Presentation is loading. Please wait.

Presentation is loading. Please wait.

Machigar Ongtang, Stephen McLaughlin, William Enck, Patrick McDaniel Department of Computer Science and Engineering The Pennsylvania State University ACSCA.

Similar presentations


Presentation on theme: "Machigar Ongtang, Stephen McLaughlin, William Enck, Patrick McDaniel Department of Computer Science and Engineering The Pennsylvania State University ACSCA."— Presentation transcript:

1 Machigar Ongtang, Stephen McLaughlin, William Enck, Patrick McDaniel Department of Computer Science and Engineering The Pennsylvania State University ACSCA /12/8 1 Advanced Defense Laboratory

2 Outline IIntroduction SSmartphone Application Security AAndroid AApplication Policies SSAINT Policy SSAINT Architecture RRelated Work CConclusion 2009/12/8 2 Advanced Defense Laboratory

3 Introduction  Applications on mobile platform  Apple’s App Store Apple’s App Store  Android’s Market Android’s Market  BlackBerry App World BlackBerry App World  Android Security  Using permission label 2009/12/8Advanced Defense Laboratory 3

4 Introduction (cont.)  In Manifest.xml:  You can not use the functions which are not in your application permission 2009/12/8Advanced Defense Laboratory 4

5 Introduction (cont.)  Users are impossible to make good choices about the application permissions  The Android system protects the phone from malicious applications, but provides severely limited infrastructure for applications to protect themselves 2009/12/8Advanced Defense Laboratory 5

6 Introduction (cont.)  Android Security Framework  Permission Assignment Policy  Interface Exposure Policy  Interface Use Policy  Secure Application INTeraction (Saint) framework  Installation-time Policy  Runtime Policy 2009/12/8Advanced Defense Laboratory 6

7 Outline IIntroduction SSmartphone Application Security AAndroid AApplication Policies SSAINT Policy SSAINT Architecture RRelated Work CConclusion 2009/12/8 7 Advanced Defense Laboratory

8 Smartphone Application Security  Example: 2009/12/8Advanced Defense Laboratory 8 PeronalShopper only trust Secure Payment and Trust Checkout. Password vault app contain bugs in v1.1. So application needs the new version. If Ledger has the permission to access Internet, it might leak transaction info. PersonalShopper can get location info only if it holds the permissions.

9 Outline IIntroduction SSmartphone Application Security AAndroid AApplication Policies SSAINT Policy SSAINT Architecture RRelated Work CConclusion 2009/12/8 9 Advanced Defense Laboratory

10 Android 2009/12/8Advanced Defense Laboratory 10

11 Android (cont.)  Applications are ostensibly isolated  Android IPC : Binder and Intent Android IPC  ioctl driver  Intent Filter: 2009/12/8Advanced Defense Laboratory 11

12 Android (cont.)  Activity  Display on screen 2009/12/8Advanced Defense Laboratory 12

13 Android (cont.)  Service  Background process 2009/12/8Advanced Defense Laboratory 13

14 Android (cont.)  Broadcast Receiver  Asynchronous event notification 2009/12/8Advanced Defense Laboratory 14

15 Android (cont.)  Content Provider  Share data between applications  Do not use Intents  Use URI (Uniform Resource Identifier) 2009/12/8Advanced Defense Laboratory 15

16 Android (cont.)  Permission label in Android Permission label in Android  Normal  Dangerous  Signature  signatureOrSystem  Developers can define permission labels to access their interface  But developers indirectly influence security 2009/12/8Advanced Defense Laboratory 16

17 Outline IIntroduction SSmartphone Application Security AAndroid AApplication Policies SSAINT Policy SSAINT Architecture RRelated Work CConclusion 2009/12/8 17 Advanced Defense Laboratory

18 Application Policies  Policy Tree:  Double-stoke boxes is supported by Android 2009/12/8Advanced Defense Laboratory 18

19 Application Policies (cont.)  Signature-based policy (1.2)  Define set of except signatures  Configuration-based policy (1.3)  E.g., Application version and the set of request permissions 2009/12/8Advanced Defense Laboratory 19

20 Application Policies (cont.)  Signature-based policy (2.2)  Configuration-based policy (2.3)  Phone Context-based Policy (2.4) 2009/12/8Advanced Defense Laboratory 20

21 Application Policies (cont.)  Install-time Policy Example  com.abc.lbs with “QueryByLocation” service  Developer Permission: com.abc.perm.getloc  Permission: ACCESS_LOCATION  Runtime Policy Example  com.ok.shopper wants to check the payment application  Signature checks 2009/12/8Advanced Defense Laboratory 21

22 Outline IIntroduction SSmartphone Application Security AAndroid AApplication Policies SSAINT Policy SSAINT Architecture RRelated Work CConclusion 2009/12/8 22 Advanced Defense Laboratory

23 SAINT Policy 2009/12/8Advanced Defense Laboratory 23 Install-Time Run-Time

24 SAINT Policy (cont.)  Install-time Policy Example 2009/12/8Advanced Defense Laboratory 24

25 SAINT Policy (cont.)  Runtime Policy  Access policy  Identify the caller’s security requirements  Expose policy  Identify the callee’s security requirements  Saint is a “conjunctional default allow policy” 2009/12/8Advanced Defense Laboratory 25

26 SAINT Policy (cont.)  Runtime Policy Example 2009/12/8Advanced Defense Laboratory 26

27 SAINT Policy (cont.)  Administrative Policy  May users override the system/application policies?  Operational Policy 2009/12/8Advanced Defense Laboratory 27

28 Outline IIntroduction SSmartphone Application Security AAndroid AApplication Policies SSAINT Policy SSAINT Architecture RRelated Work CConclusion 2009/12/8 28 Advanced Defense Laboratory

29 SAINT Architecture  Saint Installer  PackageParser / PackageManager  Insert each policy into AppPolicy provider only if its permission label is declared by the application 2009/12/8Advanced Defense Laboratory 29

30 SAINT Architecture (cont.)  Saint Mediator 2009/12/8Advanced Defense Laboratory 30

31 SAINT Architecture (cont.)  AppPolicy Provider  SQLite  verifyPermissionGrant API  insertApplicationPolicy API  FrameworkPolicyManager  Only FrameworkPolicyManager can update AppPolicy provider 2009/12/8Advanced Defense Laboratory 31

32 Outline IIntroduction SSmartphone Application Security AAndroid AApplication Policies SSAINT Policy SSAINT Architecture RRelated Work CConclusion 2009/12/8 32 Advanced Defense Laboratory

33 Related Work  Kirin  Enforce install policies  Application Security Framework by OMTP  Certificate-based mechanism  Symbian  Symbian-signed 2009/12/8Advanced Defense Laboratory 33

34 Related Work (cont.)  Linux Security Module (LSM) Framework  Isolation  SELinux on OpenMoko  Rao et al.  MAC system  Windows Mobile.Net  Bind each application to a behavioral profile enforced at runtime 2009/12/8Advanced Defense Laboratory 34

35 Outline IIntroduction SSmartphone Application Security AAndroid AApplication Policies SSAINT Policy SSAINT Architecture RRelated Work CConclusion 2009/12/8 35 Advanced Defense Laboratory

36 Conclusion  Saint framework  Install-time and runtime policy enforcement 2009/12/8Advanced Defense Laboratory 36


Download ppt "Machigar Ongtang, Stephen McLaughlin, William Enck, Patrick McDaniel Department of Computer Science and Engineering The Pennsylvania State University ACSCA."

Similar presentations


Ads by Google