Presentation is loading. Please wait.

Presentation is loading. Please wait.

L.C.Smith College of Engineering and Computer Science Efficient, Context-Aware Privacy Leakage Confinement for Android Applications without Firmware Modding.

Published byDale Boone Modified over 8 years ago

Similar presentations

Presentation on theme: "L.C.Smith College of Engineering and Computer Science Efficient, Context-Aware Privacy Leakage Confinement for Android Applications without Firmware Modding."— Presentation transcript:

1 L.C.Smith College of Engineering and Computer Science Efficient, Context-Aware Privacy Leakage Confinement for Android Applications without Firmware Modding Mu Zhang Heng Yin Department of EECS, Syracuse University 1

2 Motivation: We need a practical solution for privacy leakage confinement in Android What does a practical solution mean? – Information-flow based security Most of existing solutions are end-point solutions – Context-aware policy enforcement Existing solutions are all-or-nothing protection – No firmware modding All existing solutions require firmware modding – Low runtime overhead Taint tracking is slow! 2

3 Capper: Context-Aware Privacy Policy Enforcement with Re-writing Key Techniques – Bytecode Rewriting for Information Flow Tracking and Control – Context-aware Policy Enforcement 3

4 BRIFT : Bytecode Rewriting for Information Flow Tracking and Control Key: to place minimally required code into a bytecode program to accurately keep track of privacy leakage. Resources DEX Android App Translation IR Static Analysis Slices Static Instrumentation New IR Optimization Optimized IR Code Generation Resources DEX’ New App 4

5 BRIFT : Some Technical Details Static Data-flow Analysis – Similar to CHEX[Lu et al. CCS’12] – Discover entry points, compute program splits, and perform permutation on the splits Static Instrumentation – Create shadow variables – Insert taint propagation statements – Pass shadow parameters across function boundary Optimization – Remove unnecessary shadow parameters – Lift taint propagation logic into the function caller – Other built-in optimizations, such as constant propagation, dead code elimination, etc. 5

6 BRIFT : A Running Example 1 public class Leakage extends Activity{ 2 private byte key = DEFAULT_KEY; 3 private String addr = DEFAULT_ADDR; 4 private static String deviceId; 5 6 public String getIMEI (){ 7 TelephonyManager manager = (TelephonyManager) getSystemService(“phone”); 8 String imei = manager.getDeviceId(); 9 if(imei==null){ 10 imei = “”; 11 }else{ 12 imei = manager.getDeviceId(); 13 } 14 return imei; 15 } 16 17 public byte crypt(byte plain){ 18 return (byte)(plain ^ key); 19 } 20 21 public void post (String addr, byte[] bytes ){ 22 OutputStream output = conn.getOutputStream(); 23 output.write( bytes, 0, bytes.length); 24... 25 } 26 27 public void toastIMEI(String imei){ 28 Context app = getApplicationContext(); 29 String text = “Your IMEI is ” + imei; 30 int duration = Toast.LENGTH_SHORT; 31 Toast toast = Toast.makeText(app, text, duration); 32 toast.show(); 33 } 34 35 public void onStart (){ 36 Leakage.deviceId = getIMEI (); 37 } 38 39 public void onResume(){ 40 toastIMEI(Leakage.deviceId); 41 } 42 43 public void onDestroy (){ 44 String imei = Leakage.deviceId; 45 byte[] bytes = location.getBytes(); 46 for(int i=0; i<bytes.length; i++) 47 bytes[i] = crypt(bytes[i]); 48 } 49 post ( addr, bytes ); 50 } 51} 6

7 BRIFT: the Rewritten Program 7 1 public class Leakage extends Activity{... 4 private static String deviceId; I public static boolean deviceId_s0_t;... BoolWrapper ret_s0_wrapper 6 public String getIMEI(BoolWrapper ret_s0_wrapper){... 8 String imei = manager.getDeviceId(); 9 if(imei==null){ 10 imei = “”; I imei_s0_t = false; 11 }else{ 12 imei = manager.getDeviceId(); I imei_s0_t = true; 13 } I ret_s0_wrapper.status = imei_s0_t; 14 return imei; 15 }... 21 public void post(String addr, byte[] bytes, BoolWrapper bytes_s0_w){ BoolWrapper bytes_s0_w){ I boolean bytes_s0_t = bytes_s0_wrapper.status; 22 OutputStream output = conn.getOutputStream(); I boolean isAllow = false; I if(bytes_s0_t == true) I isAllow = queryPolicyService(0, 0, addr); I if(isAllow) 23 output.write(bytes, 0, bytes.length);} I else{} I else{...} 24... 25 }... 35 public void onStart(){ I BoolWrapper ret_s0_wrapper = new BoolWrapper(); I ret_s0_wrapper.status = false; ret_s0_wrapper 36 Leakage.deviceId = getIMEI(ret_s0_wrapper); I Leakage.deviceId_s0_t = ret_s0_wrapper.status; 37 }... 43 public void onDestroy(){ 44 String imei = Leakage.deviceId; 45 byte[] bytes = imei.getBytes(); I boolean bytes_s0_t = Leakage.deviceId_s0_t; 46 for(int i=0,; i< bytes.length; i++){ 47 bytes[i] = crypt(bytes[i]); I bytes_s0_t = bytes_s0_t || false; 48 } I BoolWrapper bytes_s0_wrapper = new BoolWrapper(); I bytes_s0_wrapper.status = bytes_s0_t; P BoolWrapper url_s0_w = new BoolWrapper(); 49 post(addr, bytes, bytes_s0_wrapper); 50 } 51 } See more details in our NDSS’14 paper

8 Context-Aware Policy: How to model the context of an information flow Taint Propagation Trace – Heavy-weight – Overly precise Source and Sink Call-sites – Light-weight – Mimicry attack? Parameterized Source and Sink Pairs 8

9 Evaluation: Overview 4723 apps real-world apps evaluated – 1414 (33%) are risky (may leak information) – Increase of Program Size – Runtime Performance of Analysis and Rewriting – Runtime Overhead – Effectiveness 9

10 Related Work Extend install-time constraints – Kirin, CCS’09; Saint, ACSAC’09 Enforce finer-grained/flexible permissions – MockDroid, HotMobile’11; CRePE, ISC’10; Apex, ASIACCS’10; TISSA, TRUST’11 Improve isolations – Cells, SOSP’11; SPSM’11; AdSplit, Usenix Security’12 Ask for user approval – Livshits and Jung, Usenix Security’13; Aurasium, Usenix Security’12 Information flow based solution – TaintDroid, OSDI’10; AppFence, CCS’11 10

11 Conclusion: We achieved four goals G1: Information-flow based security – Yes, we track sensitive information flow by rewriting G2: Context-aware policy enforcement – Yes, we model the context of an information flow, and bind this context with user’s decision G3: No firmware modding – Yes, we only rewrite apps and install a policy service G4: Low runtime overhead – Yes, we only insert a minimal amount of code to keep track of sensitive information flow 11

12 Questions? 12

13 Related Work [1] W. Enck, M. Ongtang, and P. McDaniel. On Lightweight Mobile Phone Application Certification. In Proceedings of CCS’09. [2] M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel. Semantically Rich Application-Centric Security in Android. In Proceedings of ACSAC’09. [3] A. R. Beresford, A. Rice, N. Skehin, and R. Sohan. MockDroid: Trading Privacy for Application Functionality on Smartphones. In Proceedings of HotMobile’11. [4] M. Conti, V. T. N. Nguyen, and B. Crispo. CRePE: Context-Related Policy Enforcement for Android. In Proceedings of ISC’10. [5] M. Nauman, S. Khan, and X. Zhang. Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints. In Proceedings of ASIACCS’10. [6] Y. Zhou, X. Zhang, X. Jiang, and V. W. Freeh. Taming Information-Stealing Smartphone Applications (on Android). In Proceedings of TRUST’11. [7] J. Andrus, C. Dall, A. V. Hof, O. Laadan, and J. Nieh. Cells: A Virtual Mobile Smartphone Architecture. In Proceedings of SOSP’11. [8] M. Lange, S. Liebergeld, A. Lackorzynski, A. Warg, and M. Peter. L4Android: A Generic Operating System Framework for Secure Smartphones. In Proceedings of SPSM’11. [9] S. Shekhar, M. Dietz, and D. S. Wallach. AdSplit: Separating Smartphone Advertising from Applications. In Proceedings of Usenix Security ’12. [10] B. Livshits and J. Jung. Automatic Mediation of Privacy-Sensitive Resource Access in Smartphone Applications. In Proceedings of Usenix Security’13. [11] R. Xu, H. Saïdi, and R. Anderson. Aurasium: Practical Policy Enforcement for Android Applications. In Proceedings of USENIX Security’12. [12] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of OSDI’10. [13] P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall. These Aren’t The Droids You’re Looking For: Retrofitting Android to Protect Data from Imperious Applications. In Proceedings CCS’11. 13

Download ppt "L.C.Smith College of Engineering and Computer Science Efficient, Context-Aware Privacy Leakage Confinement for Android Applications without Firmware Modding."

Similar presentations

Enhancing Users’ Comprehension of Android Permissions Liu Yang, Nader Boushehrinejad, Pallab Roy, Vinod Ganapathy, Liviu Iftode Department of Computer.

Enhancing Users’ Comprehension of Android Permissions Liu Yang, Nader Boushehrinejad, Pallab Roy, Vinod Ganapathy, Liviu Iftode Department of Computer.
Aurasium: Practical Policy Enforcement for Android Applications

Aurasium: Practical Policy Enforcement for Android Applications
L.C.Smith College of Engineering and Computer Science AppSealer : Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking.

L.C.Smith College of Engineering and Computer Science AppSealer : Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking.
Compiler Optimized Dynamic Taint Analysis James Kasten Alex Crowell.

Compiler Optimized Dynamic Taint Analysis James Kasten Alex Crowell.
2014 Network and Distributed System Security Symposium AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijecking.

2014 Network and Distributed System Security Symposium AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijecking.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.

Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.
Mobile Security: Android Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the last slide.

Mobile Security: Android Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the last slide.
William Enck, Peter Gilbert, Byung-Gon Chun, Landon P

William Enck, Peter Gilbert, Byung-Gon Chun, Landon P
Machigar Ongtang, Stephen McLaughlin, William Enck, Patrick McDaniel Department of Computer Science and Engineering The Pennsylvania State University ACSCA.

Machigar Ongtang, Stephen McLaughlin, William Enck, Patrick McDaniel Department of Computer Science and Engineering The Pennsylvania State University ACSCA.
Rootkits on Smart Phones: Attacks, Implications and Opportunities Jeffrey Bickford, Ryan O’Hare, Arati Baliga, Vinod Ganapathy, and Liviu Iftode Department.

Rootkits on Smart Phones: Attacks, Implications and Opportunities Jeffrey Bickford, Ryan O’Hare, Arati Baliga, Vinod Ganapathy, and Liviu Iftode Department.
Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.

Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.

Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson.
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.
1 Low Overhead Program Monitoring and Profiling Department of Computer Science University of Pittsburgh Pittsburgh, Pennsylvania 15260 {naveen,

1 Low Overhead Program Monitoring and Profiling Department of Computer Science University of Pittsburgh Pittsburgh, Pennsylvania {naveen,
ReferencesReferences DiscussionDiscussion Vulnerability Example: SQL injection Auditing Tool for Eclipse LAPSE: a Security Auditing Tool for Eclipse IntroductionIntroductionResultsResults.

ReferencesReferences DiscussionDiscussion Vulnerability Example: SQL injection Auditing Tool for Eclipse LAPSE: a Security Auditing Tool for Eclipse IntroductionIntroductionResultsResults.
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.

LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.
Polyglot: An Extensible Compiler Framework for Java Nathaniel Nystrom, Michael R. Clarkson, and Andrew C. Myers Presentation by Aaron Kimball & Ben Lerner.

Polyglot: An Extensible Compiler Framework for Java Nathaniel Nystrom, Michael R. Clarkson, and Andrew C. Myers Presentation by Aaron Kimball & Ben Lerner.

Similar presentations

Ads by Google