Presentation is loading. Please wait.

Presentation is loading. Please wait.

Android Declassification Infrastructure Matan David Yuval Evron Project Advisor: Roei Schuster 1.

Published byClinton Bryant Modified over 8 years ago

Similar presentations

Presentation on theme: "Android Declassification Infrastructure Matan David Yuval Evron Project Advisor: Roei Schuster 1."— Presentation transcript:

1 Android Declassification Infrastructure Matan David Yuval Evron Project Advisor: Roei Schuster 1

2 A Short Reminder… Android’s built-in permissions are very coarse grained. We aim to provide a better solution at the application level (without having to change the OS). Security is of the essence. 2

3 A Short Reminder… We introduced a new permission mechanism – “A Declassifier”. The Declassifier would request high permission levels, while exporting lower, finer grained, permissions to third parties. 3

4 Android’s Security Model Android is a Linux-based OS. Unlike other popular Oses, in Android each app runs in a separate process under a distinct UID. Android offers several ways for apps to communicate with one another (IPC). There are several ways to implement IPC. We chose to use BroadcastReceivers and Intents. 4

5 BroadcastReceiver Utilizes Android’s permissions mechanism. Filters incoming intents by caller permissions. (i.e. Does this app have sufficient permissions?) Enables a callback mechanism which allows sending back the answer privately. Each 3 rd party app creates its own BroadcastReceiver to handle the returned result. 5

6 BroadcastReceiver – A Closer Look Upon installation, our Declassifier requests all of the Native OS permissions it plans on using. In the Manifest, the Declassifier creates custom permissions that the 3 rd party apps will need to use. 6 Declassifier PHONE_STATE_READ_SIM_SERIAL_NUMBER_PERMISSION PHONE_STATE_READ_SUBSCRIBER_ID_PERMISSION PHONE_STATE_READ_DEVICE_ID_PERMISSION PHONE_STATE_READ_PHONE_TYPE_PERMISSION PHONE_STATE_READ_CALL_STATE_PERMISSION APP OS READ_PHONE_STATE

7 BroadcastReceiver – A Closer Look Upon installation, the 3 rd party app requests only the permissions it needs from the Declassifier (It never asks for a Native OS permission). 7

8 BroadcastReceiver – A Closer Look The app sends a BroadcastReceiver request, with all the information encapsulated inside an Intent. Intent i = new Intent("com.example.Declassifier.CALENDAR_EVENT_BY_TITLE_ACTION"); i.putExtra("Title",titleNameStr); One of the parameters the app supplies in the request, is a custom BroadcastReceiver which will handle the Declassifier’s result (The Callback mechanism). 8

9 BroadcastReceiver – A Closer Look Calendar_App_GetEventByTitle_BR eventByTitleReceiver = new Calendar_App_GetEventByTitle_BR(); sendOrderedBroadcast(i,"android.permission.READ_CALENDAR", eventByTitleReceiver, null, Activity.RESULT_OK, null, null); At this stage, the Declassifier filters out requests which to not satisfy the relevant permissions. In a similar way, the 3 rd party app filters out returned results from unauthorized sources. With this model, we ensure that Intents reach the designated destination and make their way back securely. 9

10 Where We Are Today Contacts Calendar SD Card Phone State 10

11 Contacts 1.Contact phone by Name. 2.Contact address by Name. 3.Contact e-mail address by Name. 4.Contact picture by Name. Queries are interchangeable (you can search for contact name by phone number as well). 11

12 Calendar 1. Calendar Event by Title 2. Calendar Event by Date 3. Calendar Event by Location Some queries may produce several results. i.e. entering “June” as a date will present all event in the month of June. 12

13 SD Card Management 1.Each application gets its own folder using its unique UID. 2.Writing and Reading is limited to this folder only, using the Declassifier’s interface. Now no application is granted the WRITE_EXTERNAL_STORAGE permission and thus, can not manipulate the information on the SD Card. 13

14 Phone State READ_PHONE_STATE permission may seem a bit vague to the average user. It actually grants access to many of the phone’s settings (IMEI, IMSI, Cellular data connection state, Call state, Sim serial number, etc.). Our Declassifier subdivides the READ_PHONE_STATE permission to sub permissions. 14

15 Stay Tuned…. Audio Record Requests – We found that when granted RECORD_AUDIO permission, audio recording is possible at any time without any user consent. Wifi – The ACCESS_WIFI_STATE permission grants the app the ability to know the wireless connection’s current state, to connect to a Wi-Fi network, etc. These permissions present a security risk, as well as a coarse permission granularity as to how applications may use the Wi-Fi / Audio devices on the Android Phone. 15

16 Phone State Demo 16

17 Phone State Demo 17

18 Phone State Demo 18

19 Phone State Demo 19

20 Phone State Demo 20

21 Phone State Demo 21

22 Phone State Demo 22

Download ppt "Android Declassification Infrastructure Matan David Yuval Evron Project Advisor: Roei Schuster 1."

Similar presentations

MicroKernel Pattern Presented by Sahibzada Sami ud din Kashif Khurshid.

MicroKernel Pattern Presented by Sahibzada Sami ud din Kashif Khurshid.
Prepared by: Prepared by: Jameela Rabaya Jameela Rabaya Fatima Darawsha Fatima Darawsha.

Prepared by: Prepared by: Jameela Rabaya Jameela Rabaya Fatima Darawsha Fatima Darawsha.
Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.

Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.

Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Advanced Techniques in Forensic Examination of Smartphones (C) Oxygen Software, 2000-2010 2010.

Advanced Techniques in Forensic Examination of Smartphones (C) Oxygen Software,
U N C L A S S I F I E D LA-UR-09-03103 LANL Exchange / Blackberry Deployment June 2, 2009 Anil Karmel Solutions Architect Network and Infrastructure Engineering.

U N C L A S S I F I E D LA-UR LANL Exchange / Blackberry Deployment June 2, 2009 Anil Karmel Solutions Architect Network and Infrastructure Engineering.
28.2 Functionality Application Software Provides Applications supply the high-level services that user access, and determine how users perceive the capabilities.

28.2 Functionality Application Software Provides Applications supply the high-level services that user access, and determine how users perceive the capabilities.
SOCIAL NETWORK INFORMATION CONSOLIDATION Developers:  Klasquin Tomer  Nisimov Yaron  Rabih Erez Advisors:  Academic: Prof. Elovici Yuval  Technical:

SOCIAL NETWORK INFORMATION CONSOLIDATION Developers:  Klasquin Tomer  Nisimov Yaron  Rabih Erez Advisors:  Academic: Prof. Elovici Yuval  Technical:
DeVry University Donelle Vance. GRAB - The Cross Platform iPhone, iPad & Android Phone Sharing Application August 2011.

DeVry University Donelle Vance. GRAB - The Cross Platform iPhone, iPad & Android Phone Sharing Application August 2011.
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets with Internet Applications, 4e By Douglas.

© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets with Internet Applications, 4e By Douglas.
SMS. Short Message Service – Primarily text messages between mobile phones – First one sent December 3, 1982 “Merry Christmas” – In 2008 Approximately.

SMS. Short Message Service – Primarily text messages between mobile phones – First one sent December 3, 1982 “Merry Christmas” – In 2008 Approximately.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
Advanced Techniques in Forensic Examination of Smartphones 2012 (C) Oxygen Software, 2000-2012

Advanced Techniques in Forensic Examination of Smartphones 2012 (C) Oxygen Software,
Selling Pre-Owned Medical Equipment On MedWOW.com.

Selling Pre-Owned Medical Equipment On MedWOW.com.
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
Winner Follow Me Presented by Telecom Transborder Services.

Winner Follow Me Presented by Telecom Transborder Services.
Android Declassification Infrastructure Matan David Yuval Evron Project Advisor: Roei Schuster 1.

Android Declassification Infrastructure Matan David Yuval Evron Project Advisor: Roei Schuster 1.
 An electrical device that sends or receives radio or television signals through electromagnetic waves.

 An electrical device that sends or receives radio or television signals through electromagnetic waves.
Android Security What is out there? Waqar Aziz. Android Market Share - I 2.

Android Security What is out there? Waqar Aziz. Android Market Share - I 2.

Similar presentations

Ads by Google