Aurasium : Practical Policy Enforcement for Android Applications
description
Transcript of Aurasium : Practical Policy Enforcement for Android Applications
![Page 1: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/1.jpg)
Aurasium: Practical Policy Enforcement for Android Applications
R. Xu, H. Saidi and R. Anderson
Presented By:Rajat Khandelwal – 2009CS10209Parikshit Sharma – 2009CS10204
![Page 2: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/2.jpg)
Goal Address the multiple threats posed by
malicious applications on Android
![Page 3: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/3.jpg)
Introduction to Android Security Features
Process Isolation Linux user/group permission App requests permission to OS functionalities
Most checked in remote end i.e. system services A few (Internet, Camera) checked in Kernel, as special
user group
![Page 4: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/4.jpg)
Introduction to Android
![Page 5: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/5.jpg)
Malicious Android Apps Abuse permissions:
Permissions are granted for as long as an App is installed on a device
No restrictions on how often resources and data are accessed
Access and transmit private data Access to malicious remote servers application-level privilege escalation
Confused deputy attacks Gain root privilege
![Page 6: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/6.jpg)
Alternative Approaches App vetting: Google’s Bouncer
40% decrease in malware Ineffective once App installed on the device
AV products: Scanning Have no visibility into the runtime of an App
Fine grain permissions checking Require modifications to the OS
Virtualization Require modification to the OS
![Page 7: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/7.jpg)
Related work Existing Work
TaintDroid (OSDI 10) CRePE (ISC 10) AppFence (CCS 11) Quire (USENIX Security 2011) SELinux on Android Taming Privilege-Escalation (NDSS 2012)
Limitations Modify OS – requires rooting and flashing irmware.
![Page 8: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/8.jpg)
Related Approaches
![Page 9: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/9.jpg)
Solution: Aurasium Repackage Apps to intercept all Interactions
with the OS
![Page 10: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/10.jpg)
Aurasium Internals Two Problems to Solve
Introducing alien code to arbitrary application package
Reliably intercepting application interaction with the OS
![Page 11: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/11.jpg)
Aurasium Internals How to add code to existing applications
Android application building and packaging process
![Page 12: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/12.jpg)
Aurasium Internals How to add code to existing applications
apktool
![Page 13: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/13.jpg)
Enforcing Security & Privacy Policy Aurasium way
Per-application basis No need to root phone and flash
firmware Almost non-bypassable
![Page 14: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/14.jpg)
Aurasium Internals How to Intercept
A closer look at app process
![Page 15: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/15.jpg)
Aurasium Internals How to Intercept
Example: Socket Connection
![Page 16: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/16.jpg)
Aurasium Internals How to Intercept
Example: Send SMS
![Page 17: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/17.jpg)
Aurasium Internals How to Intercept
Intercept at lowest boundary – libc.so
![Page 18: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/18.jpg)
Aurasium Internals How to Intercept
Look closer at library calls - dynamic linking
![Page 19: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/19.jpg)
Aurasium Internals How to Intercept
Key: Dynamically linked shared object file Essence: Redo dynamic linking with pointers to our
detour code.
![Page 20: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/20.jpg)
Aurasium Internals How to Intercept
Implemented in native code Almost non-bypassable
Java code cannot modify arbitrary memory Java code cannot issue syscall directly Attempts to load native code is monitored
dlopen()
![Page 21: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/21.jpg)
What can you do with Aurasium? Total visibility into the interactions of an App with
the OS and other Apps Internet connections
connect() IPC Binder communications
ioctl() File system manipulations
write(), read() Access to resources
Ioctl(), read, write() Linux system calls
fork(), execvp()
![Page 22: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/22.jpg)
Aurasium Internals How to add code to existing applications
Inevitably destroy original signature In Android, signature = authorship
Individual app not a problem
![Page 23: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/23.jpg)
Evaluation
![Page 24: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/24.jpg)
Evaluation
![Page 25: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/25.jpg)
Evaluation
![Page 26: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/26.jpg)
Evaluation
![Page 27: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/27.jpg)
Evaluation
![Page 28: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/28.jpg)
Evaluation Tested on Real-world Apps
3491 apps from third-party application store. 1260 malware corpus from Android Genome. Results
Repackaging: 3476/3491 succeed (99.6%/99.8%) Failure mode: apktool/baksmali assembly crashes
Device runs Nexus S under Monkey – UI Exerciser in SDK Intercept calls from all of 3189 runnable application
![Page 29: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/29.jpg)
Limitations 99.9% is not 100%
Rely on robustness of apktool Manual edit of Apps as a workaround
Native code can potentially bypass Aurasium: Already seen examples of native code in the wild
that is capable of doing so Some mitigation techniques exist
![Page 30: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/30.jpg)
Conclusion New approach to Android security/privacy Per-app basis, no need to root phone Tested against many real world apps Have certain limitations
![Page 31: Aurasium : Practical Policy Enforcement for Android Applications](https://reader036.fdocuments.us/reader036/viewer/2022081520/568161df550346895dd1f273/html5/thumbnails/31.jpg)
The End