Practical Policy Enforcement for Android Applications R Xu H Saidi and R Anderson Presented By Rajat Khandelwal 2009CS10209 Parikshit Sharma 2009CS10204 Goal Address the multiple threats posed ID: 209112
Download Presentation The PPT/PDF document "Aurasium" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Aurasium: Practical Policy Enforcement for Android Applications
R. Xu, H. Saidi and R. Anderson
Presented By:
Rajat
Khandelwal
– 2009CS10209
Parikshit
Sharma – 2009CS10204Slide2
GoalAddress the multiple threats posed
by malicious applications on AndroidSlide3
Introduction to AndroidSecurity
FeaturesProcess IsolationLinux user/group permissionApp requests permission to OS functionalitiesMost
checked in remote end i.e. system services
A
few (Internet, Camera) checked in Kernel,
as special
user
groupSlide4
Introduction to AndroidSlide5
Malicious Android AppsAbuse
permissions:Permissions are granted for as long as an App is installed on a deviceNo restrictions on how often resources and
data are
accessed
Access
and transmit private data
Access
to malicious remote servers
application-level
privilege escalation
Confused
deputy attacks
Gain
root privilegeSlide6
Alternative Approaches
App vetting: Google’s Bouncer40% decrease in malwareIneffective
once App installed on the device
AV products:
Scanning
Have
no visibility into the runtime of an App
Fine
grain permissions checking
Require
modifications to the OS
Virtualization
Require
modification to the OSSlide7
Related workExisting
WorkTaintDroid (OSDI 10)CRePE (ISC 10)AppFence
(CCS 11)
Quire
(USENIX Security 2011)
SELinux
on Android
Taming
Privilege-Escalation (NDSS 2012)
Limitations
Modify
OS – requires rooting and
flashing
irmware
.Slide8
Related ApproachesSlide9
Solution: Aurasium
Repackage Apps to intercept all Interactions with the OSSlide10
Aurasium Internals
Two Problems to SolveIntroducing alien code to arbitrary application package Reliably intercepting application
interaction with
the OSSlide11
Aurasium Internals
How to add code to existing applicationsAndroid application building and packaging processSlide12
Aurasium Internals
How to add code to existing applicationsapktoolSlide13
Enforcing Security & Privacy PolicyAurasium
wayPer-application basisNo need to root phone and flash firmware
Almost
non-
bypassableSlide14
Aurasium Internals
How to InterceptA closer look at app processSlide15
Aurasium Internals
How to InterceptExample: Socket ConnectionSlide16
Aurasium Internals
How to InterceptExample: Send SMSSlide17
Aurasium Internals
How to InterceptIntercept at lowest boundary – libc.soSlide18
Aurasium Internals
How to InterceptLook closer at library calls - dynamic linkingSlide19
Aurasium
Internals
How to Intercept
Key
: Dynamically linked shared object file
Essence
: Redo dynamic linking with pointers to
our detour
code.Slide20
Aurasium Internals
How to InterceptImplemented in native codeAlmost non-bypassableJava code cannot modify arbitrary memory
Java
code cannot issue
syscall
directly
Attempts
to load native code is monitored
dlopen
()Slide21
What can you do with Aurasium?
Total visibility into the interactions of an App with the OS and other AppsInternet connections
connect
()
IPC
Binder communications
ioctl
()
File
system manipulations
write
(), read()
Access
to resources
Ioctl
(), read, write()
Linux
system calls
fork
(),
execvp
()Slide22
Aurasium
Internals
How to add code to existing applications
Inevitably
destroy original signature
In
Android, signature = authorship
Individual
app not a problemSlide23
EvaluationSlide24
EvaluationSlide25
EvaluationSlide26
EvaluationSlide27
EvaluationSlide28
EvaluationTested on Real-world Apps
3491 apps from third-party application store.1260 malware corpus from Android Genome.ResultsRepackaging
:
3476/3491
succeed (99.6%/99.8%)
Failure
mode:
apktool
/
baksmali
assembly crashes
Device
runs
Nexus
S under Monkey – UI Exerciser in SDK
Intercept
calls from all of 3189 runnable applicationSlide29
Limitations99.9% is not 100%
Rely on robustness of apktoolManual edit of Apps as a workaroundNative code can potentially
bypass
Aurasium
:
Already
seen examples of native code in
the wild
that is capable of doing so
Some
mitigation techniques existSlide30
ConclusionNew approach to Android security/privacy
Per-app basis, no need to root phoneTested against many real world appsHave certain limitationsSlide31
The End