Upload File

mobile!os!security · mobile!os!security! cse$451$–november$30,2015$ $...

29
Mobile OS Security CSE 451 – November 30, 2015 Franziska (Franzi) Roesner [email protected]

Upload: others

Post on 09-Aug-2020

10 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

   

Mobile  OS  Security  

CSE  451  –  November  30,  2015    

Franziska  (Franzi)  Roesner    [email protected]  

Page 2: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

Today’s  Goals  

•  Introduce  some  OS  security  concepts  through  a  case  study  of  mobile  OSes,  particularly  Android.  

•  Along  the  way,  highlight  that  it  matters  how  these  systems  interface  with  people  (users  &  devs).  

11/30/15   CSE  451  -­‐  Guest  Lecture   2  

Page 3: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

Smartphone  (In)Security  

Users  accidentally  install  malicious  applications.  

11/30/15   3  CSE  451  -­‐  Guest  Lecture  

Page 4: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

Smartphone  (In)Security  

Even  legitimate  applications  exhibit  questionable  behavior.  

11/30/15   4  

Hornyack  et  al.:  43  of  110  Android  applications  sent  location  or  phone  ID  to  third-­‐party  advertising/analytics  servers.  

CSE  451  -­‐  Guest  Lecture  

Page 5: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

Malware  in  the  Wild  [Zhou  et  al.]  

Android  malware  is  growing.  

11/30/15   CSE  451  -­‐  Guest  Lecture   5  

Page 6: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

Mobile  Malware  Attack  Vectors  

•  Unique  to  phones:  –  Premium  SMS  messages    –  Identify  location  – Record  phone  calls  –  Log  SMS    

•  Similar  to  desktop/PCs:    –  Connects  to  botmasters  –  Steal  data  –  Phishing    – Malvertising    

11/30/15   CSE  451  -­‐  Guest  Lecture   6  

Page 7: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

Mobile  Malware  Examples  

•  DroidDream  (Android)  –  Over  58  apps  uploaded  to  Google  app  market  

–  Conducts  data  theft;  send  credentials  to  attackers    

•  Zitmo  (Symbian,BlackBerry,Windows,Android)  –  Poses  as  mobile  banking  application  

–  Captures  info  from  SMS  –  steal  banking  2nd  factors  

–  Works  with  Zeus  botnet    

•  Ikee  (iOS)    –  Worm  capabilities  (targeted  default  ssh  password)    

–  Worked  only  on  jailbroken  phones  with  ssh  installed  

11/30/15   CSE  451  -­‐  Guest  Lecture   7  

Page 8: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

Mobile  Malware  Examples  “ikee  is  never  going  to  give  you  up”  

11/30/15   CSE  451  -­‐  Guest  Lecture   8  

Page 9: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

(Android)  Malware  in  the  Wild  

What  does  it  do?  Root  

Exploit  Remote  Control   Financial  Charges   Information  Stealing  

Net   SMS   Phone  Call  

SMS   Block  SMS  

SMS   Phone  #   User  Account  

#  Families  

20   27   1   4   28   17   13   15   3  

#  Samples  

1204   1171   1   256   571   315   138   563   43  

[Zhou  et  al.]  

11/30/15   CSE  451  -­‐  Guest  Lecture   9  

Why  all  these  problems  with  mobile  malware?  

Page 10: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

Background:  Before  Mobile  Platforms  

Assumptions  in  traditional  OS  (e.g.,  Linux)  design:  1.  There  may  be  multiple  users  who  don’t  trust  each  other.  2.  Once  an  application  is  installed,  it’s  (more  or  less)  trusted.  

11/30/15   CSE  451  -­‐  Guest  Lecture   10  

Page 11: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

Background:  Before  Mobile  Platforms  

Assumptions  in  traditional  OS  (e.g.,  Linux)  design:  1.  There  may  be  multiple  users  who  don’t  trust  each  other.  2.  Once  an  application  is  installed,  it’s  (more  or  less)  trusted.  

11/30/15   CSE  451  -­‐  Guest  Lecture   11  

Page 12: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

Background:  Before  Mobile  Platforms  

Assumptions  in  traditional  OS  (e.g.,  Linux)  design:  1.  There  may  be  multiple  users  who  don’t  trust  each  other.  2.  Once  an  application  is  installed,  it’s  (more  or  less)  trusted.  

11/30/15   CSE  451  -­‐  Guest  Lecture   12  

Apps  can  do  anything  the  UID  they’re  running  under  can  do.  

Page 13: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

What’s  Different  about  Mobile  Platforms?  

•  Applications  are  isolated  –  Each  runs  in  a  separate  execution  context  –  No  default  access  to  file  system,  devices,  etc.  –  Different  than  traditional  OSes  where  multiple  

applications  run  with  the  same  user  permissions!    •  App  Store:  approval  process  for  applications  – Market:  Vendor  controlled/Open  –  App  signing:  Vendor-­‐issued/self-­‐signed  –  User  approval  of  permissions    

11/30/15   CSE  451  -­‐  Guest  Lecture   13  

Page 14: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

More  Details:  Android  

•  Based  on  Linux  •  Application  sandboxes  –  Applications  run  as                                                                                                                              

separate  UIDs,  in                                                                                                                                  separate  processes.  

– Memory  corruption                                                                                                                                errors  only  lead  to                                                                                                                                arbitrary  code  execution  in  the  context  of  the  particular  application,  not  complete  system  compromise!  

–  (Can  still  escape  sandbox  –  but  must  compromise  Linux  kernel  to  do  so.)  ß  allows  rooting  

11/30/15   CSE  451  -­‐  Guest  Lecture   14  

[Enck  et  al.]  

Page 15: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

Rooting  and  Jailbreaking  

•  Allows  user  to  run  applications  with  root  privileges  –  e.g.,  modify/delete  system  files,  app  management,  CPU  

management,  network  management,  etc.  

•  Done  by  exploiting  vulnerability  in  firmware  to  install  su  binary.  

•  Double-­‐edged  sword…  

•  Note:  iOS  is  more  restrictive  than  Android  –  Doesn’t  allow  “side-­‐loading”  apps,  etc.  

11/30/15   CSE  451  -­‐  Guest  Lecture   15  

Page 16: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

Challenges  with  Isolated  Apps  

So  mobile  platforms  isolate  applications  for  security,  but…  

1.  Permissions:  How  can  applications  access  sensitive  resources?      à  the  rest  of  today’s  lecture  

2.  Communication:  How  can  applications  communicate  with  each  other?      à  specific  communication  APIs  (there  may  be                    vulnerabilities  in  how  apps  use  them)  

11/30/15   CSE  451  -­‐  Guest  Lecture   16  

Page 17: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

(1)  Permission  Granting  Problem  

Smartphones  (and  other  modern  OSes)  try  to  prevent  such  attacks  by  limiting  applications’  access  to:  –  System  Resources  (clipboard,  file  system).  –  Devices  (camera,  GPS,  phone,  …).  

 

Standard  approach:  Ask  the  user.  

How  should  operating  system  grant  permissions  to  applications?  

11/30/15   CSE  451  -­‐  Guest  Lecture   17  

Page 18: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

State  of  the  Art  Prompts  (time-­‐of-­‐use)  

11/30/15   CSE  451  -­‐  Guest  Lecture   18  

Page 19: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

State  of  the  Art  Prompts  (time-­‐of-­‐use)   Manifests  (install-­‐time)  

Disruptive,  which  leads  to  prompt-­‐fatigue.  

11/30/15   CSE  451  -­‐  Guest  Lecture   19  

Page 20: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

State  of  the  Art  Prompts  (time-­‐of-­‐use)   Manifests  (install-­‐time)  

Out  of  context;  not  understood  by  users.  

In  practice,  both  are  overly  permissive:    Once  granted  permissions,  apps  can  misuse  them.  

Disruptive,  which  leads  to  prompt-­‐fatigue.  

11/30/15   CSE  451  -­‐  Guest  Lecture   20  

Page 21: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

Are  Manifests  Usable?  

Do  users  pay  attention  to  permissions?  

[Felt  et  al.]  

…  but  88%  of  users  looked  at  reviews.  

11/30/15   CSE  451  -­‐  Guest  Lecture   21  

Page 22: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

Do  users  understand  the  warnings?  

Are  Manifests  Usable?  [Felt  et  al.]  

11/30/15   CSE  451  -­‐  Guest  Lecture   22  

Page 23: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

Do  users  act  on  permission  information?    

“Have  you  ever  not  installed  an  app  because  of  permissions?”  

Are  Manifests  Usable?  [Felt  et  al.]  

11/30/15   CSE  451  -­‐  Guest  Lecture   23  

Page 24: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

Over-­‐Permissioning  

•  Android  permissions  are  badly  documented.  •  Researchers  have  mapped  APIs  à  permissions.  www.android-­‐permissions.org  (Felt  et  al.),  http://pscout.csl.toronto.edu  (Au  et  al.)  

 

[Felt  et  al.]  

11/30/15   CSE  451  -­‐  Guest  Lecture   24  

Page 25: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

Permission  Re-­‐Delegation  

•  An  application  without  a  permission  gains  additional  privileges  through  another  application.  

•  Demo  video  •  Settings  application  is                                                          

deputy:  has  permissions,                                  and  accidentally  exposes                                                                                          APIs  that  use  those                                                        permissions.  

API

Settings

Demo malware

toggleWifi()  

pressButton(0)  

Permission System

toggleWifi()  

[Felt  et  al.]  

11/30/15   CSE  451  -­‐  Guest  Lecture   25  

Page 26: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

Improving  Permissions:  AppFence  [Hornyack  et  al.]  

11/30/15   CSE  451  -­‐  Guest  Lecture   26  

Page 27: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

Let  this  applica,on  access  my  loca,on  now.

Insight: A  user’s  natural  UI  ac,ons  within  an  applica,on  implicitly  carry  permission-­‐gran,ng  seman,cs.  

11/30/15   CSE  451  -­‐  Guest  Lecture   27  

Improving  Permissions:  User-­‐Driven  Access  Control  

[our  work]  

Page 28: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

Let  this  applica,on  access  my  loca,on  now.

Insight: A  user’s  natural  UI  ac,ons  within  an  applica,on  implicitly  carry  permission-­‐gran,ng  seman,cs.  

11/30/15   CSE  451  -­‐  Guest  Lecture   28  

Our  study  shows:   Many  users  already  believe  (52%  of  186)   –  and/or  desire  (68%)  –  that  resource  access  follows  the  user-­‐driven  access  control  model.

Improving  Permissions:  User-­‐Driven  Access  Control  

[our  work]  

Page 29: Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ franzi@cs.washington.edu$

New  OS  Primitive:    Access  Control  Gadgets  (ACGs)  

Approach:  Make  resource-­‐related  UI  elements  first-­‐class  opera,ng  system  objects  (access  control  gadgets).

•  To  receive  resource  access,  applica,ons  must  embed  a  system-­‐provided  ACG.

•  ACGs  allow  the  OS  to  capture  the  user’s  permission  gran,ng  intent  in  applica,on-­‐agnos,c  way.

11/30/15   CSE  451  -­‐  Guest  Lecture   29  


Measurement and Efforts to Improve Quality Gayle Martin and Zelalem Debebe June 30,2015 1

DEUTSCH MIT FELIX UND FRANZI - Goethe-Institut2 DEUTSCH MIT FELIX UND FRANZI Fun Materials for Learning German at Primary Level Introduction: These exciting new materials and ideas

Class of 2017 Sophomore Seminar Friday, January 30,2015 English Classrooms

DEUTSCH MIT FELIX UND FRANZI LESSON PLANS FOR GERMAN · PDF fileMIT FELIX UND FRANZI LESSON PLANS FOR GERMAN ... Deutsch mit Felix und Franzi Buch_revised_kurz.indd ... Viel Spaß!

Software Security: Buffer Overflow Attacks · Buffer Overflow Attacks (continued) Autumn 2020 Franziska (Franzi) Roesner [email protected] Thanks to Dan Boneh, Dieter Gollmann,

Exploring E-Commerce opportunities in China-Ben Franzi

FYE June 30,2015 Annual Report

Carterville Phase II MS4 MO-R040085 Storm Water …June 30,2015 June 30,2016 June 30,2017 ... SpringlFall2014 SpringlFall2015 SpringlFall20 16 SpringlFall2017 SpringlFall2018 July

6 TOM TOM IN-DEPTH FRIDAY OCTOBER 30,2015 7 A Question ... · 6 TOM TOM IN-DEPTH FRIDAY OCTOBER 30,2015 7 At East vs. West, sophomore Gerrett Giesick waits on the sideline for his

GEL 341 Geomorphology Course Syllabusd32ogoqmya1dw8.cloudfront.net/.../geomorphology... · GEL 341 Geomorphology Course Syllabus 2014 Instructor Information . David A. Franzi

Joe Franzi - Australian Signals Directorate - Keynote Address

Monday November 30,2015 No Banks! Freedom of Speech

Expression of Expansin Genes 1s Correlated with Growth in … · 2019. 5. 9. · SPZO SPZ9 Os-EXPl Os-EW2 Os-EXP3 OS-EXP4 OS-EXPl Os-EXP2 OS-EXP3 OS-EXP4 os-ExP1 Os-EXP2 Os-EXP3 OS-EXP4

Software Security: Buffer Overflow Attacks · 2020. 4. 6. · Buffer Overflow Attacks (continued) Spring 2020 Franziska (Franzi) Roesner [email protected] Thanks to Dan Boneh,

DEUTSCH MIT FELIX UND FRANZI - goethe.de · 1 DEUTSCH MIT FELIX UND FRANZI LESSON PLANS FOR GERMAN AT KEY STAGE 2 VOLUME 2 This material was produced with funding from the Goethe-Institut

CSE 564: Computer Security and Privacy Winter 2015 Franzi Roesner ([email protected])[email protected]

City of Youngsville - Louisiana...CITY OF YOUNGSVILLE, LOUISIANA Statement of Net Position June 30,2015 Governmental Business-Type Activities Activities Total ASSETS Current assets:

Druck-Dummy ZW - fintree GmbH...Title Druck-Dummy_ZW.cdr Author Franzi Created Date 7/17/2018 9:50:45 PM

C. BEACON SHOPPER, July 30,2015 - nyshistoricnewspapers.orgnyshistoricnewspapers.org/lccn/sn84031349/2015-07-30/ed-1/seq-16.pdf · Rocky Falsitta Kaela Rose Farley Patrick Feeney

November Market Commentary 2015 - Blue Ocean Global Wealth€¦ · ! Insight.)) Clarity.)) Purpose. 2015)November)Financial)Market)Update) — November)30,2015)!! Focusing)on)Earnings!

Geotechnical Properties of Glacigenic Soils and Slope Stability David A. Franzi Center for Earth and Environmental Science SUNY Plattsburgh

OS-SA OS-SC OS-SP OS-SAW OS-SCW SEWING HEAD

waltzdream - sfsma.org · 49 so (action) (action) (a 'don) niki eats cake can' niki stands up after writing letter franzi in palace hall—sees niki niki kisses franzi

DEUTSCH MIT FELIX UND FRANZI - Goethe-Institut · 1 DEUTSCH MIT FELIX UND FRANZI LESSON PLANS FOR GERMAN AT KEY STAGE 2 VOLUME 1 This material was produced with funding from the Goethe-Institut

Track nationals - montananewspapers.orgmontananewspapers.org/lccn/TheProspector/2015-04-30/ed-1/seq-1… · 30/04/2015  · 10 Sports Thursday, April 30,2015 Track nationals Megan

REGULAR MEETING OF FLORENCE CITY COUNCILmeetings.cityofflorence.com/DocumentLibraryManager... · Florence for fiscal year beginning July 1, 2014 and ending June 30,2015. b. A Public

Ben Franzi

libro2 · Title: libro2 Author: Marc Par�s i Franzi Created Date: 1/15/2008 2:35:18 PM

DEUTSCH MIT FELIX UND FRANZI - Goethe- · PDF fileDEUTSCH MIT FELIX UND FRANZI NEW LESSON PLANS FOR GERMAN AT KEY STAGE 2 Make a flying start with German! Additional materials like

[Finish Hash Functions; Start Asymmetric Cryptography] · 2020-04-24 · [Finish Hash Functions; Start Asymmetric Cryptography] Spring 2020 Franziska (Franzi) Roesner [email protected]

DOWNTOWN EXPRESS, JULY 30,2015

CME AccountManager UserManual - Futures & Options Trading ... · CME AccountManager UserManual ... 30,2015 MR Various ... Activate,De-Activate,Edit,Closerequiresfulladministrativeentitlementsandservices

CSE$484$/$CSE$M584 Computer$Security:$ Web$Security$€¦ · CSE$484$/$CSE$M584 $ Computer$Security:$ Web$Security$ TA:$Franzi$Roesner$ [email protected]$

Aero Image Library - Juanita Franzi Aero Illustrationsaeroillustrations.com/wp-content/uploads/AeroImageLibrary201105.pdf · manufacturer. Arado Aero Image Library ... Can't find

Lantech Pioneering Industrial and IP Networks TM Lantech PoE Switch Advantage & Comparison with Korenix,Oring,Moxa Presented by Marketing Dept. Jan 30,2015