Presentation is loading. Please wait.

Presentation is loading. Please wait.

On the Effectiveness of API-Level Access Control Using Bytecode Rewriting in Android Presenter: Lu Gong.

Published byGustavo Atchley Modified over 9 years ago

Similar presentations

Presentation on theme: "On the Effectiveness of API-Level Access Control Using Bytecode Rewriting in Android Presenter: Lu Gong."— Presentation transcript:

1 On the Effectiveness of API-Level Access Control Using Bytecode Rewriting in Android Presenter: Lu Gong

2 Authors Students: Hao Hao, Vicky Singh Professor: Wenliang (Kevin) Du Dept. of EE & CS, Syracuse University, New York 1

3 The Conference AsiaCCS: –ACM Symposium on Information, Computer and Communications Security Rank C in the CCF recommendation list –Network and Information Security 2

4 The paper The first systematic study on the effectiveness of using bytecode rewriting for API-level access control Cited by: –Structural detection of android malware using embedded call graphs (AISec ’13) –Compac: Enforce Component-Level Access Control in Android (ACM CodaSpy ’14) 3

5 Background (1/3) Bytecode rewriting –Use static analysis to identify sensitive API calls –Instrument bytecode to control access –Aim at implement fine-grained access control 4

6 Background (2/3) API-Level Access Control 5

7 Background (3/3) Method invocation instructions: –invoke-virtual: used to invoke a normal virtual method –invoke-direct: used to invoke either a private instance method or a constructor –invoke-static: used to invoke a static method –invoke-interface: used to invoke an interface method on an object whose concrete class is not known –invoke-super: used to invoke the closest superclass’ virtual method 6

8 Scoping (1/5) Two kinds of byte-code rewrite mechanisms: 1.Put the reference monitor in another service 2.Put the reference monitor within the application Only focus on the second approach –Because the first one is fail-safe 7

9 Scoping (2/5) Assumption –The application either do not have native code or their native code is blocked from being executed Reasons –Native code is running in the same process space as DVM –With native code, the app can easily tamper the DVM state, thus byte-code rewriting is useless 8

10 Scoping (3/5) Privileged resources –Hardware devices –Kernel data –Data from another process space Ways to access them –System calls –Inter-process communication 9

11 Scoping (4/5) 10

12 Scoping (5/5) Concealing API usage (the 4 th attack) is possible –Java reflection –Dynamic binding 11

13 Prelude (1/2) Byte-code rewriting for a non-final class 12

14 Prelude (2/2) Byte-code rewriting for a final class 13

15 Methodology 1.Study all possible attacks against bytecode rewriting 2.Give deeper insight into the attacks 3.Make recommendations on how to defend against these attacks 14

16 Exploit JNI Naming Convention 15

17 The JNI naming convention 16

18 Dynamic binding 17

19 The problem Java_MyClass_my_1Func MyClass.my.1Func() MyClass.my_Func() 18

20 Case study 19

21 Recommendations If any names starts with numbers, bytecode rewriter should remove the digit as it is illegal. 20

22 Exploit Java Class Reloading 21

23 Example 22

24 Case Study (1/2) 23

25 Case Study (2/2) 24

26 25

27 Recommendations Stop application’s Java code from reloading preloaded Android core classes –BaseDexClassLoader.findClass() –DexFile.loadClass() 26

28 Exploit Customized RPC stubs 27

29 Case Study (1/2) 28

30 Case Study (2/2) 29

31 30

32 Recommendation Apply API-level access control on android.os.ServiceManager.getService() Alternative: rewrite android.os.Binder 31

33 Conclusion Although all problems are fixable, more static analysis and dynamic checking should be performed while byte-code rewriting 32

34 Thank you

Download ppt "On the Effectiveness of API-Level Access Control Using Bytecode Rewriting in Android Presenter: Lu Gong."

Similar presentations

Operating Systems Components of OS

Operating Systems Components of OS
New Security Issues Raised by Open Cards Pierre GirardJean-Louis Lanet GERMPLUS R&D.

New Security Issues Raised by Open Cards Pierre GirardJean-Louis Lanet GERMPLUS R&D.
Operating System Structures

Operating System Structures
Syracuse University, New York, USA

Syracuse University, New York, USA
DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis Lok Kwong Yan, and Heng Yin Syracuse University.

DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis Lok Kwong Yan, and Heng Yin Syracuse University.
Wenliang Du Syracuse University Vicky Singh Syracuse University Hao Syracuse University.

Wenliang Du Syracuse University Vicky Singh Syracuse University Hao Syracuse University.
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.

Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.
1 Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code (DOME) Subha Ramanathan & Arun Krishnamurthy Nov 15, 2005.

1 Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code (DOME) Subha Ramanathan & Arun Krishnamurthy Nov 15, 2005.
Implementing Remote Procedure Calls Andrew Birrell and Bruce Nelson Presented by Kai Cong.

Implementing Remote Procedure Calls Andrew Birrell and Bruce Nelson Presented by Kai Cong.
New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.

New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.
Remote Method Invocation Chin-Chih Chang. Java Remote Object Invocation In Java, the object is serialized before being passed as a parameter to an RMI.

Remote Method Invocation Chin-Chih Chang. Java Remote Object Invocation In Java, the object is serialized before being passed as a parameter to an RMI.
Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.

Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.
CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.

CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 DISTRIBUTED SYSTEMS.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
CS 206 Introduction to Computer Science II 01 / 23 / 2009 Instructor: Michael Eckmann.

CS 206 Introduction to Computer Science II 01 / 23 / 2009 Instructor: Michael Eckmann.
R ETRO S KELETON : R ETROFITTING A NDROID A PPS Benjamin Davis, Hao Chen University of California, Davis MobiSys 2013.

R ETRO S KELETON : R ETROFITTING A NDROID A PPS Benjamin Davis, Hao Chen University of California, Davis MobiSys 2013.
CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.

CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
Presentation By Deepak Katta

Presentation By Deepak Katta
Efficient Privilege De-Escalation for Ad Libraries in Mobile Apps Bin Liu (SRA), Bin Liu (CMU), Hongxia Jin (SRA), Ramesh Govindan (USC)

Efficient Privilege De-Escalation for Ad Libraries in Mobile Apps Bin Liu (SRA), Bin Liu (CMU), Hongxia Jin (SRA), Ramesh Govindan (USC)

Similar presentations

Ads by Google