ASM: A Programmable Interface for Extending Android Security

Stephan Heuser,

Ahmad-Reza Sadeghi

Intel Collaborative Research Institute for

Secure Computing at TU Darmstadt,

Germany

Adwait Nadkarni,

William Enck

NC State University, USA

Android Security Extensions (selected)

9/26/2014 ASM - Android Security Modules 2

Security extensions focus on specific use cases and/or security and privacy models

Context-based Apps

CRePE, ConXSense

Privacy TaintDroid, AppFence, MockDroid

Type Enforcement

SEAndroid, FlaskDroid

Fine-Grained

Permissions APEX, CRePE

Permission Constraints

App Communication Saint, XManDroid,

TrustDroid, Aquifer

IPC Provenance QUIRE,

IPC Inspection

Mock Data

MockDroid, TISSA, AppFence

System Apps

Android Security Extensions

Access control (hooks) are embedded in sensitive components

Linux DAC, SELinux/SEAndroid

3rd Party App

System ContentProviders

(e.g. contacts)

Activity Manager Service

3rd Party App

Framework Libraries Package Manager

Service

Applications

Linux Kernel

Android OS

System Apps

Android Security Extensions

Access control (hooks) are embedded in sensitive components

Linux DAC, SELinux/SEAndroid

3rd Party App

(e.g. contacts)

Activity Manager Service

3rd Party App

Framework Libraries Package Manager

Service

Applications

Linux Kernel

Android OS Access Control

Access Control

Access Control (Inlined Reference

Monitor)

Research Question

Is it possible to provide a programmable and generic security architecture on top of which many of these solutions can be

instantiated?

Observations

Diverse Goals, but use similar security hooks and mechanisms System Android

ICC Package Manager

Sensors / Phone

Fake Data

System Content

Providers

File Access

Network Access

3rd Party Hooks

MockDroid

XManDroid

TrustDroid

FlaskDroid

TaintDroid

IPC Inspection

AppFence

Aquifer

SEAndroid

Observations

Diverse Goals, but use similar security hooks and mechanisms System Android

ICC Package Manager

Sensors / Phone

Fake Data

System Content

Providers

File Access

Network Access

3rd Party Hooks

MockDroid

XManDroid

TrustDroid

FlaskDroid

TaintDroid

IPC Inspection

AppFence

Aquifer

SEAndroid

Android OS

Linux Kernel

High-level Idea of ASM

Android

3rd Party App

Android OS

Linux Kernel

A modular access control architecture supporting multiple stakeholders

Enterprise

Platform Provider

Android

3rd Party App

Android OS

Linux Kernel

Deploy Android Security Modules (ASMs) as apps

Enterprise

Platform Provider

Android

3rd Party App

ASM Enterprise

ASM User

ASM Provider

Android OS

Linux Kernel

Deploy Android Security Modules (ASMs) as apps

Enterprise

Platform Provider

Access Control

Android

3rd Party App

ASM Enterprise

ASM User

ASM Provider

Challenges

Fine-grained access control on all abstraction layers

Handle the semantics and pecularities of each layer

Preserve existing security invariants

Don‘t overrule denials by default Android access control

Data modification by ASMs only in well-defined bounds

Efficiency

Only activate hooks when they are required

Whitelisting for root processes and system apps

Policy Reconcilliation

Handle decision conflicts (currently consensus strategy)

Design

(e.g. contacts)

System Services (e.g. ActivityManager)

ASM Framework

ASM - Android Security Modules 9

ASM User

ASM Provider

ASM Enterprise

Applications

Linux Kernel

Android OS

ASM Bridge

3rd Party App WhatsApp

ASM LSM SELinux LSM

9/26/2014

ASM Framework

1. Register Callback Service

ASM User

ASM Provider

ASM Enterprise Applications

Linux Kernel

Android OS

ASM Bridge

ASM LSM SELinux LSM

9/26/2014

ASM Framework

1. Register Callback Service

ASM User

ASM Provider

Linux Kernel

Android OS

ASM Bridge

Reference Monitor

ASM LSM SELinux LSM

9/26/2014

ASM Framework

2. Query Hooks

ASM User

ASM Provider

Linux Kernel

Android OS

ASM Bridge

ASM LSM SELinux LSM

9/26/2014

Hook Invocation

Applications

Linux Kernel

ASM User

ASM Provider

ASM Enterprise

(e.g. contacts)

System Services (e.g. ActivityManager) H

ASM Bridge

ASM LSM SELinux LSM

Android OS

Hook Invocation

Applications

Linux Kernel

ASM User

ASM Provider

ASM Enterprise

(e.g. contacts)

ASM Bridge

ASM LSM SELinux LSM

Android OS

Hook Invocation

Applications

Linux Kernel

ASM User

ASM Provider

ASM Enterprise

(e.g. contacts)

Protection Event (query contacts)

ASM Bridge

ASM LSM SELinux LSM

Android OS

Hook Invocation

Applications

Linux Kernel

ASM User

ASM Provider

ASM Enterprise

(e.g. contacts)

Query Callback

Protection Event (query contacts)

ASM Bridge

ASM LSM SELinux LSM

Android OS

(e.g. contacts)

Support for 3rd-Party Hooks

ASM User

ASM Provider

ASM Enterprise

ASM aware 3rd Party App

Applications

Linux Kernel

Android OS

ASM Bridge

ASM LSM SELinux LSM

(e.g. contacts)

ASM User

ASM Provider

ASM Enterprise

Applications

Linux Kernel

Android OS

ASM Bridge

ASM LSM SELinux LSM

(e.g. contacts)

ASM User

ASM Provider

ASM Enterprise

Register 3rd-party Hook

Applications

Linux Kernel

Android OS

ASM Bridge

ASM LSM SELinux LSM

Evaluation

Experiment Setup

LG Nexus 4

Android 4.4 (with ASM extensions), Linux MSM Kernel 3.4

Evaluated aspects include User Interface (Activity), Contact, File and Socket operations

Considered impact of a plain ASM

Automated Test Suite

Performance Overhead: Java System.nanotime()

Power Consumption: Qualcomm Trepn Profiler

Performance

Stock Android

No ASM active

One ASM active

Activity Start

Contacts Query

File Read

Socket Connect

Power Consumption

Stock Android No ASM active One ASM active

670.42 mW 692.83 mW 732.98 mW

Example Use Case

ConXSense Context Aware Access Control

• Goal: Context-aware access control

ConXSense [ASIACCS 2014]

ConXSense

• Context-aware access control enforcing policies by user context profiling

• Includes access control on sensors (e.g., GPS and camera), sensitive information (e.g., contacts) and apps

Context Profiler

User Interface

Location Info

BT Sensing

User Input

WiFi Sensing

ConXSense

• Context-aware access control enforcing policies by user context profiling

• Includes access control on sensors (e.g., GPS and camera), sensitive information (e.g., contacts) and apps

• ASM based implementation:

ConXSense ASM

Context Profiler

User Interface

ASM Callback Service Location Info

BT Sensing

User Input

WiFi Sensing System

ContentProviders

ActivityManager Service

CameraService

LocationManager Service

Conclusion

ASM greatly simplifies use-case specific solutions

Developers don‘t need to modify system components

Implementation of security solutions as apps

Currently working on further use-cases

Dual Persona Phone

Dynamic Application Behaviour Analysis

Port to new Android versions

Push ASM to device vendors, AOSP

Google, OEMs – please call us

Thank you!

Questions?

http://www.androidsecuritymodules.org

ASM: A Programmable Interface for Extending Android Security · 9/26/2014 ASM - Android Security...

Transcript of ASM: A Programmable Interface for Extending Android Security · 9/26/2014 ASM - Android Security...

ASM: A Programmable Interface for Extending Android Security · 9/26/2014 ASM - Android Security...

Documents

Transcript of ASM: A Programmable Interface for Extending Android Security · 9/26/2014 ASM - Android Security...

A Context-Aware Kernel IPC Firewall for Androidsergey/binderfilter/binderfilter_tr.pdf · A Context-Aware Kernel IPC Firewall for Android ... adapting to mobile phone’s unique security

CAreDroid: Adaptation Framework for Android Context-Aware ...krish/cs257/Caredroid.pdf · CAreDroid: Adaptation Framework for Android Context-Aware Applications Salma Elmalaki Lucas

Dataflow” Computing How to cope with Reconfigurable ... · Reconfigurable Computing! (TU-KL) ASM ASM ASM data counter GAG RAM ASM Xputer literature

A Content-Aware Kernel IPC Firewall for Android Sergey ... · Android } Binder IPC Android Security Internals, Nikolay Elenkov, No Starch Press. Service Binder Client. Service Binder

Enabling Technologies for Android-based Self-Aware Mobile ...

Migration - Asm to Nonasm and Nonasm to Asm

Android Sensor and Framework - AWARE

· 2020. 7. 18. · 06-01-1992 as ASM 30-09-1994 as ASM 02-08-1998 as ASM 12-09-1998 as ASM 14-09-1998 as ASM 16-09-1998 as ASM 18-09-1998 as ASM 26-06-2007 as ASM 01-10-2007 as

Asm to Non Asm & Vice Versa

CAreDroid: Adaptation Framework for Android Context-Aware ... · CAreDroid: Adaptation Framework for Android Context-Aware Applications ... Context-aware computing, Android, Context-adaptation

Asm 1 p-asm-14ssm-p_sample1_10-17-13

Configuring Basic Corporate Owned Personally-Enabled Android … · Note: If you see a Captcha, be aware that it is case sensitive. Registering for Android EMM After logging into

Ford / ASM-X 10.0.10 - ASM 9.6 - Advanced …advancedmotorcare.co.uk/downloads/pdf/decford.pdfFord / ASM-X 10.0.10 - ASM 9.6.6 Legend Existing Function Currently Under Development

TOWARDS ENERGY-AWARE CODING PRACTICES FOR ANDROID · 2018-03-20 · This paper studies how the use of different coding practices when developing Android applications influence energy

Alcatel ASM 180 TD, ASM 180 TD+, ASM 181 TD, ASM 181 TD+ ... · Alcatel Vacuum Technology France - ASM 180 TD/TD+ - ASM 181 TD+ User’s Manual 1/1 Edition 04 - July 97 A very wide

FastTrack: Foreground App-Aware I/O Management …...FastTrack: Foreground App-Aware I/O Management for Improving User Experience of Android Smartphones USENIX Annual Technical Conference,

NANO Technical Information - ASM Assembly Systems | ASM ...

An Adaptation Framework for Android Context-Aware Multitasking · CAMDroid An Adaptation Framework for Android Context-Aware Multitasking Kouemo Ngayo Anatoli Dimitrov1, XiaolongZheng1,

A Content-Aware Kernel IPC Firewall for Android Sergey ...sergey/binderfilter/... · A Content-Aware Kernel IPC Firewall for Android David Wu Sergey Bratus. Overview Understanding

SecureDroid: An Android Security Framework Extension for Context-Aware policy Enforcement