Download Application Code

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
Document related concepts
no text concepts found
Transcript 
Aurasium: Practical Policy Enforcement
for Android Applications
Hassen Saidi, Rubin Xu, Ross Anderson,
Usenix Security 2012.
Fall 2014
Presenter: Kun Sun, Ph.D.
Most slides are borrowed from
https://www.usenix.org/sites/default/files/saidi_usenixsecurity12_slides.p
pt
Goal

Address the multiple threats posed by
malicious applications on Android
Android Malicious Apps
Introduction to Android

Security Features
 Process Isolation
 Linux user/group permission
 App requests permission to OS
functionalities
 Most checked in remote end i.e.
system services
 A few (Internet, Camera) checked in
Kernel, as special user group
Introduction to Android

Security Features
com.android.demo. app
Android Runtime
(Dalvik VM)
Process Boundary
System Services
Telephony Manger
Location Manger
Activity Manager
Package Manager
……
Application Code
-----------------------Activity
Service
Broadcast Receiver
Content Provider
Framework Code
Framework Code
Kernel Boundary
Permission
Check
Socket
Camera
Permission
Check
Binder (IPC)
Malicious Android Apps





Abuse permissions:
 Permissions are granted for as long as an
App is installed on a device
 No restrictions on how often resources
and data are accessed
Access and transmit private data
Access to malicious remote servers
application-level privilege escalation
 Confused deputy attacks
Gain root privilege
Alternative Approaches

App vetting: Google’s Bouncer




AV products:



Scanning
Have no visibility into the runtime of an App
Fine grain permissions checking


40% decrease in malware
Ineffective once App installed on the device
Can be fingerprinted
Require modifications to the OS
Virtualization

Require modification to the OS
Related work

Existing Work







TaintDroid (OSDI 10)
CRePE (ISC 10)
AppFence (CCS 11)
Quire (USENIX Security 2011)
SELinux on Android
Taming Privilege-Escalation (NDSS 2012)
Limitations

Modify OS – requires rooting and flashing
firmware.
Related Approaches
Information flow
Access control
Call chain IPC
AppFence
TainDroid
Android Middleware
CRePE
Quire
Linux kernel
Hardware
SELinux
Solution: Aurasium
Repackage Apps to
intercept all
Interactions with the OS
X
Android Middleware
X
Linux kernel
Hardware
Information flow
Access control
Call chain IPC
and many more!
Aurasium Internals

Two Problems to Solve
 Introducing alien code to arbitrary
application package
 Reliably intercepting application
interaction with the OS
Aurasium Internals

How to add code to existing applications
 Android application building and
packaging process
javac
Java Source Code
dx
Classes.dex
.class files
Zip & Sign
aapt
Application Resource
Compiled Resources
AndroidManifest.xml
Other Files
Application Package (.apk)
Aurasium Internals

How to add code to existing applications
 apktool
Insert Our
Java Code
.smali files
Insert
Metadata
Classes.dex
apktool
Textual
AndroidManifest.xml
Application Compiled Resources
Package
Application Resources
Other Files
Insert Our
Native Library
apktool
Secured
Application
Enforcing Security & Privacy Policy

Aurasium way
 Per-application basis
 No need to root phone
and flash firmware
 Almost non-bypassable
com.android.demo.SecuredApp
Application Code
-----------------------Activity
Service
Broadcast Receiver
Content Provider
Framework Code
Aurasium
Kernel
Aurasium Internals

How to Intercept
 A closer look at app
Application Code
process
Framework Code - Java
Java Native Interface
Framework Code - Native (C++)
libdvm.so
libandroid_runtime.so
libc.so
libm.so
Kernel
libbinder.so
…….
libstdc++.so
Aurasium Internals

How to Intercept
 Example: Socket Connection
Application Code
Framework - Java
ApkMonitorActivity.onClick()
HttpURLConnectionImpl.makeConnection()
HttpConnection.<init>()
Socket.connect()
PlainSocketImpl.connect()
OSNetworkSystem.connect()
Java Native Interface
Framework - Native
Native Libraries
OSNetworkSystem_connect() @ libnativehelper.so
connect() @
libc.so
Aurasium Internals

How to Intercept
 Example: Send SMS
Application Code
ApkMonitorActivity.onClick()
Framework - Java
SmsManager.sendTextMessage()
Isms$Stub$Proxy.sendText()
BinderProxy.transact()
Java Native Interface
Framework - Native
Native Libraries
transact() @ libbinder.so
ioctl() @
libc.so
Aurasium Internals

How to Intercept
 Intercept at lowest boundary – libc.so
Application Code
Framework Code - Java
Java Native Interface
Framework Code – Native (C++)
libdvm.so
libandroid_runtime.so
libbinder.so
…….
Detour
Monitoring Code
libc.so
libm.so
libstdc++.so
Aurasium Internals

How to Intercept
 Look closer at library calls - dynamic
linking
libbinder.so
Control flow transfer
Indirect memory reference
libc.so
Aurasium Internals

How to Intercept


Key: Dynamically linked shared object file
Essence: Redo dynamic linking with pointers to our
detour code.
somelib.so
Monitoring Code
libc.so
X
Aurasium Internals

How to Intercept


Implemented in native code
Almost non-bypassable
 Java code cannot modify arbitrary memory
 Java code cannot issue syscall directly
 Attempts to load native code is monitored

dlopen()
What can you do with Aurasium?

Total visibility into the interactions of an App with
the OS and other Apps





Internet connections

connect()
IPC Binder communications

ioctl()
File system manipulations

write(), read()
Access to resources

Ioctl(), read, write()
Linux system calls

fork(), execvp()
Aurasium Internals

How to add code to existing applications
 Inevitably destroy original signature
 In Android, signature = authorship
 Individual app not a problem
Aurasium Internals

How to add code to existing applications
 apktool
GUI & Policy
Insert Our
Java Code
.smali files
Insert
Metadata
Classes.dex
apktool
Textual
AndroidManifest.xml
Application Compiled Resources
Package
Application Resources
Other Files
Insert Our
Native Library
Point to Detour Activity
apktool
Secured
Application
Detour libc calls
Evaluation
Evaluation
Evaluation
Evaluation
Evaluation
Evaluation

Tested on Real-world Apps



3491 apps from third-party application store.
1260 malware corpus from Android Genome.
Results

Repackaging:

3476/1258 succeed (99.6%/99.8%)

Failure mode: apktool/baksmali assembly
crashes

Device runs

Nexus S under Monkey – UI Exerciser in SDK

Intercept calls from all of 3189 runnable
application.
Limitations

99.9% is not 100%



Native code can potentially bypass
Aurasium:



Rely on robustness of apktool
Manual edit of Apps as a workaround
Already seen examples of native code in the
wild that is capable of doing so
Some mitigation techniques exist
The policy in Java code may be modified.
Conclusion




New approach to Android security/privacy
Per-app basis, no need to root phone
Tested against many real world apps
Have certain limitations
The End

Try it out at www.aurasium.com
Related documents
Slides - NUS Security Research
Slides - NUS Security Research
saidi_usenixsecurity12_slides
saidi_usenixsecurity12_slides
CS499 * Mobile Application Development
CS499 * Mobile Application Development
Understanding Android app architecture
Understanding Android app architecture
ppt
ppt
Dan A CSC 345 Term Paper
Dan A CSC 345 Term Paper
Android Development
Android Development
Practical No – 6 (Elective-IV C)
Practical No – 6 (Elective-IV C)
Android JNI and Jar Library
Android JNI and Jar Library
*** 1 - Syracuse University
*** 1 - Syracuse University
Android_Gaming_on_Tegra
Android_Gaming_on_Tegra
Public Tests - University of Maryland
Public Tests - University of Maryland