SlideShare a Scribd company logo

Trendmicro Security Award 2012 Final Presentation

Download as KEY, PDF
Hiromu Yakura
Hiromu Yakura

Lectured at Trendmicro Security Award 2012 Final Round

Technology
1 of 38
The new malware detection system with SEAndroid Hiromu Yakura <hiromu1996@gmail.com>
Self-Introduction • Hiromu Yakura • 15 yo. • Twitter: @hiromu1996
Self-Introduction • Japanese national certified security specialist • Youngest Record • competitive programmer • Asia and Pacific Informatics Olympiad • won a bronze medal
Self-Introduction • Linux Kernel Developer • Accepted some patches • Android Developer • Lectured about Android security • “What is SEAndroid?” • at Tokyo University
Background • An alarming increase in Android malware McAfee Threats Report: First Quarter 2012
Background • An alarming increase in Android malware Big threat McAfee Threats Report: First Quarter 2012
Background • Percentage of detected malware types F-Secure Mobile Threat Report 2012 Q1より
Background • Percentage of detected malware types F-Secure Mobile Threat Report 2012 Q1より
Background • Percentage of detected malware types F-Secure Mobile Threat Report 2012 Q1より
DroidKungFu • This application contains exploit code • CVE-2009-1185 • Linux kernel vulnerability • CVE-2010-EASY • Android vulnerability
DroidKungFu • After gain root access • Install other malware • without user permit • user can’t delete malware
Security Application • Usual Android security application • Can’t detect root access • Can’t remove DroidKungFu • Because of Android Sandbox
Security Application • All of them adopt signature-based system • Can’t detect Zero-day Attack • Can’t detect encrypted files
The new system • I propose a new system • Defend from Zero-day Attack • Defend from root exploit
The new system • System Overview Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
The new system • This system use SEAndroid and Jubatus Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
The new system • This system use Jubatus and SEAndroid • Jubatus is distributed learning system • SEAndroid is LSM(Linux Security Module)
Jubatus • Distributed processing framework • Streaming machine learning library • More excellent in real-time, distribution • than MapReduce, Hadoop
SEAndroid • SEAndroid • One of the popular LSM • Android version of SELinux • Developed by NSA
SEAndroid • Mandatory Access Control • Least privileges • Audit log
The new system • How to work Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
The new system • When application send commands Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
The new system • Judge whether command is valid with policy Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
The new system • If SEAndroid judges the command is valid Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
The new system • If SEAndroid judges the command is invalid Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
The new system • The command is record in Audit log Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
The new system • System send log to Jubatus Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
The new system • Jubatus judges the application isn’t malware Whitelisted Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
The new system • Jubatus judges the application is malware Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
~Demo~
Features • Behavioral detection system • Defend from Zero-day Attack • Any of existing product can’t defend
Features • Use SEAndroid(Linux Security Module) • Enable root access detection • Logging only security incident • Higher precision and Lighter • than syscall hooking
Features • Real-time machine learning • Study from user feedback • Become higher precision steadily • Jubatus is best suitable for this system
Issue • This system depends on SEAndroid • SEAndroid is built-in system of kernel • Vendors must install SEAndroid • No device support SEAndroid on the market
Solution • This system can use other LSM • With only changing log parser • There are devices supporting TOMOYO Linux • TOMOYO Linux is LSM • The devices are made by Fujitsu
Solution • Work on some of commercial devices • In several years, All device support LSM • Because LSM is essential for Android
Lastly • I want to • Improve Android security system • Decrease damage of Android malware
Thank you for listening

Recommended

Slides null puliya linux basics
Slides null puliya linux basicsSlides null puliya linux basics
Slides null puliya linux basicsAnant Shrivastava
 
Russia the threat landscape
Russia the threat landscapeRussia the threat landscape
Russia the threat landscapeАльбина Минуллина
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallHuda Seyam
 
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】Hacks in Taiwan (HITCON)
 
Intel McAfee DeepSAFE Technology
Intel McAfee DeepSAFE TechnologyIntel McAfee DeepSAFE Technology
Intel McAfee DeepSAFE TechnologyCan Your Security
 
Exploiting publically exposed Version Control System
Exploiting publically exposed Version Control SystemExploiting publically exposed Version Control System
Exploiting publically exposed Version Control SystemAnant Shrivastava
 
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threatBasic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threatVladyslav Radetsky
 
Snort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallSnort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallHuda Seyam
 

Recommended

Slides null puliya linux basics
Slides null puliya linux basicsSlides null puliya linux basics
Slides null puliya linux basicsAnant Shrivastava
 
Russia the threat landscape
Russia the threat landscapeRussia the threat landscape
Russia the threat landscapeАльбина Минуллина
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallHuda Seyam
 
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】Hacks in Taiwan (HITCON)
 
Intel McAfee DeepSAFE Technology
Intel McAfee DeepSAFE TechnologyIntel McAfee DeepSAFE Technology
Intel McAfee DeepSAFE TechnologyCan Your Security
 
Exploiting publically exposed Version Control System
Exploiting publically exposed Version Control SystemExploiting publically exposed Version Control System
Exploiting publically exposed Version Control SystemAnant Shrivastava
 
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threatBasic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threatVladyslav Radetsky
 
Snort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallSnort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallHuda Seyam
 
Dissecting ZeuS malware
Dissecting ZeuS malwareDissecting ZeuS malware
Dissecting ZeuS malwareCyphort
 
Zeus Dissected
Zeus DissectedZeus Dissected
Zeus DissectedCyphort
 
DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...
DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...
DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...DevOpsDays Riga
 
Security in Android Applications / Александр Смирнов (RedMadRobot)
Security in Android Applications / Александр Смирнов (RedMadRobot)Security in Android Applications / Александр Смирнов (RedMadRobot)
Security in Android Applications / Александр Смирнов (RedMadRobot)Ontico
 
Droidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensicsDroidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensicsviaForensics
 
Web Application Detection with SNORT
Web Application Detection with SNORTWeb Application Detection with SNORT
Web Application Detection with SNORTSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】Hacks in Taiwan (HITCON)
 
Snap Packages on WSL2
Snap Packages on WSL2Snap Packages on WSL2
Snap Packages on WSL2Daniel Llewellyn
 
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Cyphort
 
Securing the Socks Shop
Securing the Socks ShopSecuring the Socks Shop
Securing the Socks ShopJason Smith
 
Troopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTroopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTamas K Lengyel
 
Zeus' Not Dead Yet
Zeus' Not Dead YetZeus' Not Dead Yet
Zeus' Not Dead Yetpinkflawd
 
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...Nicolas Fränkel
 
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...Nicolas Fränkel
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation SecurityCybera Inc.
 
MIning Software Repositories (MSR) 2010 presentation
MIning Software Repositories (MSR) 2010 presentationMIning Software Repositories (MSR) 2010 presentation
MIning Software Repositories (MSR) 2010 presentationAhmed Lamkanfi
 
Android security maximized by samsung knox
Android security maximized by samsung knoxAndroid security maximized by samsung knox
Android security maximized by samsung knoxJavier Gonzalez
 
A Stuxnet for Mainframes
A Stuxnet for MainframesA Stuxnet for Mainframes
A Stuxnet for MainframesCheryl Biswas
 
やってみよう!0円セキュリティ
やってみよう!0円セキュリティやってみよう!0円セキュリティ
やってみよう!0円セキュリティ歩 奥山
 
The World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetThe World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetSean Xie
 
OSS奨励賞受賞プレゼン 活動紹介
OSS奨励賞受賞プレゼン 活動紹介OSS奨励賞受賞プレゼン 活動紹介
OSS奨励賞受賞プレゼン 活動紹介Hiromu Yakura
 
Arduinoでプログラミングに触れてみよう 続編
Arduinoでプログラミングに触れてみよう 続編Arduinoでプログラミングに触れてみよう 続編
Arduinoでプログラミングに触れてみよう 続編Hiromu Yakura
 

More Related Content

What's hot

Dissecting ZeuS malware
Dissecting ZeuS malwareDissecting ZeuS malware
Dissecting ZeuS malwareCyphort
 
Zeus Dissected
Zeus DissectedZeus Dissected
Zeus DissectedCyphort
 
DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...
DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...
DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...DevOpsDays Riga
 
Security in Android Applications / Александр Смирнов (RedMadRobot)
Security in Android Applications / Александр Смирнов (RedMadRobot)Security in Android Applications / Александр Смирнов (RedMadRobot)
Security in Android Applications / Александр Смирнов (RedMadRobot)Ontico
 
Droidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensicsDroidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensicsviaForensics
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】Hacks in Taiwan (HITCON)
 
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Cyphort
 
Securing the Socks Shop
Securing the Socks ShopSecuring the Socks Shop
Securing the Socks ShopJason Smith
 
Troopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTroopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTamas K Lengyel
 
Zeus' Not Dead Yet
Zeus' Not Dead YetZeus' Not Dead Yet
Zeus' Not Dead Yetpinkflawd
 
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...Nicolas Fränkel
 
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...Nicolas Fränkel
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation SecurityCybera Inc.
 
MIning Software Repositories (MSR) 2010 presentation
MIning Software Repositories (MSR) 2010 presentationMIning Software Repositories (MSR) 2010 presentation
MIning Software Repositories (MSR) 2010 presentationAhmed Lamkanfi
 
Android security maximized by samsung knox
Android security maximized by samsung knoxAndroid security maximized by samsung knox
Android security maximized by samsung knoxJavier Gonzalez
 
A Stuxnet for Mainframes
A Stuxnet for MainframesA Stuxnet for Mainframes
A Stuxnet for MainframesCheryl Biswas
 
やってみよう!0円セキュリティ
やってみよう!0円セキュリティやってみよう!0円セキュリティ
やってみよう!0円セキュリティ歩 奥山
 
The World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetThe World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetSean Xie
 

What's hot (20)

Dissecting ZeuS malware
Dissecting ZeuS malwareDissecting ZeuS malware
Dissecting ZeuS malware
 
Zeus Dissected
Zeus DissectedZeus Dissected
Zeus Dissected
 
DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...
DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...
DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...
 
Security in Android Applications / Александр Смирнов (RedMadRobot)
Security in Android Applications / Александр Смирнов (RedMadRobot)Security in Android Applications / Александр Смирнов (RedMadRobot)
Security in Android Applications / Александр Смирнов (RedMadRobot)
 
Droidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensicsDroidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensics
 
Web Application Detection with SNORT
Web Application Detection with SNORTWeb Application Detection with SNORT
Web Application Detection with SNORT
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
 
Snap Packages on WSL2
Snap Packages on WSL2Snap Packages on WSL2
Snap Packages on WSL2
 
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
 
Securing the Socks Shop
Securing the Socks ShopSecuring the Socks Shop
Securing the Socks Shop
 
Troopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTroopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUF
 
Zeus' Not Dead Yet
Zeus' Not Dead YetZeus' Not Dead Yet
Zeus' Not Dead Yet
 
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
 
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation Security
 
MIning Software Repositories (MSR) 2010 presentation
MIning Software Repositories (MSR) 2010 presentationMIning Software Repositories (MSR) 2010 presentation
MIning Software Repositories (MSR) 2010 presentation
 
Android security maximized by samsung knox
Android security maximized by samsung knoxAndroid security maximized by samsung knox
Android security maximized by samsung knox
 
A Stuxnet for Mainframes
A Stuxnet for MainframesA Stuxnet for Mainframes
A Stuxnet for Mainframes
 
やってみよう!0円セキュリティ
やってみよう!0円セキュリティやってみよう!0円セキュリティ
やってみよう!0円セキュリティ
 
The World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetThe World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - Stuxnet
 

Viewers also liked

OSS奨励賞受賞プレゼン 活動紹介
OSS奨励賞受賞プレゼン 活動紹介OSS奨励賞受賞プレゼン 活動紹介
OSS奨励賞受賞プレゼン 活動紹介Hiromu Yakura
 
Arduinoでプログラミングに触れてみよう 続編
Arduinoでプログラミングに触れてみよう 続編Arduinoでプログラミングに触れてみよう 続編
Arduinoでプログラミングに触れてみよう 続編Hiromu Yakura
 
Arduinoでプログラミングに触れてみよう
Arduinoでプログラミングに触れてみようArduinoでプログラミングに触れてみよう
Arduinoでプログラミングに触れてみようHiromu Yakura
 
新しいライブ映像再生システムを研究してみた
新しいライブ映像再生システムを研究してみた新しいライブ映像再生システムを研究してみた
新しいライブ映像再生システムを研究してみたHiromu Yakura
 
GAME ON 特別イベント 「ゲームってなんでプログラミング?」
GAME ON 特別イベント 「ゲームってなんでプログラミング?」GAME ON 特別イベント 「ゲームってなんでプログラミング?」
GAME ON 特別イベント 「ゲームってなんでプログラミング?」Hiromu Yakura
 
ナウいAndroidセキュリティ
ナウいAndroidセキュリティナウいAndroidセキュリティ
ナウいAndroidセキュリティHiromu Yakura
 
SEAndroid -AndroidのアーキテクチャとSE化について-
SEAndroid -AndroidのアーキテクチャとSE化について-SEAndroid -AndroidのアーキテクチャとSE化について-
SEAndroid -AndroidのアーキテクチャとSE化について-Hiromu Yakura
 
CTF, What's in it for me?
CTF, What's in it for me?CTF, What's in it for me?
CTF, What's in it for me?Hiromu Yakura
 
Why don't you learn programming?
Why don't you learn programming?Why don't you learn programming?
Why don't you learn programming?Hiromu Yakura
 
セキュリティ・キャンプのススメ
セキュリティ・キャンプのススメセキュリティ・キャンプのススメ
セキュリティ・キャンプのススメHiromu Yakura
 
Androidにおける強制アクセス制御
Androidにおける強制アクセス制御Androidにおける強制アクセス制御
Androidにおける強制アクセス制御Hiromu Yakura
 
CTFはとんでもないものを 盗んでいきました。私の時間です…
CTFはとんでもないものを 盗んでいきました。私の時間です…CTFはとんでもないものを 盗んでいきました。私の時間です…
CTFはとんでもないものを 盗んでいきました。私の時間です…Hiromu Yakura
 

Viewers also liked (16)

OSS奨励賞受賞プレゼン 活動紹介
OSS奨励賞受賞プレゼン 活動紹介OSS奨励賞受賞プレゼン 活動紹介
OSS奨励賞受賞プレゼン 活動紹介
 
Arduinoでプログラミングに触れてみよう 続編
Arduinoでプログラミングに触れてみよう 続編Arduinoでプログラミングに触れてみよう 続編
Arduinoでプログラミングに触れてみよう 続編
 
Arduinoでプログラミングに触れてみよう
Arduinoでプログラミングに触れてみようArduinoでプログラミングに触れてみよう
Arduinoでプログラミングに触れてみよう
 
新しいライブ映像再生システムを研究してみた
新しいライブ映像再生システムを研究してみた新しいライブ映像再生システムを研究してみた
新しいライブ映像再生システムを研究してみた
 
GAME ON 特別イベント 「ゲームってなんでプログラミング?」
GAME ON 特別イベント 「ゲームってなんでプログラミング?」GAME ON 特別イベント 「ゲームってなんでプログラミング?」
GAME ON 特別イベント 「ゲームってなんでプログラミング?」
 
ナウいAndroidセキュリティ
ナウいAndroidセキュリティナウいAndroidセキュリティ
ナウいAndroidセキュリティ
 
Nyarlathotep
NyarlathotepNyarlathotep
Nyarlathotep
 
Arrow Judge
Arrow JudgeArrow Judge
Arrow Judge
 
SEAndroid -AndroidのアーキテクチャとSE化について-
SEAndroid -AndroidのアーキテクチャとSE化について-SEAndroid -AndroidのアーキテクチャとSE化について-
SEAndroid -AndroidのアーキテクチャとSE化について-
 
CTF, What's in it for me?
CTF, What's in it for me?CTF, What's in it for me?
CTF, What's in it for me?
 
検証、SEAndroid
検証、SEAndroid検証、SEAndroid
検証、SEAndroid
 
ICTのちから
ICTのちからICTのちから
ICTのちから
 
Why don't you learn programming?
Why don't you learn programming?Why don't you learn programming?
Why don't you learn programming?
 
セキュリティ・キャンプのススメ
セキュリティ・キャンプのススメセキュリティ・キャンプのススメ
セキュリティ・キャンプのススメ
 
Androidにおける強制アクセス制御
Androidにおける強制アクセス制御Androidにおける強制アクセス制御
Androidにおける強制アクセス制御
 
CTFはとんでもないものを 盗んでいきました。私の時間です…
CTFはとんでもないものを 盗んでいきました。私の時間です…CTFはとんでもないものを 盗んでいきました。私の時間です…
CTFはとんでもないものを 盗んでいきました。私の時間です…
 

Similar to Trendmicro Security Award 2012 Final Presentation

Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012 hakersinfo
 
Android OS & Security.pptx
Android OS & Security.pptxAndroid OS & Security.pptx
Android OS & Security.pptxBhumiAvhad1
 
Enhancing and modifying_the_core_android_os
Enhancing and modifying_the_core_android_osEnhancing and modifying_the_core_android_os
Enhancing and modifying_the_core_android_osArnav Gupta
 
Android Application Development Training by NITIN GUPTA
Android Application Development Training by NITIN GUPTA Android Application Development Training by NITIN GUPTA
Android Application Development Training by NITIN GUPTA NITIN GUPTA
 
Enhancing and modifying_the_core_android_os
Enhancing and modifying_the_core_android_osEnhancing and modifying_the_core_android_os
Enhancing and modifying_the_core_android_osArnav Gupta
 
Android App Developement
Android App DevelopementAndroid App Developement
Android App DevelopementAayush Gupta
 
Introduction to android sessions new
Introduction to android sessions newIntroduction to android sessions new
Introduction to android sessions newJoe Jacob
 
From reactive toproactive mobile security
From reactive toproactive mobile securityFrom reactive toproactive mobile security
From reactive toproactive mobile securityMobileSoft
 
It's What's Inside that Counts!
It's What's Inside that Counts!It's What's Inside that Counts!
It's What's Inside that Counts!New Relic
 
Where and When to Docker
Where and When to DockerWhere and When to Docker
Where and When to Dockerdantheelder
 
Code review and security audit in private cloud - Arief Karfianto
Code review and security audit in private cloud - Arief KarfiantoCode review and security audit in private cloud - Arief Karfianto
Code review and security audit in private cloud - Arief Karfiantoidsecconf
 
System Center Configuration Manager and Mobile Device Management
System Center Configuration Manager and Mobile Device ManagementSystem Center Configuration Manager and Mobile Device Management
System Center Configuration Manager and Mobile Device ManagementC/D/H Technology Consultants
 
Embedded Android: Android beyond the smartphone
Embedded Android: Android beyond the smartphoneEmbedded Android: Android beyond the smartphone
Embedded Android: Android beyond the smartphoneChris Simmonds
 
technical overview - endpoint protection 10.3.3
technical overview - endpoint protection 10.3.3technical overview - endpoint protection 10.3.3
technical overview - endpoint protection 10.3.3Muhammad Denis Iqbal
 
Android Seminar BY Suleman Khan.pdf
Android Seminar BY Suleman Khan.pdfAndroid Seminar BY Suleman Khan.pdf
Android Seminar BY Suleman Khan.pdfNomanKhan869872
 

Similar to Trendmicro Security Award 2012 Final Presentation (20)

Android
AndroidAndroid
Android
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012
 
Android OS & Security.pptx
Android OS & Security.pptxAndroid OS & Security.pptx
Android OS & Security.pptx
 
Android app devolopment
Android app devolopmentAndroid app devolopment
Android app devolopment
 
Enhancing and modifying_the_core_android_os
Enhancing and modifying_the_core_android_osEnhancing and modifying_the_core_android_os
Enhancing and modifying_the_core_android_os
 
Android Application Development Training by NITIN GUPTA
Android Application Development Training by NITIN GUPTA Android Application Development Training by NITIN GUPTA
Android Application Development Training by NITIN GUPTA
 
Enhancing and modifying_the_core_android_os
Enhancing and modifying_the_core_android_osEnhancing and modifying_the_core_android_os
Enhancing and modifying_the_core_android_os
 
Android App Developement
Android App DevelopementAndroid App Developement
Android App Developement
 
Introduction to android sessions new
Introduction to android sessions newIntroduction to android sessions new
Introduction to android sessions new
 
From reactive toproactive mobile security
From reactive toproactive mobile securityFrom reactive toproactive mobile security
From reactive toproactive mobile security
 
It's What's Inside that Counts!
It's What's Inside that Counts!It's What's Inside that Counts!
It's What's Inside that Counts!
 
Android overview
Android overviewAndroid overview
Android overview
 
Where and When to Docker
Where and When to DockerWhere and When to Docker
Where and When to Docker
 
Code review and security audit in private cloud - Arief Karfianto
Code review and security audit in private cloud - Arief KarfiantoCode review and security audit in private cloud - Arief Karfianto
Code review and security audit in private cloud - Arief Karfianto
 
System Center Configuration Manager and Mobile Device Management
System Center Configuration Manager and Mobile Device ManagementSystem Center Configuration Manager and Mobile Device Management
System Center Configuration Manager and Mobile Device Management
 
Embedded Android: Android beyond the smartphone
Embedded Android: Android beyond the smartphoneEmbedded Android: Android beyond the smartphone
Embedded Android: Android beyond the smartphone
 
technical overview - endpoint protection 10.3.3
technical overview - endpoint protection 10.3.3technical overview - endpoint protection 10.3.3
technical overview - endpoint protection 10.3.3
 
Android Seminar BY Suleman Khan.pdf
Android Seminar BY Suleman Khan.pdfAndroid Seminar BY Suleman Khan.pdf
Android Seminar BY Suleman Khan.pdf
 
Android ppt
Android ppt Android ppt
Android ppt
 
Android Applications
Android ApplicationsAndroid Applications
Android Applications
 

More from Hiromu Yakura

Human-AI communication for human-human communication / CHAI Workshop @ IJCAI ...
Human-AI communication for human-human communication / CHAI Workshop @ IJCAI ...Human-AI communication for human-human communication / CHAI Workshop @ IJCAI ...
Human-AI communication for human-human communication / CHAI Workshop @ IJCAI ...Hiromu Yakura
 
How to make good use of AI technologies? @ Tsukuba Conference 2021
How to make good use of AI technologies? @ Tsukuba Conference 2021How to make good use of AI technologies? @ Tsukuba Conference 2021
How to make good use of AI technologies? @ Tsukuba Conference 2021Hiromu Yakura
 
機械学習を"良く"使うには
機械学習を"良く"使うには機械学習を"良く"使うには
機械学習を"良く"使うにはHiromu Yakura
 
自己紹介@名状しがたいお茶会
自己紹介@名状しがたいお茶会自己紹介@名状しがたいお茶会
自己紹介@名状しがたいお茶会Hiromu Yakura
 
Python 3のWebシステムでDDDに入門してみた
Python 3のWebシステムでDDDに入門してみたPython 3のWebシステムでDDDに入門してみた
Python 3のWebシステムでDDDに入門してみたHiromu Yakura
 
Robust Audio Adversarial Example for a Physical Attack
Robust Audio Adversarial Example for a Physical AttackRobust Audio Adversarial Example for a Physical Attack
Robust Audio Adversarial Example for a Physical AttackHiromu Yakura
 
機械学習コン講評
機械学習コン講評機械学習コン講評
機械学習コン講評Hiromu Yakura
 
NPCA夏合宿 2014 講義資料
NPCA夏合宿 2014 講義資料NPCA夏合宿 2014 講義資料
NPCA夏合宿 2014 講義資料Hiromu Yakura
 
イタリアでパスタを食べた話
イタリアでパスタを食べた話イタリアでパスタを食べた話
イタリアでパスタを食べた話Hiromu Yakura
 

More from Hiromu Yakura (14)

Human-AI communication for human-human communication / CHAI Workshop @ IJCAI ...
Human-AI communication for human-human communication / CHAI Workshop @ IJCAI ...Human-AI communication for human-human communication / CHAI Workshop @ IJCAI ...
Human-AI communication for human-human communication / CHAI Workshop @ IJCAI ...
 
How to make good use of AI technologies? @ Tsukuba Conference 2021
How to make good use of AI technologies? @ Tsukuba Conference 2021How to make good use of AI technologies? @ Tsukuba Conference 2021
How to make good use of AI technologies? @ Tsukuba Conference 2021
 
機械学習を"良く"使うには
機械学習を"良く"使うには機械学習を"良く"使うには
機械学習を"良く"使うには
 
自己紹介@名状しがたいお茶会
自己紹介@名状しがたいお茶会自己紹介@名状しがたいお茶会
自己紹介@名状しがたいお茶会
 
Python 3のWebシステムでDDDに入門してみた
Python 3のWebシステムでDDDに入門してみたPython 3のWebシステムでDDDに入門してみた
Python 3のWebシステムでDDDに入門してみた
 
Robust Audio Adversarial Example for a Physical Attack
Robust Audio Adversarial Example for a Physical AttackRobust Audio Adversarial Example for a Physical Attack
Robust Audio Adversarial Example for a Physical Attack
 
機械学習コン講評
機械学習コン講評機械学習コン講評
機械学習コン講評
 
NPCA夏合宿 2014 講義資料
NPCA夏合宿 2014 講義資料NPCA夏合宿 2014 講義資料
NPCA夏合宿 2014 講義資料
 
イタリアでパスタを食べた話
イタリアでパスタを食べた話イタリアでパスタを食べた話
イタリアでパスタを食べた話
 
CTFとは
CTFとはCTFとは
CTFとは
 
ぃぬ速@LKML
ぃぬ速@LKMLぃぬ速@LKML
ぃぬ速@LKML
 
プラトン
プラトンプラトン
プラトン
 
How to lick Miku
How to lick MikuHow to lick Miku
How to lick Miku
 
ERASER
ERASERERASER
ERASER
 

Recently uploaded

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 

Recently uploaded (20)

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 

Trendmicro Security Award 2012 Final Presentation

  • 1. The new malware detection system with SEAndroid Hiromu Yakura <hiromu1996@gmail.com>
  • 2. Self-Introduction • Hiromu Yakura • 15 yo. • Twitter: @hiromu1996
  • 3. Self-Introduction • Japanese national certified security specialist • Youngest Record • competitive programmer • Asia and Pacific Informatics Olympiad • won a bronze medal
  • 4. Self-Introduction • Linux Kernel Developer • Accepted some patches • Android Developer • Lectured about Android security • “What is SEAndroid?” • at Tokyo University
  • 5. Background • An alarming increase in Android malware McAfee Threats Report: First Quarter 2012
  • 6. Background • An alarming increase in Android malware Big threat McAfee Threats Report: First Quarter 2012
  • 7. Background • Percentage of detected malware types F-Secure Mobile Threat Report 2012 Q1より
  • 8. Background • Percentage of detected malware types F-Secure Mobile Threat Report 2012 Q1より
  • 9. Background • Percentage of detected malware types F-Secure Mobile Threat Report 2012 Q1より
  • 10. DroidKungFu • This application contains exploit code • CVE-2009-1185 • Linux kernel vulnerability • CVE-2010-EASY • Android vulnerability
  • 11. DroidKungFu • After gain root access • Install other malware • without user permit • user can’t delete malware
  • 12. Security Application • Usual Android security application • Can’t detect root access • Can’t remove DroidKungFu • Because of Android Sandbox
  • 13. Security Application • All of them adopt signature-based system • Can’t detect Zero-day Attack • Can’t detect encrypted files
  • 14. The new system • I propose a new system • Defend from Zero-day Attack • Defend from root exploit
  • 15. The new system • System Overview Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
  • 16. The new system • This system use SEAndroid and Jubatus Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
  • 17. The new system • This system use Jubatus and SEAndroid • Jubatus is distributed learning system • SEAndroid is LSM(Linux Security Module)
  • 18. Jubatus • Distributed processing framework • Streaming machine learning library • More excellent in real-time, distribution • than MapReduce, Hadoop
  • 19. SEAndroid • SEAndroid • One of the popular LSM • Android version of SELinux • Developed by NSA
  • 20. SEAndroid • Mandatory Access Control • Least privileges • Audit log
  • 21. The new system • How to work Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
  • 22. The new system • When application send commands Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
  • 23. The new system • Judge whether command is valid with policy Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
  • 24. The new system • If SEAndroid judges the command is valid Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
  • 25. The new system • If SEAndroid judges the command is invalid Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
  • 26. The new system • The command is record in Audit log Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
  • 27. The new system • System send log to Jubatus Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
  • 28. The new system • Jubatus judges the application isn’t malware Whitelisted Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
  • 29. The new system • Jubatus judges the application is malware Application Policy SEAndroid Jubatus Log Linux Kernel Android Server
  • 31. Features • Behavioral detection system • Defend from Zero-day Attack • Any of existing product can’t defend
  • 32. Features • Use SEAndroid(Linux Security Module) • Enable root access detection • Logging only security incident • Higher precision and Lighter • than syscall hooking
  • 33. Features • Real-time machine learning • Study from user feedback • Become higher precision steadily • Jubatus is best suitable for this system
  • 34. Issue • This system depends on SEAndroid • SEAndroid is built-in system of kernel • Vendors must install SEAndroid • No device support SEAndroid on the market
  • 35. Solution • This system can use other LSM • With only changing log parser • There are devices supporting TOMOYO Linux • TOMOYO Linux is LSM • The devices are made by Fujitsu
  • 36. Solution • Work on some of commercial devices • In several years, All device support LSM • Because LSM is essential for Android
  • 37. Lastly • I want to • Improve Android security system • Decrease damage of Android malware
  • 38. Thank you for listening

Editor's Notes

  1. I&amp;#x2019;m going to talking about the new malware detection system with SEAndroid for Android.\n
  2. My name is Hiromu Yakura.\nI&amp;#x2019;m 15 years old.\nMy twitter account is hiromu1996.\n
  3. I&amp;#x2019;m a youngest Japanese national certified security specialist.\nI like competitive programming and\nI got bronze medal at Asia and Pacific Informatics Olympiad.\n
  4. And I&amp;#x2019;m working for Linux Kernel and have accepted some patches.\nAlso I&amp;#x2019;m an Android Developer.\nI have lectured about Android Security entitled &amp;#x201C;What is SEAndroid?&amp;#x201D; at Tokyo University.\n
  5. These years, number of Android malware is increasing explosively.\nThis is a chart of detected Android malware.\n
  6. It is clear that they are becoming a big threat in the Android market.\n
  7. This is a chart of detected malware types.\nLet&amp;#x2019;s look at the lower right.\n
  8. \n
  9. This is DroidKungFu, it is only about 3 percent.\nBut I think it is the biggest threat because it gains root access.\n
  10. DroidKungFu has two exploit codes to gain root access.\nThe first one is using a vulnerability of Linux kernel.\nThe second one is using that of Android.\nIt execute them and gain root access.\n
  11. After gained root access, it install other malware without user permit.\nAnd user can&amp;#x2019;t delete malware.\n
  12. You may think user can defend with Android security application.\nBut security applications can not detect and remove DroidKungFu.\nBecause security applications work under the Android Sandbox.\n
  13. Also, all of security applications are adopting signature-based scanning system.\nSo they can not detect Zero-day Attack and encrypted files.\n\n
  14. I propose a new Android security system.\nIt can defend from zero-day attack and root exploit.\n
  15. This is an overview of the proposal system.\n
  16. This system use SEAndroid and Jubatus.\n
  17. Jubatus is distributed machine learning system developed by Japanese companies.\nSEAndroid is Linux Security Module for Android.\n\n
  18. First, I want to explain about Jubatus.\nJubatus is distributed processing framework and streaming machine learning library.\nJubatus is more excellent in real-time and distribution than other system like MapReduce and Hadoop.\n
  19. Second, SEAndroid.\nSEAndroid is Android version of popular Linux Security System, SELinux.\nIt&amp;#x2019;s developed by National Security Agency, United States of America. \n\n
  20. SEAndroid has 3 function.\nThe first one is Mandatory Access Control.\nThe second one is Least privileges.\nThe last one is Audit log.\nMy system use audit log for detection.\n
  21. Next, I want to explain how this system works.\n
  22. When application send commands to Android OS.\n\n
  23. SEAndroid judge the command is valid with security policy.\n\n
  24. If SEAndroid judges the command is valid, SEAndroid pass that to kernel.\n\n
  25. If SEAndroid judges the command is invalid, SEAndroid block that.\n\n
  26. And the command is record in Audit log.\n\n
  27. When audit log are updated, system send log to Jubatus.\nAnd Jubatus judge whether the application is malware or not from the log.\n
  28. If Jubatus judges the application is not malware, the application are added to whitelist.\nAnd SEAndroid pass all commands of the application.\n\n
  29. If Jubatus judges the application is malware, system notify to user.\nAnd system urge user to remove application.\n
  30. I want to show some demonstration.\n
  31. There is three features of this system.\nThe first one is adopting behavioral detection system. So this system can defend from Zero-day attack. Any of existing product can not defend from Zero-day Attack.\nThe second one is using Linux Security Module to enable root access detection.\n\n
  32. The second one is using Linux Security Module to enable root access detection.\nAnd SEAndroid record to audit log only security incident.\nThat&amp;#x2019;s why, this system keep higher precision and lighter than hooking system calls.\n\n
  33. The last one is real-time machine learning.\nThe system study from user feedback and always become higher precision.\nJubatus is best sutable for this system than all other system.\n
  34. There is a few issue.\nThis system depends on SEAndroid.\nBut SEAndroid is built-in system of kernel.\nThat&amp;#x2019;s why, in order to use SEAndroid, vendors must install by default.\n
  35. However, this system can use other Linux Security Module instead of SEAndroid.\nOnly changing log parser, this system can adopt another Linux Security Module.\nAnd there are devices supporting TOMOYO Linux, which is one of Linux Security Module.\nThe devices are made by Japanese company, Fujitsu and sold on Japanese Market.\n
  36. That&amp;#x2019;s why, this system is already work on some of commercial devices.\nAnd I think all device will support Linux Security Module in several years.\nBecause Linux Security Module is essential to defend Android from malware.\n
  37. Lastly, I want to improve Android security system and decrease damage of Android malware with this system.\nThank you for listening.\n
  38. \n