1 / 21

Android Declassification Infrastructure

Android Declassification Infrastructure. Matan David Yuval Evron Project Advisor: Roei Schuster. A Short Reminder…. Android’s built-in permissions are very coarse grained. We aim to provide a better solution at the application level (without having to change the OS).

beata
Download Presentation

Android Declassification Infrastructure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Android Declassification Infrastructure Matan David Yuval Evron Project Advisor: Roei Schuster

  2. A Short Reminder… • Android’s built-in permissions are very coarse grained. • We aim to provide a better solution at the application level (without having to change the OS). • Security is of the essence.

  3. A Short Reminder… • We introduced a new permission mechanism – “A Declassifier”. • The Declassifier would request high permission levels, while exporting lower, finer grained, permissions to third parties.

  4. BroadcastReceiver • Utilizes Android’s permissions mechanism. • Filters incoming intents by caller permissions. (i.e. Does this app have sufficient permissions?) • Enables a callback mechanism which allows sending back the answer privately. • Each 3rd party app creates its own BroadcastReceiver to handle the returned result.

  5. BroadcastReceiver – A Closer Look • Upon installation, our Declassifier requests all of the Native OS permissions it plans on using. • In the Manifest, the Declassifier creates custom permissions that the 3rd party apps will need to use. OS Declassifier APP PHONE_STATE_READ_PHONE_TYPE_PERMISSION PHONE_STATE_READ_SUBSCRIBER_ID_PERMISSION READ_PHONE_STATE PHONE_STATE_READ_CALL_STATE_PERMISSION PHONE_STATE_READ_SIM_SERIAL_NUMBER_PERMISSION PHONE_STATE_READ_DEVICE_ID_PERMISSION

  6. BroadcastReceiver – A Closer Look • Upon installation, the 3rd party app requests only the permissions it needs from the Declassifier (It never asks for a Native OS permission).

  7. BroadcastReceiver – A Closer Look • The app sends a BroadcastReceiver request, with all the information encapsulated inside an Intent. Intent i = newIntent("com.example.Declassifier.CALENDAR_EVENT_BY_TITLE_ACTION"); i.putExtra("Title",titleNameStr); • One of the parameters the app supplies in the request, is a custom BroadcastReceiver which will handle the Declassifier’s result (The Callback mechanism).

  8. BroadcastReceiver – A Closer Look Calendar_App_GetEventByTitle_BReventByTitleReceiver= new Calendar_App_GetEventByTitle_BR(); sendOrderedBroadcast(i,"android.permission.READ_CALENDAR", eventByTitleReceiver, null, Activity.RESULT_OK, null, null); • At this stage, the Declassifier filters out requests which to not satisfy the relevant permissions. • In a similar way, the 3rd party app filters out returned results from unauthorized sources. • With this model, we ensure that Intents reach the designated destination and make their way back securely.

  9. Where We Are Today • Contacts • Calendar • SD Card • Phone State

  10. Contacts • Contact phone by Name. • Contact address by Name. • Contact e-mail address by Name. • Contact picture by Name. • Queries are interchangeable (you can search for contact name by phone number as well).

  11. Calendar 1. Calendar Event by Title 2. Calendar Event by Date 3. Calendar Event by Location • Some queries may produce several results. i.e. entering “June” as a date will present all event in the month of June.

  12. SD Card Management • Each application gets its own folder using its unique UID. • Writing and Reading is limited to this folder only, using the Declassifier’s interface. • Now no application is granted the WRITE_EXTERNAL_STORAGE permission and thus, can not manipulate the information on the SD Card.

  13. Phone State • READ_PHONE_STATE permission may seem a bit vague to the average user. • It actually grants access to many of the phone’s settings (IMEI, IMSI, Cellular data connection state, Call state, Sim serial number, etc.). • Our Declassifier subdivides the READ_PHONE_STATE permission to sub permissions.

  14. Stay Tuned…. • Audio Record Requests – We found that when granted RECORD_AUDIO permission, audio recording is possible at any time without any user consent. • Wifi – The ACCESS_WIFI_STATE permission grants the app the ability to know the wireless connection’s current state, to connect to a Wi-Fi network, etc. These permissions present a security risk, as well as a coarse permission granularity as to how applications may use the Wi-Fi / Audio devices on the Android Phone.

  15. Phone State Demo

  16. Phone State Demo

  17. Phone State Demo

  18. Phone State Demo

  19. Phone State Demo

  20. Phone State Demo

  21. Phone State Demo

More Related