Presentation is loading. Please wait.

Presentation is loading. Please wait.

Challenges.

Published byLee Shaw Modified over 8 years ago

Similar presentations

Presentation on theme: "Challenges."— Presentation transcript:

1 Challenges

2 Android’s Access Control
The lack of isolations between apps Malware can make use of IPC (Inter-Process Communication) ways like Binder to attack benign APPs. Static permissions Permissions can neither be dynamically modified by users, nor be adaptable to circumstances (like locations). Poor security for underlying system components Low-level protections or mechanisms such as SEAndroid, root permission, database, etc can still be compromised.

3 Thoughts and Solutions

4 Android’s Access Control
Security Isolations Samsung and KAIST proposed the concepts of Rich Execution Environment (REE) and Trusted Execution Environment (TEE), security channels have been established to guarantee secure communication between untrusted code and trusted code. (SeCReT, NDSS’15) ZJU proposed a lightweight virtualization solution for Android devices called Condroid ( This work improves the Cell work proposed in SOSP’11 by modifying framework layer instead of kernel layer for better compatibility with Android. (LXC, IEEE TC, Jan 2015) Condroid Architecture Architecture of REE and TEE

5 Android’s Access Control
Dynamic Permissions Purdue University proposed Context-Based Access Control (CBAC) model. It can be used to express different policies under multiple contexts (time and location). This work is a support for Bring Your Own Device (BYOD) scenario. (CBAC, TDSC, Mar 2015) PSU proposed SemaDroid, A privacy-aware sensor management framework for Smartphones. This work introduces Quality of Service (QoS) theory and presents fine-grained restrictions on sensor permissions. (SemaDroid, CODASPY’15) CBAC Model SemaDroid Architecture

6 Android’s Access Control
Security Enhancement for Android Components SamSung Research America and NCSU proposed EASEAndroid, an automatic analysis platform for SEAndroid policy based on Large-Scale Semi-Supervised Learning (LS3L). It can be used to assist security experts to refine existing access control policies. (EASEAndroid, USENIX Security’15) University of Bergamo in Italy proposed SESQLite, a security enhancement for SQLite based on SELinux. Security labels are enforced on tables, rows and columns to achieve better granularity of Mandatory Access Control (MAC). The policy for SESQLite is compatible with SEAndroid’s and can be integrated with the latter. (SESQLite, ACSAC’15) EASEAndroid Architecture SESQLite Architecture Overview

Download ppt "Challenges."

Similar presentations

Operating System Security

Operating System Security
ASM: A Programmable Interface for Extending Android Security Research by: Stephan Heuser, Adwair Nadkarni, William Enck, Ahmad-Reza Sadeghi From NC State.

ASM: A Programmable Interface for Extending Android Security Research by: Stephan Heuser, Adwair Nadkarni, William Enck, Ahmad-Reza Sadeghi From NC State.
Trusted Ring: A Security Enhancing Software Architecture Michael DiRossi, Inventor The Johns Hopkins University Applied Physics Laboratory.

Trusted Ring: A Security Enhancing Software Architecture Michael DiRossi, Inventor The Johns Hopkins University Applied Physics Laboratory.
Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.

Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.

Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
An Evaluation of the Google Chrome Extension Security Architecture

An Evaluation of the Google Chrome Extension Security Architecture
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,

Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.
Pervasive Computing Framework development Kartik Vishwanath Arvind S. Gautam Rahul Gupta Sachin Singh.

Pervasive Computing Framework development Kartik Vishwanath Arvind S. Gautam Rahul Gupta Sachin Singh.
Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.

Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.

Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
Towards Application Security On Untrusted OS

Towards Application Security On Untrusted OS
Emerging Research Dimensions in IT Security Dr. Salar H. Naqvi Senior Member IEEE Research Fellow, CoreGRID Network of Excellence European.

Emerging Research Dimensions in IT Security Dr. Salar H. Naqvi Senior Member IEEE Research Fellow, CoreGRID Network of Excellence European.
Presented by, Sai Charan Obuladinne MYSEA Technology Demonstration.

Presented by, Sai Charan Obuladinne MYSEA Technology Demonstration.
DAN WALLACH, RICE UNIVERSITY PRESENTED BY: FERAS AL TAROUTI Smartphone Security: Trends and Predictions.

DAN WALLACH, RICE UNIVERSITY PRESENTED BY: FERAS AL TAROUTI Smartphone Security: Trends and Predictions.
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

Similar presentations

Ads by Google