deepdroid: dynamically enforcing enterprise policy on ... · deepdroid: dynamically enforcing...
TRANSCRIPT
![Page 1: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/1.jpg)
DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices
Xueqiang Wang1, Kun Sun2, Yuewu Wang1, Jiwu Jing1
1Institute of Information Engineering, CAS2College of William and Mary
Mon, Feb. 9th, 2015
![Page 2: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/2.jpg)
2/31
Outline
Introduction
Related Work
DeepDroid
Evaluation
Discussion
Conclusion
![Page 3: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/3.jpg)
3/31
Introduction
Mobile devices are widely used for work purposes.
“51% of end users rely on smartphones to perform daily business activities.”——Cisco
“Android hit 84% smartphone share in Q3 2014”——IDC
![Page 4: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/4.jpg)
4/31
Outline
Introduction
Related Work
DeepDroid
Evaluation
Discussion
Conclusion
![Page 5: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/5.jpg)
5/31
Related Work
Evolutionary support from Google
Android Permission
Coarse-grained
All-or-nothing
Lack of run-time configuration
Device Administration APIs
Only provide device-level control on password policy, camera, device wipe, etc.
Very limited interfaces (43 in KitKat VS 500+ in BlackBerry)
![Page 6: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/6.jpg)
6/31
Related Work
Evolutionary support from Google
Introduction of SEAndroid
Brings flexible MAC to Android
Middleware MAC has not been included, even in Android 5.0
Unavailable on legacy phones (58.7%<version 4.4)
Incorporation of Knox APIs
A large step towards “Android for Enterprise”
Introduces Knox features into AOSP except hardware-based ones
Unavailable on legacy phones (98.4%<version 5.0)
![Page 7: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/7.jpg)
7/31
Related Work
Possible solutions
Device OEMs’ API, e.g., SAFE, HTC, 3LM, LG.
Other solutions based on source code modification
Extending permission, e.g., Compac[CODASPY’14].
Introducing MAC, e.g., FlaskDroid[USENIX Security’13], SEAndroid[NDSS’13].
Dynamic taint tracking, e.g., TaintDroid[OSDI’10].
Data shadowing, e.g., AppFence[CCS’11]
Portability issue caused by tremendous source code modification.
![Page 8: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/8.jpg)
8/31
Related Work
Possible solutions
Rewriting Android apps
Dalvik bytecode rewriting, e.g., I-ARM-Droid[MoST’12]
Low-level libc interposition, e.g., Aurasium[USENIX Security’12]
On-the-phone instrumentation, e.g., AppGuard[TACAS’13]
Require no modification to smartphone’s firmware and require no root access
Lack of isolation between app and monitoring code.
![Page 9: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/9.jpg)
9/31
Outline
Introduction
Related Work
DeepDroid
Evaluation
Discussion
Conclusion
![Page 10: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/10.jpg)
10/31
The system_server centralized controller for
middleware permissions
The client-server architecture system services, content
providers, etc.
Binder IPC RPC to services/content
providers
Intent
Broadcast
Messengers
ashmem
…
Basic Idea-Middleware
/system/bin/mediaserver
com.android.phone
android.process.acore
android.process.media
……
system_server
configure middleware
permissions
configure middleware
behaviors
Dynamic Memory Instrumentation
![Page 11: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/11.jpg)
11/31
Basic Idea-Linux
zygote
app1 app2 app3
Activity
Manager
Create process that can:
• read/write sdcard
• access network
• use camera
• read contacts
The zygote centralized controller for Linux
groups (a.k.a. Linux permissions)
App works based on Linux system calls.
configure
Linux permissions
configure
Linux behaviors
Tracing System Calls
![Page 12: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/12.jpg)
12/31
DeepDroid-Middleware Permission
system_server opens a few interfaces for
middleware permission check.
Permission
Checkinter-
process
Monitoring
Code
Enterprise Policy
Repository
system_server
Key: Java method interposition
![Page 13: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/13.jpg)
13/31
interpreter
byte code
classes.dex
…
…
dalvik-LinearAlloc
nativeFunc
insns
accessFlags
…
Method…
…
…
monitoring
code
libx.so
…
…
DeepDroid-Middleware Permission
![Page 14: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/14.jpg)
14/31
DeepDroid-Middleware Behavior
access to services
Intent
Broadcast
Messenger
ashmem
……
app
libc.so libc.so
system_server android.process.acore
libbinder.so libbinder.so
…
supervise
behaviors
upperlayers
upperlayers
Binder driver
Transactions between apps and system services ioctl(binderFd, BINDER_WRITE_READ, &bwr)
By tampering Global Offset Table (GOT) of libbinder.so
![Page 15: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/15.jpg)
15/31
DeepDroid-Middleware Behavior
Synchronous invocation E.g., getLastKnownLocation(), getDeviceId()
reply
requests
system process
BR_TRANSACTION
BC_REPLY
pairwise within a
binder thread
interfaces defined in aidl
& in .java
Primitives, IBinder,
FD, Parcelable
![Page 16: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/16.jpg)
16/31
DeepDroid-Middleware Behavior
Asynchronous invocation One-way callbacks, e.g., onLocationChanged()
data callback
get a remote
handle
system process
BC_TRANSACTION
interfaces defined in aidl
or in .java
counterpart recognization
1) servicemanager
2) IBinder instances
Primitives, IBinder, FD,
Parcelable
![Page 17: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/17.jpg)
17/31
--runtime-init
--setuid=10028
--setgid=10028
--setgroups=1015, 3003, 1006, 1007
android.app.ActivityThread
DeepDroid-Linux Permission
Configure Linux permissions (e.g., groups)
system_server
zygote app process
monitoring
fork
1: process
creation request
2: recognize
app
3: reset groups &
track until setuid
![Page 18: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/18.jpg)
18/31
DeepDroid-Linux Behavior
Configuration on Linux permissions is irreversible.
Tracking system calls of Application
Monitoring
Code
App
Process
----------------------------------------------------------
syscall
ptrace
enforce
![Page 19: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/19.jpg)
19/31
DeepDroid-Properties
Fine-grained access control
Both permission and behavior level
Portable
Based on stable system architecture, e.g., system services, permission mechanism, binder.
Dynamic instrumentation
Reduce the work on system customization
![Page 20: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/20.jpg)
20/31
Outline
Introduction
Related Work
DeepDroid
Evaluation
Discussion
Conclusion
![Page 21: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/21.jpg)
21/31
Evaluated Resources
Resource Permission Group PermissionEnforcement
BehaviorEnforcement
IMEI READ_PHONE_STATE packagecom.android.phone
Phone # READ_PHONE_STATE package
location ACCESS_FINE_LOCATION package system_server
contacts READ_CONTACTS package android.process.acore
camera CAMERA camera package/Process Creation
mediaserver
account GET_ACCOUNTS package system_server
logs READ_LOGS log Process Creationapp process
network INTERNET inet package/Process Creation
SMS SEND_SMS package com.android.phone
![Page 22: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/22.jpg)
22/31
Evaluated Devices
Device Android OS
Nexus S(Samsung) 2.3.6
Sony LT29i 4.1.24.2.2
Galaxy Nexus(Samsung) 4.0
Samsung Galaxy Note II
4.1
Samsung Galaxy Note 3 4.3
Nexus 5(LG) 4.4
Meizu MX II Flyme 3.2(4.2.1)
Huawei Honor 3c 4.2
![Page 23: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/23.jpg)
23/31
Performance
0
2
4
6
8
10
12
14
16
18
20
phone_state contacts SMS message
ms
Overhead of Sensitive RPC
Normal Mode (Success) DeepDroid Mode (Success)
Normal Mode (Fail) DeepDroid Mode (Fail)
![Page 24: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/24.jpg)
24/31
Performance
0
20
40
60
80
100
120
MX II LT29i Nexus S
ms
Zygote Overhead (Time of startService)
Normal Zygote Traced Zygote
![Page 25: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/25.jpg)
25/31
Performance
NormalQuadrant
Traced Quadrant
MX II 2508.5 2507.6
LT29i 4653.8 4553.6
Nexus S 1750.0 1705.6
Quadrant Scores
NormalCaffeineMark
TracedCaffeineMark
MX II 6367.2 6207.5
LT 29i 14125.5 13998.5
Nexus S 5982.8 5959.9
CaffeineMark Scores
![Page 26: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/26.jpg)
26/31
Outline
Introduction
Related Work
DeepDroid
Evaluation
Discussion
Conclusion
![Page 27: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/27.jpg)
27/31
Discussion
Root access Required to instrument system components and trace
zygote.
DeepDroid is a self-contained app and can be easily inserted as a system component.
DeepDroid carries little burden on vendor customization.
Compared to other solutions SEAndroid is enforced on Android 4.4.
Knox is fully supported only on some Samsung devices.
DeepDroid is based on stable architecture of Android, therefore, it can be easily adopted on phones from other OEMs and legacy phones.
![Page 28: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/28.jpg)
28/31
Discussion
policy misuse We used software-based scheme to protect policies.
On future devices, we can adopt some hardware-based schemes (e.g., TrustZone-based integrity checking scheme).
![Page 29: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/29.jpg)
29/31
Outline
Introduction
Related Work
DeepDroid
Evaluation
Discussion
Conclusion
![Page 30: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/30.jpg)
30/31
Conclusion
We propose a dynamic security policy enforcement scheme named DeepDroid.
DeepDroid enables fine-grained control on both permission and apps’ behavior.
DeepDroid is relatively portable on different devices compared to direct system customization.
![Page 31: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/31.jpg)
31/31
Thank You
![Page 32: DeepDroid: Dynamically Enforcing Enterprise Policy on ... · DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun2, Yuewu Wang , Jiwu Jing](https://reader030.vdocument.in/reader030/viewer/2022040202/5e78dcf0533b7b1ac172737c/html5/thumbnails/32.jpg)
32/31
References Compac[CODASPY’14]: “Compac: enforce component-level access
control in android”
FlaskDroid[USENIX Security’13]: “Flexible and Fine-Grained Mandatory Access Control on Android for Diverse Security and Privacy Policies”
SEAndroid[NDSS’13]: “Security Enhanced (SE) Android: Bringing Flexible MAC to Android”
TaintDroid[OSDI’10]: “TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones”
AppFence[CCS’11]: “These aren't the droids you're looking for: retrofitting android to protect data from imperious applications”
I-ARM-Droid[MoST’12]: “I-ARM-Droid: A Rewriting Framework for In-App Reference Monitors for Android Applications”
Aurasium[USENIX Security’12]: “Aurasium: Practical Policy Enforcement for Android Applications”
AppGuard[TACAS’13]: “AppGuard: Enforcing User Requirements on Android Apps”