Multilevel Android Exploit Protection Abstract #99

advertisement
Abstract #99
Multilevel Android Exploit Protection
Smartphones have become an emerging platform for both personal and business applications.
As the most popular mobile operating system for smartphones, Android offers great flexibility not only for users but also for application developers.
However, this flexibility exposes users to additional security threats. This poster describes our ongoing research effort towards Android security issues.
We first instantiate two types of possible attacks that can be launched on current Android applications available on the market.
To further explore the vulnerabilities, particularly in the finance and health sector, we are developing a tool that leverages
data mining techniques to automatically extract and analyze the security information of these applications, in order to detect and
report the potential security threats. Moreover, we have analyzed and categorized more than a dozen security solutions proposed by
different research groups. This poster provides a concise overview of this survey result. Most tools prevent potentially malicious
communication within the Android operating system by repeatedly checking all communication channels and making security decisions
based on a predefined security policy. Addressing the limitations of the current approaches, we propose two directions for further research.
First is to implement a probabilistic protection mechanism as part of the Android framework that leverages the historical data to make
better security decisions while reducing the energy overhead. The second proposed research direction is developing an Eclipse plug-in to
prevent attacks by educating developers to write more secure Android applications.
Boston University – Metropolitan College (MET)
Felix Rohrer, Nebiyu Feleke, Kenneth Nimley
Supervised by: Yuting Zhang, Lou Chitkushev, Tanya Zlateva
Two Proof of Concept Attacks
Android Overview
Operating System for
Mobile Devices
PoC App:
Funny Game
Resource request
Request accepted
Request denied
PoC App:
Mail Bomber
Based on Linux
Current solutions
Analyzed 13 security solutions from different research
groups
8 solutions introduce substantial overhead
(delays or energy consumption)
Resource
11 solutions require modification of framework code
and therefore difficult to distribute
Market Share of Smartphones by Platform
17%
Google
Apple
Symbian
Microsoft
RIM
5%
2%
47%
Android Market reached
10 Billion App downloads
by December 2011
IPC Inspection
Privileged App
Real
Unprivileged App
Quire
Quire
Saint
Apex
Juniper Networks – 2011 Mobile Thread Report
ComDroid
450'000 Apps
Rely on user/developer
Malware analysis
Android Security
Cumulative Android Malware Increase
SMS Trojans and how they operate
SMS Flooder
SMS Trojan
W orm
Spyware
3,500%
- Send to
premium number
- Send to third-party
3,000%
2,500%
2,000%
Resources are labelled with permissions
(i.e. INTERNET, RECEIVE_SMS)
1%
1,500%
0%
Jun
Our current research (focus: Finance and Medical sector)
Commonly requested permissions
USE_CREDENTIALS
RECORD_AUDIO
ACCESS_FINE_LOCATION
READ_CONTACTS
WAKE_LOCK
VIBRATE
GET_ACCOUNTS
READ_PHONE_STATE
WRITE_EXTERNAL_STORAGE
ACCESS_NETWORK_STATE
INTERNET
Finance
Medicine
0
20
40
60
80
100
# Apps
(Data: 50 medical Apps, 50 financial Apps)
Permission usage
31%
Not used
Used
69%
(Data: 100 Apps, 165 Permissions)
XManDroid
ComDroid
Saint
IPC Inspection
Subject to false-positive/false-negative
- Matches
user expectation
1,000%
500%
Application Analysis
through Data mining
CRePE
Reduce device functionality
4,000%
62%
External DBs
XManDroid
1%
Inter-application communication provided by Android
Framework (very flexible but introduces vulnerabilities)
App Security
information
Apex
Saint
June - December 2011
35%
Web interface
Source: Juniper Networks – 2011 Mobile Thread Report
Types of Malware (2011)
Each App runs in its own Virtual Machine (Dalvik),
therefore isolated from other Apps.
...
SELinux
Deal with Privilege Escalation attacks
CRePE
29%
Static Code
Analysis
XManDroid
Application Phishing
Permission Re-delegation
Growth rate of 1 Billion App
downloads per month
Fake
TrustDroid
Jul
Aug
Sep
Oct
Educate
developers
to write
secure Code
Add a mock-up
screen here
from the Eclipse
Plugin
Nov
Dec
Proposed work
Provide Security on several levels
● Create an access control based on roles in order to
simplify dealing with permissions
● Minimize energy consumption of solution by introducing
probabilistic security checks
●
Download