platform.  Although originally designed for smartphones, it now powers tablets, TVs, and other devices.

3 Access Control  Access Control is a security technique that can be used to regulate who or what can view or use resources in a computing environment.  Normally, a user must first Login to a system, using some Authentication system. subject: a user object: a piece of data or a resource.

4 Linux Access Control  Discretionary Access Control (DAC) is the standard security model for Linux.  Access privileges are based on the user identity and object ownership.  Access to data is entirely at the discretion of the owner/creator of the data. A Strength of DAC Flexible

5 Mandatory Access Control  MAC is a system-wide policy which decides who is allowed to have access.  Relies on the system to control access.  Individual users cannot alter that access

6 DAC and MAC together  MAC controls do not interfere with the DAC controls.  The kernel validates access using the DAC permissions before checking the MAC permissions.  If the DAC permissions result in a permissions violation, then the MAC permissions are never checked.

7 DAC and MAC together cont.  The kernel will authorize access to MAC permissions only if DAC pass  If the DAC and the MAC permissions pass, then the kernel resource (for example, a file descriptor) is sent back to user space.

8 SELinux  Security Enhanced Linux (SELinux), is a kernel security model that supports mandatory access control (MAC).  Enforces the separation of information based on confidentiality and integrity requirements  This limits potential harm from data that could become compromised

9 SELinux Cont.  SELinux has been implemented as part of the Linux Security Module (LSM) framework, which recognizes various kernel objects, and sensitive actions performed on them.  LSM hook function is called to determine whether or not the action should be allowed.

10 The steps in the decision making chain for DAC and MAC are shown below:

11 Android Architecture  Software stack comprising of:  applications, an operating system, run-time environment, middleware, services and libraries.  Each layer of the stack are tightly integrated and carefully tuned  provides the optimal application development and execution environment for mobile devices.

12 The Android Software Stack

13 Linux Functions in Android  Android was built on the existing and familiar Linux kernel  Security based on Linux Discretionary Access Control. Has some significant different functions  instead of each user having a unique ID, each process or application has their own UID.

14 Androids use of DAC  Isolates apps from each other  At install and Unique user and group ID is provided  no app can access the private files of an application without the same GID or via binder

15 Sandboxing  A mechanism for separating running processes.  Prevents an Android app to access the data of another app  reduces vulnerability to malicious attacks or exploitation from vulnerable applications.

16 Androids use of MAC  Because of some vulnerabilities that existed with DAC  SELinux was introduced to android, attaching Mandatory Access Control (MAC) to the system.  The MAC policy is only consulted if the DAC allows access to a resource.  If the DAC denies access (for example, based on file permissions), denial is taken as the final security decision.

17 SELinux  Controls that gives a structure to ensure software runs only at the minimum privilege level.  This mitigates the effects of attacks and reduces the likelihood of badly behaved processes overwriting or even transmitting data.

18 Selinux + Android  SELinux decisions are based fundamentally on labels assigned to these objects and the policy defining how they may interact.  Labels determine what is allowed. Sockets, files, and processes all have labels in SELinux.

19 The impact of SELinux  Strongly enforces Sandboxing which helps preventing privilege escalation by apps.  Prevent data leakage by apps.  Prevent bypass of security features.  Enforce legal restrictions on data.  Protect integrity of apps and data.  Beneficial for consumers, businesses, and government.

20 Applications  Every Android application runs in its own process  with its own instance of the Dalvik virtual machine, which ensures further isolation  The package manager is responsible for issuing UIDs to applications at install

21 Application signing  Android requires every application to be signed.  The main purpose of application signing is to distinguish applications from one to another.  Developers always do the signing with their own private keys, which are supposed to stay secret

22 Applications Cont.  An app can request permission to access device data such as the user's contacts, SMS messages, the mountable storage (SD card), camera, Bluetooth, and more.

23 Android Permissions  Permissions are strings that denote the ability to perform a particular action  Because each app is sandbox  applications request specific permissions in order to interact with other apps or the system.  request permissions by defining them in the AndroidManifest.xml file.

24 Android Permissions Cont.  At application install time, Android inspects the list of requested permissions and decides whether to grant them or not.  For instance, an online game can never really be connected to the internet if it is found missing a internet connection permission.

25 Enforcement of Permissions  Linux Kernel  Small number of permissions are checked by Linux Kernel Some permissions are assigned to Linux Groups Apps that requested these permissions are assigned to these groups Linux automatically enforces the access to the resources that belong to this group  Android APIs  Most of permissions are checked by Android APIs (ad-hoc)  When an API is invoked, the API checks if the caller has the permissions checkCallingPermission()

26 How do Apps communicate?  Android apps and system services run in separate processes for security, stability, and memory management reasons, but they need to communicate and share data.  Inter-process communication (IPC) is a framework for the exchange of signals and data across multiple processes.  IPC is used for message passing, synchronization, shared memory, and remote procedure calls (RPC).  It enables information sharing, computational speedup, modularity, convenience, privilege separation, data isolation, stability.

27

28 Android Protection Levels  A parameter of a permission  needs to be specified when defining our own permissions.  Each level of protection enforces a different security policy. Permission Groups Normal Protect access to API calls that not harmful to users (e.g. Wall Paper) Dangerous Harmful APIs that may gather private info or spend money (text message, contacts) Signature Only granted to applications that are signed by same certificate as app SignatureorSystem APIs that change the Android system itself (e.g. uninstalling an app) Apps need to be signed with device manufacturer’s certificate  DEMO: Android Debug Bridge (ADB)  pm list permissions -f

29 Androids Permission: Permission Groups  Permissions belong to a group  Demo: List all permission-groups  pm list permission-groups  List all the packages  pm list packages –f  Finding the permissions of an app  dumpsys package dumpsys package com.android.browser

30 When Permissions Are Checked?  API calls requires permission.  User data is stored in Content Providers.  Permission may be required to access these data. E.g. READ_CONTACT permission is needed to read contacts content provider.  Send/Receive Intents requires permissions.

31 Permission Enforcement in API calls  API implementation calls the permission validation mechanism to check that the invoking application has the necessary permissions.  Most common case  Based on Linux Groups  Small number of permissions  When an application is installed with these permissions they are assigned to Linux group that has access to the pertinent sockets and files. Linux Kernel enforces the access control policy for these permissions.  e.g. INTERNT, Write_External_Storage, Bluetooth  DEMO: ps cat /proc/ /status Id command

32

Download ppt "ANDROID ACCESS CONTROL Presented by: Justin Williams Masters of Computer Science Candidate."

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Operating System Security

Operating System Security
Presented By Abhishek Singh Computer Science Department Kent state University WILLIAM ENCK, MACHIGAR ONGTANG, AND PATRICK MCDANIEL.

Presented By Abhishek Singh Computer Science Department Kent state University WILLIAM ENCK, MACHIGAR ONGTANG, AND PATRICK MCDANIEL.
Chap 2 System Structures.

Chap 2 System Structures.
Operating-System Structures

Operating-System Structures
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.

Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
Access Control Methodologies

Access Control Methodologies
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.

Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
ANDROID PROGRAMMING MODULE 1 – GETTING STARTED

ANDROID PROGRAMMING MODULE 1 – GETTING STARTED
Linux Security.

Linux Security.
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Introduction to Android Swapnil Pathak www.SecurityXploded.com Advanced Malware Analysis Training Series.

Introduction to Android Swapnil Pathak Advanced Malware Analysis Training Series.
Byron Alleman Will Galloway Jesse McCall. Permission Based Security Model Users can only use features for which their permissions grant them access Abstracts.

Byron Alleman Will Galloway Jesse McCall. Permission Based Security Model Users can only use features for which their permissions grant them access Abstracts.
All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영 2015. 04. 21.

All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영

Similar presentations

Ads by Google