Android Application Sandbox. Thomas Bläsing DAI-Labor TU Berlin

Similar documents
Open Mobile Platforms. EE 392I, Lecture-6 May 4 th, 2010

Android App Development. Ahmad Tayeb

Android App Development

Abusing Android In-app Billing feature thanks to a misunderstood integration. Insomni hack 18 22/03/2018 Jérémy MATOS

CS260 Intro to Java & Android 04.Android Intro

Mobile Hacking & Security. Ir. Arthur Donkers & Ralph Moonen, ITSX

Introduction to Android Android Smartphone Programming. Outline University of Freiburg. What is Android? Background University of Freiburg.

Minds-on: Android. Session 1

Android App Development. Muhammad Sharjeel COMSATS Institute of Information Technology, Lahore

VirtualSwindle: An Automated Attack Against In-App Billing on Android

CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes

Security Philosophy. Humans have difficulty understanding risk

A Framework for Evaluating Mobile App Repackaging Detection Algorithms

Mobile OS. Symbian. BlackBerry. ios. Window mobile. Android

BUILDING A TEST ENVIRONMENT FOR ANDROID ANTI-MALWARE TESTS Hendrik Pilz AV-TEST GmbH, Klewitzstr. 7, Magdeburg, Germany

Introduction to Android

Tutorial on Basic Android Setup

Introduction To Android

Android System Development Training 4-day session

PAPER ON ANDROID ESWAR COLLEGE OF ENGINEERING SUBMITTED BY:

Enhancing Security of Linux based Android Devices

ID: Sample Name: YNtbLvNHuo Cookbook: defaultandroidfilecookbook.jbs Time: 14:44:34 Date: 12/01/2018 Version:

Introduction. Lecture 1. Operating Systems Practical. 5 October 2016

OAuth securing the insecure

Android Application Development A Beginners Tutorial

Unpacking the Packed Unpacker

IJRDTM Kailash ISBN No Vol.17 Issue

Android. Lesson 1. Introduction. Android Developer Fundamentals. Android Developer Fundamentals. to Android 1

Bringing Android to Secure SDRs

Mobile and Social Computing

User S Guide Android Technology Platform

Introduction to Android

Android In Industrial Applications. A Field Report

12.1 Introduction OpenCV4Android SDK Getting the SDK

Android Programmierung leichtgemacht. Lars Vogel

An Introduction to Android. Jason Chen Developer Advocate Google I/O 2008

The Security of Android APKs

UnCovert: Evaluating thermal covert channels on Android systems. Pascal Wild

File Synchronization using API Google Drive on Android Operating System

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 5, Oct-Nov, 2013 ISSN:

ANDROID BASED WS SECURITY AND MVC BASED UI REPRESENTATION OF DATA

Android App Development Workshop

Android security enforcements

SECURE2013 ANDROTOTAL A SCALABLE FRAMEWORK FOR ANDROID ANTIMALWARE TESTING

Lecture 08. Android Permissions Demystified. Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner. Operating Systems Practical

A STUDY OF ANDROID OPERATING SYSTEM WITH RESPECT WITH USERS SATISFACTION

Android OS. Operating System based on Linux [ ] [Jonas Teuscher, Alex Cuordileone, Cédric Glaus]

COSC 3P97 Mobile Computing

Android Analysis Tools. Yuan Tian

Android: Under the Hood. GDG-SG DevFest 5th Nov 2016 Jason Zaman

Mobile and Ubiquitous Computing: Android Programming (part 1)

A novel runtime technique for identifying malicious applications

MOBILE DEFEND. Powering Robust Mobile Security Solutions

How to secure your mobile application with RASP

AHNLAB 조주봉 (silverbug)

Tcl/Tk on Android. Icon kindly donated by Jorge Raul Moreno

A Method-Based Ahead-of-Time Compiler For Android Applications

Android System Architecture. Android Application Fundamentals. Applications in Android. Apps in the Android OS. Program Model 8/31/2015

Reconstructing DALVIK. Applications. Marc Schönefeld CANSECWEST 2009, MAR18

Android Malware: they divide, we conquer

Abstract. 1. Introduction

Programming with Android: System Architecture. Dipartimento di Scienze dell Informazione Università di Bologna

Runtime Integrity Checking for Exploit Mitigation on Embedded Devices

1.1 Android Intrusion Detection System Cell Phone Security Construct the Building Environment 11

Another difference is that the kernel includes only the suspend to memory mechanism, and not the suspend to hard disk, which is used on PCs.

Software Development & Education Center ANDROID. Application Development

Android Overview. Francesco Mercaldo, PhD

CUHK CSE ADAM: An Automatic & Extensible Platform Stress Test Android Anti-Virus Systems John Spark Patrick C.S. Lui ZHENG Min P.C.

Ahmed Ali Big fan of Android

Access Control for Plugins in Cordova-based Hybrid Applications

Android Apps. with Eclipse. Apress. Onur Cinar

Android ATC Android Security Essentials Course Code: AND-402 version 5 Hands on Guide to Android Security Principles

Mobile Forensics: Android Platforms and WhatsApp Extraction Tools

Free antivirus software download

Programming with Android: System Architecture. Dipartimento di Scienze dell Informazione Università di Bologna

Operating Systems 4/27/2015

Mobile Programming Lecture 1. Getting Started

Dalvik And Art Android Internals Newandroidbook

Operating System Services. User Services. System Operation Services. User Operating System Interface - CLI. A View of Operating System Services

USER GUIDE FOR SMARTPHONE BASED REAL-TIME ACOUSTIC FEEDBACK CANCELLATION SYSTEM

Man-In-The-Disk. Slava Makkaveev DEF CON 2018

Android. (XKE Mars 2009) Erwan Alliaume.

Research on Improving performance and Battery Backup of Android Mobile with help of Cyanogen Mod, and latest kernel

Android Internals and the Dalvik VM!

Introduction to Android

Intelligent Terminal System Based on Trusted Platform Module

STUDY OF PRIVILEGE ESCALATION ATTACK ON ANDROID AND ITS COUNTERMEASURES

Social Engineering (SE)

Early-Enact. OPUS Open Portal to University Scholarship. Governors State University. Shiva Sai Kumar Gaday Governors State University

Android AOSP Overview. Karthik Dantu and Steve Ko

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

SD Module- Android Programming

droidcon Greece Thessaloniki September 2015

CSCA0201 FUNDAMENTALS OF COMPUTING. Chapter 6 Operating Systems

Android app protection through anti-tampering and anti-debugging Techniques

Comprehensive Development and Debug Coverage for Linux and Android on the MIPS Architecture

QuantDroid: Quantitative Approach towards Mitigating Privilege Escalation on Android

Programming with Android: System Architecture. Luca Bedogni. Dipartimento di Scienze dell Informazione Università di Bologna

ID: Sample Name: badoo.apk Cookbook: defaultandroidfilecookbook.jbs Time: 12:51:18 Date: 29/05/2018 Version:

Technical Report. Verifying the Integrity of Open Source Android Applications. Michael Macnair. RHUL MA March 2015

Transcription:

Android Application Sandbox Thomas Bläsing DAI-Labor TU Berlin

Agenda Introduction What is Android? Malware on smartphones Common countermeasures on the Android platform Use-Cases Design Conclusion Summary Future work / Bibliography 2

What is Android? mobile OS based on a Linux 2.6 kernel initially developed by Google, later by the Open Handset Alliance (OHA) open source (Apache license) since oct 2008 some drivers for special mobile hardware are still not free official supported platform is ARM but there is a port for x86 platforms Dalvik VM register-based VM for Java still growing (online-)community 3

What is Android? (technical view) source: http://www.techflare.com.au/media/102-android%20-%20system-architecture.jpg 4

Malware on smartphones interesting topic paper Android: Next Target? Schmidt et al smartphones getting more and more popular 2 main categories of attacks: direct attacks, e.g. bypassing permissions system indirect attacks, e.g. information leakage users doesn t realize that most smartphones are like normal desktop PCs 5

Common counteractive measures on Android each application process is separated in an own sandbox-like environment strict permissions system you have to explicitly grant permissions before installing the application all applications have to be signed but signatures do not need to be certified by a trustworthy organization there are some Anti-Virus applications on the market but just signature based detection 6

Problems on Android Security ability of using the Java Native Interface (JNI) to speed-up applications bypass SDK restrictions and normal application lifecyle Google provides NDK (Native Development Kit) rising amount of Applications for rooted Android phones this applications could have COMPLETE control over the mobile device (root access) ability to access internal Android packages via reflection access on not officially supported API content Security on Android is an issue! 7

Use-Cases Design Conclusion 8

Use-Cases for AAS (i) Application Provider (e.g. Android Market) detect malware to prevent submission to the market improve techniques for Anti-Virus Software (ii) User wants to know what the Application is exactly doing on the phone e.g. access personal data although App didn t have the permission 9

Design of the AAS 10

Design of the AAS APK 10

Design of the AAS AndroidManifest.xml APK 10

Design of the AAS AndroidManifest.xml classes.dex APK 10

Design of the AAS AndroidManifest.xml classes.dex Ressources pictures libraries (.so) layout.xml... APK 10

Design of the AAS AndroidManifest.xml classes.dex classes.dex Ressources pictures libraries (.so) layout.xml... APK 10

Design of the AAS AndroidManifest.xml classes.dex Ressources pictures layout.xml libraries (.so)... APK static analysis 10

Design of the AAS AndroidManifest.xml classes.dex Ressources pictures layout.xml libraries (.so)... APK static analysis V ( {1,0} ) 1 10

Design of the AAS AndroidManifest.xml classes.dex Ressources pictures layout.xml libraries (.so)... Android Emulator APK static analysis V ( {1,0} ) 1 10

Design of the AAS AndroidManifest.xml classes.dex Ressources pictures - install - exec - random input layout.xml libraries (.so)... Android Emulator APK static analysis V ( {1,0} ) 1 10

Design of the AAS AndroidManifest.xml classes.dex Ressources pictures - install - exec - random input layout.xml libraries (.so)... Android Emulator APK static analysis V ( {1,0} ) 1 10

Design of the AAS AndroidManifest.xml classes.dex Ressources pictures - install - exec - random input V ( {1,0} ) 2 layout.xml libraries (.so)... Android Emulator APK static analysis V ( {1,0} ) 1 10

Design of the AAS AndroidManifest.xml classes.dex Ressources pictures - install - exec - random input V ( {1,0} ) 2 layout.xml libraries (.so)... Android Emulator?! APK static analysis V ( {1,0} ) 1 10

Design of the AAS (2) first step done via disassemble and grep disassemble of.dex file with baksmali (http://code.google.com/p/smali/) second step, LKM which hijacks some syscalls LKM acts like a rootkit logging of syscall usage into logfile which will be analysed after execution time 11

Conclusion / Thesis 2 step analysis Does the result of the static analysis imply the result of the dynamic analysis? first step really fast second step very expensive consider the 2 Use-Cases! (User/AppMarket) Do you always need the 2 steps or just one of them, and if so: which one? to prove thesis I need a lot of applications Problem: Google AppMarket closed source, no direct access, only via mobile phone I wrote a robot which has downloaded ~150 APKs for researching :) 12

Summary Future work / Bibliography 13

Future Work better reverse engineering of mobile applications real-time malware detection on smartphones anomaly detection possible with AAS, but actually not in real-time! Android Honeypot Honeynet 14

Bibliography MOBILE APPLICATION SECURITY ON ANDROID: Context on Android security (Burns, Black Hat 2009) Smartphone Malware Evolution Revisited: Android Next Target? (Aubrey-Derrick Schmidt et al., 4th International Conference on Malicious and Unwanted Software (Malware 2009), Montreal, Quebec, Canada - to appear) Developing and benchmarking native linux applications on android. (Leonid Batyuk et al., In mobile Wirelessmiddleware, Operating Systems, and Applications, 2009) 15

End thanks for your attention 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback