Presentation is loading. Please wait.

Presentation is loading. Please wait.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson.

Published byJanis Reeves Modified over 9 years ago

Similar presentations

Presentation on theme: "Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson."— Presentation transcript:

1 Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson

2 Goal  Address the multiple threats posed by malicious applications on Android

3 Introduction to Android  Security Features  Process Isolation  Linux user/group permission  App requests permission to OS functionalities  Most checked in remote end i.e. system services  A few (Internet, Camera) checked in Kernel, as special user group

4 Introduction to Android

5 Malicious Android Apps  Abuse permissions:  Permissions are granted for as long as an App is installed on a device  No restrictions on how often resources and data are accessed  Access and transmit private data  Access to malicious remote servers  Application-level privilege escalation  Confused deputy attacks

6 Motivation & Related work  App vetting: Google’s Bouncer  40% decrease in malware  Ineffective once App installed on the device  Static/dynamic analysis  Code coverage – dynamic  Performance penalty – static  Hard to assert the malicious behavior  OS Modification: insert monitoring modules at key interfaces (TaintDroid, Quire)  Virtualization (L4Android)  Require modification to the OS  Scalability

7 Related Approaches

8 Solution: Aurasium  Repackage Apps to intercept all Interactions with the OS

9 Problems  Please list three major methods to detect/prevent application’s malicious behavior:  Static/dynamic analysis  OS modification  Virtualization

10 Aurasium Internals  Problems to Solve  Introducing alien code to repackage arbitrary application  Reliably and completely intercepting application privacy access behavior  Policy policies

11 Aurasium Internals  How to add code to existing applications  Android application building and packaging process

12 Aurasium Internals  How to add code to existing applications  apktool

13 Enforcing Security & Privacy Policy  Aurasium way  Per-application basis  No need to root phone and flash firmware  Almost non-bypassable

14 Aurasium Internals  How to Intercept  A closer look at app process

15 Aurasium Internals  How to Intercept  Example: Socket Connection

16 Aurasium Internals  How to Intercept  Example: Send SMS

17 Aurasium Internals  How to Intercept  Intercept at lowest boundary – libc.so

18 Aurasium Internals  How to Intercept  Look closer at library calls - dynamic linking

19 Aurasium Internals  How to Intercept  Key: Dynamically linked shared object file  Essence: Redo dynamic linking with pointers to our detour code.

20 Aurasium Internals  How to Intercept  Implemented in native code  Almost non-bypassable  Java code cannot modify arbitrary memory  Java code cannot issue syscall directly  Attempts to load native code is monitored  dlopen()

21 What can you do with Aurasium?  Total visibility into the interactions of an App with the OS and other Apps  Internet connections  connect()  IPC Binder communications  ioctl()  File system manipulations  write(), read()  Access to resources  Ioctl(), read, write()  Process management  fork(), execvp()

22 Aurasium Internals  How to add code to existing applications  Inevitably destroy original signature  In Android, signature = authorship  Individual app not a problem

23 Evaluation

24

25

26

27

28  Tested on Real-world Apps  3491 apps from third-party application store.  1260 malware corpus from Android Genome.  Results  Repackaging:  3476/3491 succeed (99.6%/99.8%)  Failure mode: apktool/baksmali assembly crashes  Device runs  Nexus S under Monkey – UI Exerciser in SDK  Intercept calls from all of 3189 runnable application

29 Problem  List the system calls related with:  IPC  ioctl()  File operation  read(), write()  Process management  fork(), execvp()

30 Limitations  99.9% is not 100% (even larger failure percentage now)  Rely on robustness of apktool  Manual edit of Apps as a workaround  Native code can potentially bypass Aurasium:  Already seen examples of native code in the wild that is capable of doing so, explicitly use static linking

31 Conclusion  New approach to Android security/privacy  Per-app basis, no need to root phone  Tested against many real world apps  Have certain limitations

32 The End

33 Background  Evolution of Enterprise Mobile Management (EMM) 33

34 Background (cont’d)  Tradeoff: productivity v.s. security 34

35 Major methods  Application rewriting  Mocana  Work on all devices, NOT on all applications  SDK  Good  Work on all applications, NOT on all devices  Extra developer support  OS Modification  Bring Android to work on Android Lollipop  Dependencies on OS versions or customization  Limitation of portability 35

36 Android Segmentation 36

37 Desired System  Generality  Any application on mobile marketplaces  hardened business version  Data isolation/sharing  Completeness  Stealthy channels: reflection, native code, dynamic load  Flexibility  Dynamic & remote access policy update  Portability  No modifications (dependencies) on OS  Cross-platform  Proxy-based data access mechanism demo on iOS 37

38 Challenges  Lack of OS support  Existing Android storage mechanism supports either data sharing or data isolation alone  Diversity of data access behavior  Native code, Java reflection, Dynamic loading  Performance penalty  Popular resource virtualization-based solutions have the scalability issue 38

39 System Overview  How to use:  Shield the application to get the business version of application  Applications on device are divided into two sets: business and personal 39

40 Features Proxy-based data access mechanism Privileged data leakage detection/prevention 40

41 System Call Hooking 41

42 AppShield Architecture 42 12 3 4 5 6 7 8 9 10 11 12 13 14

43 Data Sharing/isolation  Privileged data kept in internal storage, private access mode owned by AppShield  Data access by other applications go through public storage with the virtual file path  Business application’s access redirect to the true file  sharing  Personal application cannot access the private internal storage  isolation 43

44 Data Sharing/isolation (cont’d) 44  Business application  AppShield  Access  Personal Application  No access to privileged data  Business application

Download ppt "Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson."

Similar presentations

Dynamic Analysis of Windows Phone 7 apps Behrang Fouladi, SensePost.

Dynamic Analysis of Windows Phone 7 apps Behrang Fouladi, SensePost.
Aurasium: Practical Policy Enforcement for Android Applications

Aurasium: Practical Policy Enforcement for Android Applications
Syracuse University, New York, USA

Syracuse University, New York, USA
FireDroid: Hardening Security in Almost-Stock Android Giovanni Russello, Arturo Blas Jimenez, Habib Naderi, Wannes van der Mark 1 University of Auckland,

FireDroid: Hardening Security in Almost-Stock Android Giovanni Russello, Arturo Blas Jimenez, Habib Naderi, Wannes van der Mark 1 University of Auckland,
Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.

Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,

EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.

Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.
Implementation of an Android Phone Based Video Streamer 2010 IEEE/ACM International Conference on Green Computing and Communications 2010 IEEE/ACM International.

Implementation of an Android Phone Based Video Streamer 2010 IEEE/ACM International Conference on Green Computing and Communications 2010 IEEE/ACM International.
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.

Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
Automated Remote Repair for Mobile Malware Yacin Nadji, Jonathon Giffin, Patrick Traynor Georgia Institute of Technology ACSAC’ 11.

Automated Remote Repair for Mobile Malware Yacin Nadji, Jonathon Giffin, Patrick Traynor Georgia Institute of Technology ACSAC’ 11.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
1 Introducing Collaboration to Single User Applications A Survey and Analysis of Recent Work by Brian Cornell For Collaborative Systems Fall 2006.

1 Introducing Collaboration to Single User Applications A Survey and Analysis of Recent Work by Brian Cornell For Collaborative Systems Fall 2006.
INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.

INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
Comparative Operating Systems Understanding the Kernel Structure Prashant Thuppala.

Comparative Operating Systems Understanding the Kernel Structure Prashant Thuppala.
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
Case study 2 Android – Mobile OS.

Case study 2 Android – Mobile OS.
IOS & Android Security, Hacking and Tweaking Workshop D.Papamartzivanos University Of the Aegean – Info Sec Lab Android Security – Cydia Substrate Dimitris.

IOS & Android Security, Hacking and Tweaking Workshop D.Papamartzivanos University Of the Aegean – Info Sec Lab Android Security – Cydia Substrate Dimitris.

Similar presentations

Ads by Google