1 / 11

Android Declassification Infrastructure

Android Declassification Infrastructure. Matan David Yuval Evron Project Advisor: Roei Schuster. A Short Reminder…. Our project involves making Android OS more secure. Android’s built-in permissions are very coarse grained. We aim to provide a better

samara
Download Presentation

Android Declassification Infrastructure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Android Declassification Infrastructure Matan David Yuval Evron Project Advisor: Roei Schuster

  2. A Short Reminder… • Our project involves making Android OS more secure. • Android’s built-in permissions are very coarse grained. • We aim to provide a better solution at the application level (without having to change the OS).

  3. A Short Reminder… • Last time we introduced a new permission mechanism – “A Declassifier”.

  4. Android’s Security Model • Android is a Linux-based OS. • Unlike other popular Oses, in Android each app runs as a separate process under a distinct UID. • Android offers several ways for apps to communicate with one another (IPC).

  5. Our Previous Model • After developing a POC that worked, it got us thinking about security issues… • Our previous declassifier model: • Declassifier defines a custom global Action, known to both us and the 3rd party. • 3rd party app sends an Intent to use an Action. • The Declassifier handles the request using an Activity. • This model is not very secure!! Let see why.

  6. The Problem • Intents are insecure. Anyone listening in can recognize them and use them. • How does the declassifier know who is permitted to use the intent, and who isn’t. • How can the 3rd party app be sure that our declassifier is actually the one responding to the intent.

  7. Project Scope • We rely on Android’s mechanism for securing general application activities, and we will not touch on that. • However, protecting apps that use our infrastructure is our responsibility.

  8. The Solution • Introducing: BroadcastReceiver • Utilizes Android’s permissions mechanism (which we discussed last time). • Filters incoming intents by caller permissions. • Filters outgoing intents by recipient permissions. • Enables a callback mechanism which allows sending back the answer in private.

  9. Our New Model • Our declassifier defines a custom Permission for each “small action” it supports (i.e: getting a contact’s phone number by name, etc.). • Upon installing an app, the user is requested to confirm the list of required permissions. • Data transferred remains private and safe.

  10. Pertinent Literature • iSEC Securing Android Apps - Mobile Application Security On Android, Black Hat 2009 – Jesse Burns (www.iSECPartners.com)

  11. Demo Time

More Related