1 / 15

Towards Taming Privilege-Escalation Attacks on Android

Towards Taming Privilege-Escalation Attacks on Android. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry in 19th Annual Network & Distributed System Security Symposium (NDSS 2012). [Online Available]. Yoonyong Shin yshi091 4889476. Summary.

fritz-ramsey
Download Presentation

Towards Taming Privilege-Escalation Attacks on Android

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Towards Taming Privilege-Escalation Attacks on Android S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry in 19th Annual Network & Distributed System Security Symposium (NDSS 2012). [Online Available] Yoonyong Shin yshi091 4889476

  2. Summary • Problem: Confused deputy attack and Collusion attack in Android. By Yoonyong Shin

  3. Summary • Problem: Confused deputy attack and Collusion attack in Android. • Aim: Create a practical security framework that can defend against both Confused deputy attack and Collusion attack. By Yoonyong Shin

  4. Summary • Problem: Confused deputy attack and Collusion attack in Android. • Aim: Create a practical security framework that can defend against both Confused deputy attack and Collusion attack. • Method: Heuristic analysis of Android’s system behavior. By Yoonyong Shin

  5. Summary • Problem: Confused deputy attack and Collusion attack in Android. • Aim: Create a practical security framework that can defend against both Confused deputy attack and Collusion attack. • Method: Heuristic analysis of Android’s system behavior. • Solution: System-centric, Policy-driven and runtime Monitoring security framework. By Yoonyong Shin

  6. Summary • Problem: Confused deputy attack and Collusion attack in Android. • Aim: Create a practical security framework that can defend against both Confused deputy attack and Collusion attack. • Method: Heuristic analysis of Android’s system behavior. • Solution: System-centric, Policy-driven and runtime Monitoring security framework. • Remedy: Different types of profile. ( Default < Basic < Advanced < Strong) By Yoonyong Shin

  7. Good “…framework which can capture all variations of application-level privilege attacks, as opposite to previous works targeting attack subclasses.” by Sven Bugiel et al. Contribution to the Android security field By Yoonyong Shin

  8. Good “…framework which can capture all variations of application-level privilege attacks, as opposite to previous works targeting attack subclasses.” by Sven Bugiel et al. Contribution to the Android security field • Broad problem domain. (Linux Inter Process Communication, File System, Unix Domain, Internet Sockets and Inter Component Communication) By Yoonyong Shin

  9. Good “…framework which can capture all variations of application-level privilege attacks, as opposite to previous works targeting attack subclasses.” by Sven Bugiel et al. Contribution to the Android security field • Broad problem domain. (Linux Inter Process Communication, File System, Unix Domain, Internet Sockets and Inter Component Communication) • Persistent and Motivation for Android security development. (Detail plan of future works. E.g., extensive user tests, more application test, binder level ICC call-chain verification and SELinux integration) By Yoonyong Shin

  10. Bad “Our evaluation results show that our framework is efficient, effective and usable.” by Sven Bugiel et al. Effectiveness and Usability By Yoonyong Shin

  11. Bad “Our evaluation results show that our framework is efficient, effective and usable.” by Sven Bugiel et al. Effectiveness and Usability • 50 popular applications representing 600,000 Android applications. By Yoonyong Shin

  12. Bad “Our evaluation results show that our framework is efficient, effective and usable.” by Sven Bugiel et al. Effectiveness and Usability • 50 popular applications representing 600,000 Android applications. • More number of permissions combination is required. By Yoonyong Shin

  13. Bad “Our evaluation results show that our framework is efficient, effective and usable.” by Sven Bugiel et al. Effectiveness and Usability • 50 popular applications representing 600,000 Android applications. • More number of permissions combination is required. Consequence: incompatibility to legacy application By Yoonyong Shin

  14. Bad (Cont.) Usability • System-centric framework on Android 2.2.1 (Froyo) require update every now and then. (Most updated version is 4.1.X Jelly Bean) By Yoonyong Shin

  15. Question Within Smartphone features we discussed so far, How much would you restrict usability over better security? By Yoonyong Shin

More Related