SlideShare a Scribd company logo

20160831_app_storesecurity_Seminar

J
Jisoo Park

Appstore-Security - 5 lines of defence against malware 주간 세미나

Software
1 of 43
Download to read offline
Security Analysis aNd Evaluation Lab. Name Jisoo Park Appstore Security 5 lines of defence against malware 2016. 8. 31
2 Contents  Introduction  Dataflow diagram of an app ecosystem  Attacker Model  STRIDE Threat analysis  Defending against the threats
3 Introduction  About ENISA  European Network and Information Security Agency  Authors  Dr.Marnix Dekker and Dr.Giles Hogben  Collaboration with the ‘DistriNet Research Group’  This paper is part of a number of ENISA activates around smartphone security - Smartphones : Information security risks, opportunities and recommendations for user
4 Introduction  Executive Summary  Analyse malware threats in app ecosystems and identify five lines of defence that protect end-users from malware and insecure apps: - App review, Reputation mechanism, App revocation (aka kill-switch), Device security, Jails(or walled gardens)
5 Introduction  전체 흐름 DFD Attack TreeSTRIDE Mitigation Modeling Attacker
6 Data Flow Diagram of an app ecosystem
7 Dataflow diagram of an app ecosystem  Why Diagram?  Give more clear view for entities that we need to focus on  The goal of diagram is to communicate how the system works, so that everyone involved in threat modeling has the same understanding  Why Data Flow Diagram?  Attacker consider attack surface or method through data flow and trust boundaries  Sometimes called “Threat model diagram”
8 Dataflow diagram of an app ecosystem  Why Diagram?  Give more clear view for entities that we need to focus on  Data Flow Diagram  Commonly used for the threat analysis of software system  etc: UML, Swim line Diagram, State Diagram…  Support the use of tools such as the Microsoft SDL Threat Modeling Tool  https://www.microsoft.com/en-us/download/details.aspx?id=49168
9 Dataflow diagram of an app ecosystem  Before Creating Data Flow Diagram  Define use scenarios  Gather a list of external dependencies  Define security assumptions  Create external security notes  Create DFDs Ref : Vehicle Control Unit Security using Open Source AUTOSAR A Threat Analysis Methodology for Smart Home Scenarios –Technical Report
10 Dataflow diagram of an app ecosystem  Data Flow Diagram Item Symbol Meaning Process Any running code Data flow Communication between processes, or between processes and data stores Data store Things that store data External entity People, or code outside your control Trust Boundary Where program data or execution changes its level of “trust”
11 Dataflow diagram of an app ecosystem  Data Flow Diagram  Ex: Online banking security analysis based on STRIDE threat model
12 Dataflow diagram of an app ecosystem  Extended Data Flow Diagram (example)  Existing DFD elements are insufficient for description of all CPS(or IoT) relevant interactions  ⅰ) Enable description of the physical elements along with the cyber ones, ⅱ) Enable description of the physical data flow along with the cyber one, ⅲ) Enable description of the communication medium along with the communication flow realized upon this medium Item Symbol Physical Component Communication medium Optional data flow Physical signal “Systematic Analysis of Cyber-Attacks on CPS Evaluating Applicability of DFD-based Approach”, Mark Yampolskiy 외 4, 2012
13 Dataflow diagram of an app ecosystem  Extended Data Flow Diagram (example)
14 Dataflow diagram of an app ecosystem  App Ecosystem Data Flow Diagram
15 Dataflow diagram of an app ecosystem  App Ecosystem Data Flow Diagram
16 Attacker Model
17 Attacker Model  Set the scope of the threat analysis and define which attacks and attacker are in scope  Target of Attackers :  Don’t distinguish between stand-alone malware and malware that relies on other apps  Goals of Attacker :  Ignore : attacks which have no impact on the end-user (e.g. Click-fraud, plagiarism, unfair competition), Social engineering attacks Users, Consumers, Professionals in private or public sector organizations, who download and install apps. • To get malicious code on the user device, and (if that works) • To keep malicious code on the user device
18 Attacker Model  Set the scope of the threat analysis and define which attacks and attacker are in scope  Remark : 2 layers of SW on a Smartphone (OS / App) 4 Category of malware attacks  Example of the first cat : “Gemini and DroidDream attacks”  Example of the second cat : “ZitMo malware” 1. Sell or distribute a malicious app 2. Exploit vulnerability in an existing app 3. Sell or distribute a malicious OS 4. Exploit vulnerability in an existing OS
19 Attacker Model  Set the scope of the threat analysis and define which attacks and attacker are in scope  Remark : 2 layers of SW on a Smartphone (OS / App) 4 Category of malware attacks  Example of the first cat : “Gemini and DroidDream attacks” Gemini Trojan attack • Can compromise a significant amount of personal data on user’s phone and send it to remote servers • Once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone DroidDream Trojan • Gained root access to Google Android mobile devices in order to access unique identification information for the phone • Infected phone could also download additional malicious program without the user’s knowledge as well as open the phone up to control by hackers
20 Attacker Model  Set the scope of the threat analysis and define which attacks and attacker are in scope  Remark : 2 layers of SW on a Smartphone (OS / App) 4 Category of malware attacks  Example of the second cat : “Zitmo Malware” Zitmo(Zeus-in-the-mobile) • Compromise a significant amount of personal data. • More than 50 applications have been found to be infected.
21 STRIDE
22 STRIDE Threat Analysis  Introduction to STRIDE  “The Threats to Our Products”, 1999, Jason Garms, Praerit Garg and Michael Howard  “This was not the first time anyone threat modeled at Microsoft, but rather the first time the methodology was formalized or considered as an abstracted engineering activity.” – Experience Threat modeling at Microsoft, Adam Shostack Threat Security Property Description (in this paper) Spoofing Authentication A process or an interactor pretends to be someone/thing else Tampering Integrity A process, a data flow, or a datastore is changed Repudiation Non-repudiation Evidence of an action by a process or an interactor disappears Information Disclosure Confidentiality A process, a dataflow, or a datastore reveals sensitive data Denial of Service Availability A data flow, a datastore, or a process is overloaded, rendering normal use impossible Elevation of Privilege Authorization A process is used to perform unauthorized actions
23 STRIDE Threat Analysis  Introduction to STRIDE  STRIDE per Element  Certain threats are more prevalent with certain elements of a diagram  Have two weaknesses  Similar issues tend to crop up repeatedly in a given threat model  The chart may not represent your issues
24 STRIDE Threat Analysis  Introduction to STRIDE  STRIDE per Interaction  Developed by Larry Osterman, Douglas MacIver (Microsoft)  Approach to threat enumeration that considers tuples(origin, destination, interaction) of and enumerates threats against them  Threats may be easier to understand with this approach
25 STRIDE Threat Analysis  STRIDE threat analysis on the trust boundaries
26 STRIDE Threat Analysis  STRIDE threat analysis on the trust boundaries
27 STRIDE Threat Analysis  STRIDE threat analysis on the trust boundaries
28 STRIDE Threat Analysis  STRIDE analysis inside the trust boundaries
29 Defending against the threats
30 Defending against the threats  Attack Tree  To address threats systematically  Famous paper “Attack Tree”, Bruce Schneier, 1999
31 Defending against the threats  Attack Tree  Top nodes: the high-level technical attacker goals “To get malicious code on the user device, and to keep malicious code on the user device” Attack Library CAPEC, CWE
32 Defending against the threats  Attack Tree  Top nodes: the high-level technical attacker goals “To get malicious code on the user device, and to keep malicious code on the user device”
33 Defending against the threats  Attack Tree  Top nodes: the high-level technical attacker goals “To get malicious code on the user device, and to keep malicious code on the user device”
34 Defending against the threats  Lines of defence  Consider both security policy and technique for Security Requirements
35 Defending against the threats  Lines of defence : App review  Automated software analysis tools  Static Analysis / Dynamic Analysis ex) Apple’s submission process / Microsoft’s ‘Hopper’ tool  Manual analysis  There are a number of aspects that can only be checked by a human ex) if an app is trying to spoof another app to fool user  Sharing analysis results  Appstores could also leverage the expertise of 3rd party researchers and security companies by allowing them to bulk-download and analyse apps
36 Defending against the threats  Lines of defence : App review  Authentication of app developers  App developers should be securely authenticated so that rogue app developers cannot piggy-back on the reputation of other app developers  Risk profiling of app developers  The appstore should monitor and create risk profiles of app developers. New app developers, or app developers who submit unsafe or malicious apps, should be treated with special care.  Continuous process  App review should be a continuous process, and appstores should analyse apps even after they have been admitted to the appstore  Priority for updates  Appstores should consider priority vetting for updates to existing apps to allow app developers to patch vulnerabilities quickly
37 Defending against the threats  Lines of defence : Reputation mechanism  App track record  The reputation of an app should show the history and track record of app developers and apps, download statistics of apps, user votes, and detailed comments and complaints from users  Separate security and privacy reputation  Sybil attack resistance  Second-order reputation
38 Defending against the threats  Lines of defence : Reputation mechanism  Anonymous feedback  Exchanging reputation information  Permission feedback
39 Defending against the threats  Lines of defence : App revocation (Kill-switch)  User communication and consent  Spawning  Update frequency  Detection  False positives
40 Defending against the threats  Lines of defence : Device security  Code signing  Sandboxes  Minimal set of privileges  Monitoring by the smartphone use  Clean slating
41 Defending against the threats  Lines of defence : Jails or wall gardens  Closed app ecosystems  Enterprise app stores  Open app ecosystems  Federated appstores  App reputation across appstores
42 Reference [1] “Threat modeling using attack trees”, Vineet Saimi [2] “Threat modeling Smart Home – Technical report”, Kristian Beckers [3] “Vehicle Control Unit Security using Open source AUTOSAR”, Anton Bretting & Mei Ha [4] “Systematic Analysis of Cyber-attacks on CPS-Evaluating applicability of DFD-based Approach”, Mark Yampolskiy [5] “Introduction to Microsoft Security Development Lifecycle(SDL) Threat modeling”, Microsoft [6] “Google Android security report 2014”, Google [7] “A threat-driven approach to Cyber security”, Michael Muckin [8] “How Google Play Security Still Falls Short”, MinPyo Hong [9] “Online Banking Security Analysis based on STRIDE Threat Model”, Tong Xin [10] “Threat Modeling as a Basis for Security Requirements”, Suvda Myagmar
Security Analysis aNd Evaluation Lab. Name Jisoo Park (jisoo8881@korea.ac.kr) Appstore Security 5 lines of defence against malware 2016. 8. 31

Recommended

Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Kannan Ganapathy
 
Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Rihab Chebbah
 
Threat Modeling And Analysis
Threat Modeling And AnalysisThreat Modeling And Analysis
Threat Modeling And AnalysisLalit Kale
 
Threat Modeling 101
Threat Modeling 101Threat Modeling 101
Threat Modeling 101Vlad Styran
 
Threat Simulation and Modeling Training
Threat Simulation and Modeling TrainingThreat Simulation and Modeling Training
Threat Simulation and Modeling TrainingBryan Len
 
Droid echo
Droid echoDroid echo
Droid echoAthira Asakumar
 
Security Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementSecurity Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementMarco Morana
 

Recommended

Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Kannan Ganapathy
 
Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Rihab Chebbah
 
Threat Modeling And Analysis
Threat Modeling And AnalysisThreat Modeling And Analysis
Threat Modeling And AnalysisLalit Kale
 
Threat Modeling 101
Threat Modeling 101Threat Modeling 101
Threat Modeling 101Vlad Styran
 
Threat Simulation and Modeling Training
Threat Simulation and Modeling TrainingThreat Simulation and Modeling Training
Threat Simulation and Modeling TrainingBryan Len
 
Droid echo
Droid echoDroid echo
Droid echoAthira Asakumar
 
Security Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementSecurity Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementMarco Morana
 
6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling Methodologies 6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling MethodologiesEC-Council
 
Rapid Threat Modeling : case study
Rapid Threat Modeling : case studyRapid Threat Modeling : case study
Rapid Threat Modeling : case studyAntonio Fontes
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
Developing a Threat Modeling Mindset
Developing a Threat Modeling MindsetDeveloping a Threat Modeling Mindset
Developing a Threat Modeling MindsetRobert Hurlbut
 
Null bachav
Null bachavNull bachav
Null bachavNaga Venkata Sunil Alamuri
 
Tech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidTech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidFraunhofer AISEC
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysisAsif Anik
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modellingn|u - The Open Security Community
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security InitiativesMarco Morana
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingRochester Security Summit
 
TUD CS4105 | 2015 | Lecture 1
TUD CS4105 | 2015 | Lecture 1TUD CS4105 | 2015 | Lecture 1
TUD CS4105 | 2015 | Lecture 1Eelco Visser
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringAHM Pervej Kabir
 
Attack modeling vs threat modelling
Attack modeling vs threat modellingAttack modeling vs threat modelling
Attack modeling vs threat modellingInvisibits
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat ModelingDanny Wong
 
Business cases for software security
Business cases for software securityBusiness cases for software security
Business cases for software securityMarco Morana
 
Threat modeling
Threat modelingThreat modeling
Threat modelingAnkita Ganguly
 
Mitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportMitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportVinoth Kanna
 
Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Auditsijseajournal
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementMel Drews
 
Isaca conference threat_modeling_marco_morana_short.pdf
Isaca conference threat_modeling_marco_morana_short.pdfIsaca conference threat_modeling_marco_morana_short.pdf
Isaca conference threat_modeling_marco_morana_short.pdfMarco Morana
 
Threat modelling
Threat modellingThreat modelling
Threat modellingRajeev Venkata
 
Session2-Application Threat Modeling
Session2-Application Threat ModelingSession2-Application Threat Modeling
Session2-Application Threat Modelingzakieh alizadeh
 

More Related Content

What's hot

6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling Methodologies 6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling MethodologiesEC-Council
 
Rapid Threat Modeling : case study
Rapid Threat Modeling : case studyRapid Threat Modeling : case study
Rapid Threat Modeling : case studyAntonio Fontes
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
Developing a Threat Modeling Mindset
Developing a Threat Modeling MindsetDeveloping a Threat Modeling Mindset
Developing a Threat Modeling MindsetRobert Hurlbut
 
Tech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidTech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidFraunhofer AISEC
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysisAsif Anik
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security InitiativesMarco Morana
 
TUD CS4105 | 2015 | Lecture 1
TUD CS4105 | 2015 | Lecture 1TUD CS4105 | 2015 | Lecture 1
TUD CS4105 | 2015 | Lecture 1Eelco Visser
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringAHM Pervej Kabir
 
Attack modeling vs threat modelling
Attack modeling vs threat modellingAttack modeling vs threat modelling
Attack modeling vs threat modellingInvisibits
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat ModelingDanny Wong
 
Business cases for software security
Business cases for software securityBusiness cases for software security
Business cases for software securityMarco Morana
 
Mitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportMitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportVinoth Kanna
 
Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Auditsijseajournal
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementMel Drews
 
Isaca conference threat_modeling_marco_morana_short.pdf
Isaca conference threat_modeling_marco_morana_short.pdfIsaca conference threat_modeling_marco_morana_short.pdf
Isaca conference threat_modeling_marco_morana_short.pdfMarco Morana
 

What's hot (20)

6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling Methodologies 6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling Methodologies
 
Rapid Threat Modeling : case study
Rapid Threat Modeling : case studyRapid Threat Modeling : case study
Rapid Threat Modeling : case study
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
 
Developing a Threat Modeling Mindset
Developing a Threat Modeling MindsetDeveloping a Threat Modeling Mindset
Developing a Threat Modeling Mindset
 
Null bachav
Null bachavNull bachav
Null bachav
 
Tech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidTech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on Android
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysis
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security Initiatives
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
TUD CS4105 | 2015 | Lecture 1
TUD CS4105 | 2015 | Lecture 1TUD CS4105 | 2015 | Lecture 1
TUD CS4105 | 2015 | Lecture 1
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
Attack modeling vs threat modelling
Attack modeling vs threat modellingAttack modeling vs threat modelling
Attack modeling vs threat modelling
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat Modeling
 
Business cases for software security
Business cases for software securityBusiness cases for software security
Business cases for software security
 
Threat modeling
Threat modelingThreat modeling
Threat modeling
 
Mitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportMitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android Report
 
Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Audits
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk Management
 
Isaca conference threat_modeling_marco_morana_short.pdf
Isaca conference threat_modeling_marco_morana_short.pdfIsaca conference threat_modeling_marco_morana_short.pdf
Isaca conference threat_modeling_marco_morana_short.pdf
 

Similar to 20160831_app_storesecurity_Seminar

Session2-Application Threat Modeling
Session2-Application Threat ModelingSession2-Application Threat Modeling
Session2-Application Threat Modelingzakieh alizadeh
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...Shakas Technologies
 
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Draup3
 
Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real WorldMark Curphey
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
 
Malware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisMalware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisIRJET Journal
 
Generating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsGenerating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsJPINFOTECH JAYAPRAKASH
 
Detection of Android Third Party Libraries based attacks
Detection of Android Third Party Libraries based attacksDetection of Android Third Party Libraries based attacks
Detection of Android Third Party Libraries based attacksAmina WADDIZ
 
Evaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksEvaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksIAEME Publication
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringAHM Pervej Kabir
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Deb Birch
 
Ch09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability AssessmentsCh09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability AssessmentsInformation Technology
 
Custom defense - Blake final
Custom defense - Blake finalCustom defense - Blake final
Custom defense - Blake finalMinh Le
 
The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...franco_bb
 
Automated Emerging Cyber Threat Identification and Profiling Based on Natural...
Automated Emerging Cyber Threat Identification and Profiling Based on Natural...Automated Emerging Cyber Threat Identification and Profiling Based on Natural...
Automated Emerging Cyber Threat Identification and Profiling Based on Natural...Shakas Technologies
 
Madam synopis
Madam synopisMadam synopis
Madam synopisuttarkar
 
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...cyberprosocial
 

Similar to 20160831_app_storesecurity_Seminar (20)

Threat modelling
Threat modellingThreat modelling
Threat modelling
 
Session2-Application Threat Modeling
Session2-Application Threat ModelingSession2-Application Threat Modeling
Session2-Application Threat Modeling
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
 
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
 
Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real World
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
 
Malware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisMalware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault Analysis
 
Generating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsGenerating summary risk scores for mobile applications
Generating summary risk scores for mobile applications
 
Detection of Android Third Party Libraries based attacks
Detection of Android Third Party Libraries based attacksDetection of Android Third Party Libraries based attacks
Detection of Android Third Party Libraries based attacks
 
Evaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksEvaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacks
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...
 
Ch09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability AssessmentsCh09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability Assessments
 
Gs Ch1
Gs Ch1Gs Ch1
Gs Ch1
 
Custom defense - Blake final
Custom defense - Blake finalCustom defense - Blake final
Custom defense - Blake final
 
The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...
 
Automated Emerging Cyber Threat Identification and Profiling Based on Natural...
Automated Emerging Cyber Threat Identification and Profiling Based on Natural...Automated Emerging Cyber Threat Identification and Profiling Based on Natural...
Automated Emerging Cyber Threat Identification and Profiling Based on Natural...
 
Madam synopis
Madam synopisMadam synopis
Madam synopis
 
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
 

Recently uploaded

CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 

Recently uploaded (20)

CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 

20160831_app_storesecurity_Seminar

  • 1. Security Analysis aNd Evaluation Lab. Name Jisoo Park Appstore Security 5 lines of defence against malware 2016. 8. 31
  • 2. 2 Contents  Introduction  Dataflow diagram of an app ecosystem  Attacker Model  STRIDE Threat analysis  Defending against the threats
  • 3. 3 Introduction  About ENISA  European Network and Information Security Agency  Authors  Dr.Marnix Dekker and Dr.Giles Hogben  Collaboration with the ‘DistriNet Research Group’  This paper is part of a number of ENISA activates around smartphone security - Smartphones : Information security risks, opportunities and recommendations for user
  • 4. 4 Introduction  Executive Summary  Analyse malware threats in app ecosystems and identify five lines of defence that protect end-users from malware and insecure apps: - App review, Reputation mechanism, App revocation (aka kill-switch), Device security, Jails(or walled gardens)
  • 5. 5 Introduction  전체 흐름 DFD Attack TreeSTRIDE Mitigation Modeling Attacker
  • 6. 6 Data Flow Diagram of an app ecosystem
  • 7. 7 Dataflow diagram of an app ecosystem  Why Diagram?  Give more clear view for entities that we need to focus on  The goal of diagram is to communicate how the system works, so that everyone involved in threat modeling has the same understanding  Why Data Flow Diagram?  Attacker consider attack surface or method through data flow and trust boundaries  Sometimes called “Threat model diagram”
  • 8. 8 Dataflow diagram of an app ecosystem  Why Diagram?  Give more clear view for entities that we need to focus on  Data Flow Diagram  Commonly used for the threat analysis of software system  etc: UML, Swim line Diagram, State Diagram…  Support the use of tools such as the Microsoft SDL Threat Modeling Tool  https://www.microsoft.com/en-us/download/details.aspx?id=49168
  • 9. 9 Dataflow diagram of an app ecosystem  Before Creating Data Flow Diagram  Define use scenarios  Gather a list of external dependencies  Define security assumptions  Create external security notes  Create DFDs Ref : Vehicle Control Unit Security using Open Source AUTOSAR A Threat Analysis Methodology for Smart Home Scenarios –Technical Report
  • 10. 10 Dataflow diagram of an app ecosystem  Data Flow Diagram Item Symbol Meaning Process Any running code Data flow Communication between processes, or between processes and data stores Data store Things that store data External entity People, or code outside your control Trust Boundary Where program data or execution changes its level of “trust”
  • 11. 11 Dataflow diagram of an app ecosystem  Data Flow Diagram  Ex: Online banking security analysis based on STRIDE threat model
  • 12. 12 Dataflow diagram of an app ecosystem  Extended Data Flow Diagram (example)  Existing DFD elements are insufficient for description of all CPS(or IoT) relevant interactions  ⅰ) Enable description of the physical elements along with the cyber ones, ⅱ) Enable description of the physical data flow along with the cyber one, ⅲ) Enable description of the communication medium along with the communication flow realized upon this medium Item Symbol Physical Component Communication medium Optional data flow Physical signal “Systematic Analysis of Cyber-Attacks on CPS Evaluating Applicability of DFD-based Approach”, Mark Yampolskiy 외 4, 2012
  • 13. 13 Dataflow diagram of an app ecosystem  Extended Data Flow Diagram (example)
  • 14. 14 Dataflow diagram of an app ecosystem  App Ecosystem Data Flow Diagram
  • 15. 15 Dataflow diagram of an app ecosystem  App Ecosystem Data Flow Diagram
  • 17. 17 Attacker Model  Set the scope of the threat analysis and define which attacks and attacker are in scope  Target of Attackers :  Don’t distinguish between stand-alone malware and malware that relies on other apps  Goals of Attacker :  Ignore : attacks which have no impact on the end-user (e.g. Click-fraud, plagiarism, unfair competition), Social engineering attacks Users, Consumers, Professionals in private or public sector organizations, who download and install apps. • To get malicious code on the user device, and (if that works) • To keep malicious code on the user device
  • 18. 18 Attacker Model  Set the scope of the threat analysis and define which attacks and attacker are in scope  Remark : 2 layers of SW on a Smartphone (OS / App) 4 Category of malware attacks  Example of the first cat : “Gemini and DroidDream attacks”  Example of the second cat : “ZitMo malware” 1. Sell or distribute a malicious app 2. Exploit vulnerability in an existing app 3. Sell or distribute a malicious OS 4. Exploit vulnerability in an existing OS
  • 19. 19 Attacker Model  Set the scope of the threat analysis and define which attacks and attacker are in scope  Remark : 2 layers of SW on a Smartphone (OS / App) 4 Category of malware attacks  Example of the first cat : “Gemini and DroidDream attacks” Gemini Trojan attack • Can compromise a significant amount of personal data on user’s phone and send it to remote servers • Once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone DroidDream Trojan • Gained root access to Google Android mobile devices in order to access unique identification information for the phone • Infected phone could also download additional malicious program without the user’s knowledge as well as open the phone up to control by hackers
  • 20. 20 Attacker Model  Set the scope of the threat analysis and define which attacks and attacker are in scope  Remark : 2 layers of SW on a Smartphone (OS / App) 4 Category of malware attacks  Example of the second cat : “Zitmo Malware” Zitmo(Zeus-in-the-mobile) • Compromise a significant amount of personal data. • More than 50 applications have been found to be infected.
  • 22. 22 STRIDE Threat Analysis  Introduction to STRIDE  “The Threats to Our Products”, 1999, Jason Garms, Praerit Garg and Michael Howard  “This was not the first time anyone threat modeled at Microsoft, but rather the first time the methodology was formalized or considered as an abstracted engineering activity.” – Experience Threat modeling at Microsoft, Adam Shostack Threat Security Property Description (in this paper) Spoofing Authentication A process or an interactor pretends to be someone/thing else Tampering Integrity A process, a data flow, or a datastore is changed Repudiation Non-repudiation Evidence of an action by a process or an interactor disappears Information Disclosure Confidentiality A process, a dataflow, or a datastore reveals sensitive data Denial of Service Availability A data flow, a datastore, or a process is overloaded, rendering normal use impossible Elevation of Privilege Authorization A process is used to perform unauthorized actions
  • 23. 23 STRIDE Threat Analysis  Introduction to STRIDE  STRIDE per Element  Certain threats are more prevalent with certain elements of a diagram  Have two weaknesses  Similar issues tend to crop up repeatedly in a given threat model  The chart may not represent your issues
  • 24. 24 STRIDE Threat Analysis  Introduction to STRIDE  STRIDE per Interaction  Developed by Larry Osterman, Douglas MacIver (Microsoft)  Approach to threat enumeration that considers tuples(origin, destination, interaction) of and enumerates threats against them  Threats may be easier to understand with this approach
  • 25. 25 STRIDE Threat Analysis  STRIDE threat analysis on the trust boundaries
  • 26. 26 STRIDE Threat Analysis  STRIDE threat analysis on the trust boundaries
  • 27. 27 STRIDE Threat Analysis  STRIDE threat analysis on the trust boundaries
  • 28. 28 STRIDE Threat Analysis  STRIDE analysis inside the trust boundaries
  • 30. 30 Defending against the threats  Attack Tree  To address threats systematically  Famous paper “Attack Tree”, Bruce Schneier, 1999
  • 31. 31 Defending against the threats  Attack Tree  Top nodes: the high-level technical attacker goals “To get malicious code on the user device, and to keep malicious code on the user device” Attack Library CAPEC, CWE
  • 32. 32 Defending against the threats  Attack Tree  Top nodes: the high-level technical attacker goals “To get malicious code on the user device, and to keep malicious code on the user device”
  • 33. 33 Defending against the threats  Attack Tree  Top nodes: the high-level technical attacker goals “To get malicious code on the user device, and to keep malicious code on the user device”
  • 34. 34 Defending against the threats  Lines of defence  Consider both security policy and technique for Security Requirements
  • 35. 35 Defending against the threats  Lines of defence : App review  Automated software analysis tools  Static Analysis / Dynamic Analysis ex) Apple’s submission process / Microsoft’s ‘Hopper’ tool  Manual analysis  There are a number of aspects that can only be checked by a human ex) if an app is trying to spoof another app to fool user  Sharing analysis results  Appstores could also leverage the expertise of 3rd party researchers and security companies by allowing them to bulk-download and analyse apps
  • 36. 36 Defending against the threats  Lines of defence : App review  Authentication of app developers  App developers should be securely authenticated so that rogue app developers cannot piggy-back on the reputation of other app developers  Risk profiling of app developers  The appstore should monitor and create risk profiles of app developers. New app developers, or app developers who submit unsafe or malicious apps, should be treated with special care.  Continuous process  App review should be a continuous process, and appstores should analyse apps even after they have been admitted to the appstore  Priority for updates  Appstores should consider priority vetting for updates to existing apps to allow app developers to patch vulnerabilities quickly
  • 37. 37 Defending against the threats  Lines of defence : Reputation mechanism  App track record  The reputation of an app should show the history and track record of app developers and apps, download statistics of apps, user votes, and detailed comments and complaints from users  Separate security and privacy reputation  Sybil attack resistance  Second-order reputation
  • 38. 38 Defending against the threats  Lines of defence : Reputation mechanism  Anonymous feedback  Exchanging reputation information  Permission feedback
  • 39. 39 Defending against the threats  Lines of defence : App revocation (Kill-switch)  User communication and consent  Spawning  Update frequency  Detection  False positives
  • 40. 40 Defending against the threats  Lines of defence : Device security  Code signing  Sandboxes  Minimal set of privileges  Monitoring by the smartphone use  Clean slating
  • 41. 41 Defending against the threats  Lines of defence : Jails or wall gardens  Closed app ecosystems  Enterprise app stores  Open app ecosystems  Federated appstores  App reputation across appstores
  • 42. 42 Reference [1] “Threat modeling using attack trees”, Vineet Saimi [2] “Threat modeling Smart Home – Technical report”, Kristian Beckers [3] “Vehicle Control Unit Security using Open source AUTOSAR”, Anton Bretting & Mei Ha [4] “Systematic Analysis of Cyber-attacks on CPS-Evaluating applicability of DFD-based Approach”, Mark Yampolskiy [5] “Introduction to Microsoft Security Development Lifecycle(SDL) Threat modeling”, Microsoft [6] “Google Android security report 2014”, Google [7] “A threat-driven approach to Cyber security”, Michael Muckin [8] “How Google Play Security Still Falls Short”, MinPyo Hong [9] “Online Banking Security Analysis based on STRIDE Threat Model”, Tong Xin [10] “Threat Modeling as a Basis for Security Requirements”, Suvda Myagmar
  • 43. Security Analysis aNd Evaluation Lab. Name Jisoo Park (jisoo8881@korea.ac.kr) Appstore Security 5 lines of defence against malware 2016. 8. 31