Presentation on theme: "Machigar Ongtang, Stephen McLaughlin, William Enck, Patrick McDaniel Department of Computer Science and Engineering The Pennsylvania State University ACSCA."— Presentation transcript:
Machigar Ongtang, Stephen McLaughlin, William Enck, Patrick McDaniel Department of Computer Science and Engineering The Pennsylvania State University ACSCA 2009 2009/12/8 1 Advanced Defense Laboratory
Introduction Applications on mobile platform Apple’s App Store Apple’s App Store Android’s Market Android’s Market BlackBerry App World BlackBerry App World Android Security Using permission label 2009/12/8Advanced Defense Laboratory 3
Introduction (cont.) In Manifest.xml: You can not use the functions which are not in your application permission 2009/12/8Advanced Defense Laboratory 4
Introduction (cont.) Users are impossible to make good choices about the application permissions The Android system protects the phone from malicious applications, but provides severely limited infrastructure for applications to protect themselves 2009/12/8Advanced Defense Laboratory 5
Smartphone Application Security Example: 2009/12/8Advanced Defense Laboratory 8 PeronalShopper only trust Secure Payment and Trust Checkout. Password vault app contain bugs in v1.1. So application needs the new version. If Ledger has the permission to access Internet, it might leak transaction info. PersonalShopper can get location info only if it holds the permissions.
Application Policies Policy Tree: Double-stoke boxes is supported by Android 2009/12/8Advanced Defense Laboratory 18
Application Policies (cont.) Signature-based policy (1.2) Define set of except signatures Configuration-based policy (1.3) E.g., Application version and the set of request permissions 2009/12/8Advanced Defense Laboratory 19
SAINT Architecture Saint Installer PackageParser / PackageManager Insert each policy into AppPolicy provider only if its permission label is declared by the application 2009/12/8Advanced Defense Laboratory 29
SAINT Architecture (cont.) Saint Mediator 2009/12/8Advanced Defense Laboratory 30
SAINT Architecture (cont.) AppPolicy Provider SQLite verifyPermissionGrant API insertApplicationPolicy API FrameworkPolicyManager Only FrameworkPolicyManager can update AppPolicy provider 2009/12/8Advanced Defense Laboratory 31
Related Work Kirin Enforce install policies Application Security Framework by OMTP Certificate-based mechanism Symbian Symbian-signed 2009/12/8Advanced Defense Laboratory 33
Related Work (cont.) Linux Security Module (LSM) Framework Isolation SELinux on OpenMoko Rao et al. MAC system Windows Mobile.Net Bind each application to a behavioral profile enforced at runtime 2009/12/8Advanced Defense Laboratory 34
Your consent to our cookies if you continue to use this website.