1 / 36

Semantically Rich Application-Centric Security in Android

Machigar Ongtang , Stephen McLaughlin, William Enck , Patrick McDaniel Department of Computer Science and Engineering The Pennsylvania State University ACSCA 2009. Semantically Rich Application-Centric Security in Android. Outline. Introduction Smartphone Application Security Android

rhett
Télécharger la présentation

Semantically Rich Application-Centric Security in Android

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MachigarOngtang, Stephen McLaughlin, William Enck, Patrick McDaniel Department of Computer Science and Engineering The Pennsylvania State University ACSCA 2009 Semantically Rich Application-Centric Security in Android Advanced Defense Laboratory

  2. Outline • Introduction • Smartphone Application Security • Android • Application Policies • SAINT Policy • SAINT Architecture • Related Work • Conclusion Advanced Defense Laboratory

  3. Introduction • Applications on mobile platform • Apple’s App Store • Android’s Market • BlackBerry App World • Android Security • Using permission label Advanced Defense Laboratory

  4. Introduction (cont.) • In Manifest.xml: • You can not use the functions which are not in your application permission Advanced Defense Laboratory

  5. Introduction (cont.) • Users are impossible to make good choices about the application permissions • The Android system protects the phone from malicious applications, but provides severely limited infrastructure for applications to protect themselves Advanced Defense Laboratory

  6. Introduction (cont.) • Android Security Framework • Permission Assignment Policy • Interface Exposure Policy • Interface Use Policy • Secure Application INTeraction (Saint) framework • Installation-time Policy • Runtime Policy Advanced Defense Laboratory

  7. Outline • Introduction • Smartphone Application Security • Android • Application Policies • SAINT Policy • SAINT Architecture • Related Work • Conclusion Advanced Defense Laboratory

  8. Smartphone Application Security PersonalShopper can get location info only if it holds the permissions. • Example: If Ledger has the permission to access Internet, it might leak transaction info. PeronalShopper only trust Secure Payment and Trust Checkout . Password vault app contain bugs in v1.1. So application needs the new version. Advanced Defense Laboratory

  9. Outline • Introduction • Smartphone Application Security • Android • Application Policies • SAINT Policy • SAINT Architecture • Related Work • Conclusion Advanced Defense Laboratory

  10. Android http://developer.android.com/intl/zh-TW/guide/basics/what-is-android.html Advanced Defense Laboratory

  11. Android (cont.) • Applications are ostensibly isolated • Android IPC : Binder and Intent • ioctl driver • Intent Filter: Advanced Defense Laboratory

  12. Android (cont.) • Activity • Display on screen Advanced Defense Laboratory

  13. Android (cont.) • Service • Background process Advanced Defense Laboratory

  14. Android (cont.) • Broadcast Receiver • Asynchronous event notification Advanced Defense Laboratory

  15. Android (cont.) • Content Provider • Share data between applications • Do not use Intents • Use URI (Uniform Resource Identifier) Advanced Defense Laboratory

  16. Android (cont.) • Permission label in Android • Normal • Dangerous • Signature • signatureOrSystem • Developers can define permission labels to access their interface • But developers indirectly influence security Advanced Defense Laboratory

  17. Outline • Introduction • Smartphone Application Security • Android • Application Policies • SAINT Policy • SAINT Architecture • Related Work • Conclusion Advanced Defense Laboratory

  18. Application Policies • Policy Tree: • Double-stoke boxes is supported by Android Advanced Defense Laboratory

  19. Application Policies (cont.) • Signature-based policy (1.2) • Define set of except signatures • Configuration-based policy (1.3) • E.g., Application version and the set of request permissions Advanced Defense Laboratory

  20. Application Policies (cont.) • Signature-based policy (2.2) • Configuration-based policy (2.3) • Phone Context-based Policy (2.4) Advanced Defense Laboratory

  21. Application Policies (cont.) • Install-time Policy Example • com.abc.lbs with “QueryByLocation” service • Developer Permission: com.abc.perm.getloc • Permission: ACCESS_LOCATION • Runtime Policy Example • com.ok.shopper wants to check the payment application • Signature checks Advanced Defense Laboratory

  22. Outline • Introduction • Smartphone Application Security • Android • Application Policies • SAINT Policy • SAINT Architecture • Related Work • Conclusion Advanced Defense Laboratory

  23. SAINT Policy Install-Time Run-Time Advanced Defense Laboratory

  24. SAINT Policy (cont.) • Install-time Policy Example Advanced Defense Laboratory

  25. SAINT Policy (cont.) • Runtime Policy • Access policy • Identify the caller’s security requirements • Expose policy • Identify the callee’s security requirements • Saint is a “conjunctional default allow policy” Advanced Defense Laboratory

  26. SAINT Policy (cont.) • Runtime PolicyExample Advanced Defense Laboratory

  27. SAINT Policy (cont.) • Administrative Policy • May users override the system/application policies? • Operational Policy Advanced Defense Laboratory

  28. Outline • Introduction • Smartphone Application Security • Android • Application Policies • SAINT Policy • SAINT Architecture • Related Work • Conclusion Advanced Defense Laboratory

  29. SAINT Architecture • Saint Installer • PackageParser / PackageManager • Insert each policy into AppPolicy provider only if its permission label is declared by the application Advanced Defense Laboratory

  30. SAINT Architecture (cont.) • Saint Mediator Advanced Defense Laboratory

  31. SAINT Architecture (cont.) • AppPolicy Provider • SQLite • verifyPermissionGrant API • insertApplicationPolicy API • FrameworkPolicyManager • Only FrameworkPolicyManager can update AppPolicy provider Advanced Defense Laboratory

  32. Outline • Introduction • Smartphone Application Security • Android • Application Policies • SAINT Policy • SAINT Architecture • Related Work • Conclusion Advanced Defense Laboratory

  33. Related Work • Kirin • Enforce install policies • Application Security Framework by OMTP • Certificate-based mechanism • Symbian • Symbian-signed Advanced Defense Laboratory

  34. Related Work (cont.) • Linux Security Module (LSM) Framework • Isolation • SELinux on OpenMoko • Rao et al. • MAC system • Windows Mobile .Net • Bind each application to a behavioral profile enforced at runtime Advanced Defense Laboratory

  35. Outline • Introduction • Smartphone Application Security • Android • Application Policies • SAINT Policy • SAINT Architecture • Related Work • Conclusion Advanced Defense Laboratory

  36. Conclusion • Saint framework • Install-time and runtime policy enforcement Advanced Defense Laboratory

More Related