SlideShare a Scribd company logo

Mobile platform security models

•
•
G
G Prachi

Mobile platform security models

Technology
1 of 42
Mobile Platform Security Models
List of Topics • Introduction : Platforms and Attacks • iOS Platform Security Models • Android Platform Security Models • Detecting Android Malware in Play Store
Introduction : Platform and Attacks
Change takes time
Global Smartphone Market Share
Two different Attack Vectors • Web Browsers • Installed Applications Both of these attack vectors are increasing in prevalence and sophistication
Mobile Malware Attacks • Unique to Phones: • Premium SMS Messages • Identify Location • Record Phone Calls • Log SMS • Similar to desktops: • Connects to botmasters • Steals Data • Phishing • Malvertising
Kaspersky Security Bulletin Overall statistics for 2017 • 4% of user computers were subjected to at least one Malware-class web attack over the year. • Kaspersky Lab solutions repelled 1 188 728 338 attacks launched from online resources located all over the world. • 199 455 606 unique URLs were recognized as malicious by web antivirus components. • Kaspersky Lab’s web antivirus detected 15 714 700 unique malicious objects. • 939 722 computers of unique users were targeted by encryptors. • Kaspersky Lab solutions blocked attempts to launch malware capable of stealing money via online banking on 1 126 701 devices
Typical Scenario • Cybercriminals create an affiliate website and invite Internet users to become their accomplices • A unique modification of the malware and a landing page for download is created for each accomplice • Participants of the affiliate program trick Android users into installing malicious application • Infected device sends SMS messages to premium numbers, making money for the cybercriminals • Part of money is paid to the affiliate partners
Mobile Malware Examples • DroidDream ( Android ) • Over 58 apps uploaded to Google Play Store • Conducts Data Theft and sends credentials to the Attackers • Ikee ( iOS ) • Worm Capabilites ( Targeted default ssh pwd ) • Worked only on Jailbroken Phones with ssh installed • Zitmo ( Windows ) • Propagates via SMS, claims to install a security certificate • Captures information from SMS, aims to defeat 2-factor Authentication • Works with Zeus botnet, timed with user PC infection
Comparison between Platforms • Operating Systems • UNIX • Windows • Approval process for Applications • Market: Vendor controlled / Open • App signing: Vendor-issued / Self-signed • User approval of permission • Programming Language for Applications • Managed Execution: Java, .NET • Native Execution: Objective C
iOS Platform Security Model
Apple iOS Devices
iOS Application Development • Apps developed in Objective C using Apple SDK • Event-Handling model based on touch events • Foundation and UIKit frameworks provide the security key services used by all iOS Applications
iOS Platform • Cocoa Touch: Foundation framework, OO support for collections, file management, network operations; UIKit • Media layer: supports 2D and 3D drawing, audio, video • Core OS and Core Services: APIs for files, network, etc includes SQLite, POSIX threads, UNIX sockets • Kernel: based on Mach kernel like Mac OS X
iOS Security • Device security • Prevent unauthorized use of device • Data security • Protect data at rest; device may be lost or stolen • Network security • Networking protocols and encryption of data in transmission • App security • Secure platform foundation
App Security • Runtime protection • System resources, kernel shielded from user apps • App “sandbox” prevents access to other app’s data • Inter-app communication only through iOS APIs • Code generation prevented • Mandatory code signing • All apps must be signed using Apple-issued certificate • Application data protection • Apps can leverage built-in hardware encryption
iOS Sandbox • Limit app’s access to files, preferences, network, other resources • Each app has own sandbox directory • Limits consequences of attacks • Same privileges for each app
File Encryption • The content of a file is encrypted with a per-file key, which is wrapped with a class key and stored in a file’s metadata, which is in turn encrypted with the file system key. • When a file is opened, its metadata is decrypted with the file system key, revealing the wrapped per-file key anda notation on which class protects it • The per-file key is unwrapped with the class key, then supplied to the hardware AES engine, decrypting the file as it is read from flash memory • The metadata of all files is encrypted with a random key. Since it’s stored on the device, used only for quick erased on demand.
Masque Attack • iOS app installed using enterprise/adhoc provisioning could replace genuine app installed through the App Store, if both apps have same bundle identifier • This vulnerability existed because iOS didn't enforce matching certificates for apps with the same bundle identifier
Android Platform Security Models
Platform Outline • Linux kernel, browser, SQL-lite database • Software for secure network communication • Open SSL, Bouncy Castle crypto API and Java library • C language infrastructure • Java platform for running applications • Also: video stuff, Bluetooth, vibrate phone, etc.
Android Architecture
Google Play Store • Self-signed apps • App permissions granted on user installation • Open market • Bad applications may show up on market • Shifts focus from remote exploit to privilege escalation
Security Features • Isolation • Multi-user Linux operating system • Each application normally runs as a different user • Battery life • Developers must conserve power • Applications store state so they can be stopped (to save power) and restarted – helps with DoS • Communication between applications • May share same Linux user ID • Access files from each other • May share same Linux process and Dalvik VM • Communicate through application framework • “Intents,” based on Binder, discussed in a few slides
Application Development Concepts • Activity – one-user task • Example: scroll through your inbox • Email client comprises many activities • Service – Java daemon that runs in background • Example: application that streams an mp3 in background • Activity • User click on inbox entry fires an intent to the viewer activity, which then allows user to view that email • Content provider • Store and share data using a relational database interface • Broadcast receiver • “mailboxes” for messages from other applications • Intents – asynchronous messaging system • Fire an intent to switch from one activity to another • Example: email app has inbox, compose activity, viewer
Exploit Prevention • 100 libraries + 500 million lines new code • Open source -> public review, no obscurity • Goals • Prevent remote attacks, privilege escalation • Secure drivers, media codecs, new and custom features • Overflow prevention • ProPolice stack protection • First on the ARM architecture • Some heap overflow protections • Chunk consolidation in DL malloc (from OpenBSD)
Application Sandbox • Each application runs with its UID in its own Dalvik virtual machine • Provides CPU protection, memory protection • Authenticated communication protection using Unix domain sockets • Only ping, zygote (spawn another process) run as root • Applications announces permission requirement • Create a whitelist model – user grants access • But don’t want to ask user often – all questions asked as install time • Inter-component communication reference monitor checks permissions
Layers of Security • Each application executes as its own user identity • Android middleware has reference monitor that mediates the establishment of inter-component communication (ICC)
Java Sandbox Four complementary mechanisms • Class loader • Separate namespaces for separate class loaders • Associates protection domain with each class • Verifier and JVM run-time tests • NO unchecked casts or other type errors, NO array overflow • Preserves private, protected visibility levels • Security Manager • Called by library functions to decide if request is allowed • Uses protection domain associated with code, user policy
Comparison: iOS vs Android • App approval process • Android apps from open app store • iOS vendor-controlled store of vetted apps • Application permissions • Android permission based on install-time manifest • All iOS apps have same set of “sandbox” privileges • App programming language • Android apps written in Java; no buffer overflow… • iOS apps written in Objective-C
Detecting Malware in Play Store
Detecting Malware in Play Store • Signature based Malware Detection • Specification based Malware detection • Behaviour based Malware Detection • Application Permission Analysis • Cloud based Malware Detection
Signature Based Malware Detection • Signature-based detection works by scanning the contents of computer files and cross-referencing their contents with the “code signatures” belonging to known viruses. • A library of known code signatures is updated and refreshed constantly by the store. • If a viral signature is detected, the software acts to block application from causing any damage. • Clearly there will always be new and emerging viruses with their own unique code signatures. • Hence the library is updated frequently to detect application with malware
Specification Based Malware Detection • Specification based detection makes use of certain rule set of what is considered as normal in order to decide the maliciousness of the program violating the predefined rule set. • Thus programs violating the rule set are considered as malicious program. In specification-based malware detection, where a detection algorithm that addresses the deficiency of pattern-matching was developed. • This algorithm incorporates instruction semantics to detect malware instances. • The approach is highly resilience to common obfuscation techniques. It used template T to describe the malicious behaviours of a malware, which are sequence of instructions represented by variables and symbolic constants. The limitation of this approach is that the attribute of a program cannot be accurately specified. • Specification-based detection is the derivate of anomaly based detection.
Behaviour based Malware Detection • The behaviour-based malware detection system is composed of several applications, which together provide the resources and mechanisms needed to detect malware on the Android platform. • Each program has its own specific functionality and purpose in the system and th e combination of all of them creates the Behavior- Based malware detection system. • The Android data mining scripts and applications mentioned in are the responsible for collecting data from Android applications, and the script running on the server will be the responsible for parsing and storing all collected data.
Behaviour based Malware Detection • The methods of analysis of the behavior-based malware detection system can be divided into two main groups: • Static Analysis • Static Analysis is responsible for analysing Android source code in order to look for malicious code patterns or signatures. • This form of analysis will decompress, disassemble and search for patterns in the APK files. • The method is fast and does not generate a high processing load.
Behaviour based Malware Detection • Dynamic Analysis • Dynamic Analysis analyses the behaviour of Android applications by monitoring system calls with the Strace tool. • All input traces generated by the Android smartphone user will be collected using the data collector application well as the crowd sourcing and data collector script. • In Dynamic Analysis the user will install, execute and generate input data for the Android applications in order to obtain an application behaviour output log file.
Application Permission Analysis • Applications run in a sandbox environment however they need permissions to access certain data. • At the time of installation, Android platform asks the user to grant or deny permission for the application based on the activities the application can perform. • The Kirin security service interacts with Android Application installer and it also interacts with collection Kirin Security rules. • Rules represent the malicious patterns and it is compared with configuration of the installed application.
Application Permission Analysis The study proposes five steps to identify dangerous configurations 1. Check the phone’s assets 2. What are the functional requirements 3. Analyse asset security goals and threats 4. Specify security requirements 5. Analyse security mechanism limitations
Cloud Based Malware Detection • Google Play applications are scanned for malware. • Google uses a service named Bouncer to automatically scan applications on the Google Play Store for malware. • As soon as an application is uploaded, Bouncer checks it and compares it to other known malware, Trojans, and spyware. • Every application is run in a simulated environment to see if it will behave maliciously on an actual device. • The applications behaviour is compared to the behaviour of previous malicious apps to look for red flags. • New developer accounts are particularly scrutinized – this is to prevent repeat offenders from creating new accounts.
Cloud Based Malware Detection • Google Play can remotely uninstall applications: If you’ve installed an app that is later found to be malicious, Google has the ability to remotely uninstall this application from your phone when it’s pulled from Google Play. • Google announced an exciting security feature called the "application verification service" to protect against harmful Android applications.

Recommended

SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS Ghanshyam Patel
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security Ibrahiem Mohammed
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptographydrewz lin
 

Recommended

SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS Ghanshyam Patel
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security Ibrahiem Mohammed
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptographydrewz lin
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesMohammed Danish Amber
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash functionMijanur Rahman Milon
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacksdkaya
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development SecuritySam Bowne
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA RulesLionel Faleiro
 
OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017TecsyntSolutions
 
Ch14
Ch14Ch14
Ch14Francis Alamina
 
AAA Implementation
AAA ImplementationAAA Implementation
AAA ImplementationAhmad El Tawil
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic PresentationMD. SHORIFUL ISLAM
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Telecom Security
Telecom SecurityTelecom Security
Telecom SecurityPriyanka Aash
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS ProtocolDevang Badrakiya
 
SSL
SSLSSL
SSLBadrul Alam bulon
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : AlgorithmSahil Kureel
 
Wireless penetration testing
Wireless penetration testingWireless penetration testing
Wireless penetration testingKamlesh Dhanwani
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPushkar Dutt
 
Wireshark
WiresharkWireshark
WiresharkKasun Madusanke
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerNishant Pahad
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark TutorialCoursenvy.com
 
Web Security
Web SecurityWeb Security
Web SecurityDr.Florence Dayana
 
Building a Mobile Security Program
Building a Mobile Security ProgramBuilding a Mobile Security Program
Building a Mobile Security ProgramDenim Group
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarDenim Group
 

More Related Content

What's hot

Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash functionMijanur Rahman Milon
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacksdkaya
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development SecuritySam Bowne
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA RulesLionel Faleiro
 
OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017TecsyntSolutions
 
AAA Implementation
AAA ImplementationAAA Implementation
AAA ImplementationAhmad El Tawil
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic PresentationMD. SHORIFUL ISLAM
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Telecom Security
Telecom SecurityTelecom Security
Telecom SecurityPriyanka Aash
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : AlgorithmSahil Kureel
 
Wireless penetration testing
Wireless penetration testingWireless penetration testing
Wireless penetration testingKamlesh Dhanwani
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPushkar Dutt
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerNishant Pahad
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark TutorialCoursenvy.com
 

What's hot (20)

Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash function
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacks
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development Security
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA Rules
 
OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017
 
Ch14
Ch14Ch14
Ch14
 
AAA Implementation
AAA ImplementationAAA Implementation
AAA Implementation
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic Presentation
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
Telecom Security
Telecom SecurityTelecom Security
Telecom Security
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS Protocol
 
SSL
SSLSSL
SSL
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : Algorithm
 
Wireless penetration testing
Wireless penetration testingWireless penetration testing
Wireless penetration testing
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 
Wireshark
WiresharkWireshark
Wireshark
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
 
Web Security
Web SecurityWeb Security
Web Security
 

Similar to Mobile platform security models

Building a Mobile Security Program
Building a Mobile Security ProgramBuilding a Mobile Security Program
Building a Mobile Security ProgramDenim Group
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarDenim Group
 
I haz you and pwn your maal
I haz you and pwn your maalI haz you and pwn your maal
I haz you and pwn your maalHarsimran Walia
 
Hacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSHacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSEC-Council
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)ClubHack
 
android Security
android Security android Security
android Security darkC0de
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basicsOWASPKerala
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012 hakersinfo
 
Hacking your Android (slides)
Hacking your Android (slides)Hacking your Android (slides)
Hacking your Android (slides)Justin Hoang
 
From java to android a security analysis
From java to android a security analysisFrom java to android a security analysis
From java to android a security analysisPragati Rai
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidSam Bowne
 
Virtue Security - The Art of Mobile Security 2013
Virtue Security - The Art of Mobile Security 2013Virtue Security - The Art of Mobile Security 2013
Virtue Security - The Art of Mobile Security 2013Virtue Security
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationFelipe Prado
 
Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)ClubHack
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoShakacon
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Subhransu Behera
 
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldLINE Corporation
 

Similar to Mobile platform security models (20)

Building a Mobile Security Program
Building a Mobile Security ProgramBuilding a Mobile Security Program
Building a Mobile Security Program
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security Webinar
 
I haz you and pwn your maal
I haz you and pwn your maalI haz you and pwn your maal
I haz you and pwn your maal
 
Hacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSHacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OS
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
 
I haz you and pwn your maal
I haz you and pwn your maalI haz you and pwn your maal
I haz you and pwn your maal
 
Android security
Android securityAndroid security
Android security
 
android Security
android Security android Security
android Security
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basics
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012
 
Brief Tour about Android Security
Brief Tour about Android SecurityBrief Tour about Android Security
Brief Tour about Android Security
 
Hacking your Android (slides)
Hacking your Android (slides)Hacking your Android (slides)
Hacking your Android (slides)
 
From java to android a security analysis
From java to android a security analysisFrom java to android a security analysis
From java to android a security analysis
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: Android
 
Virtue Security - The Art of Mobile Security 2013
Virtue Security - The Art of Mobile Security 2013Virtue Security - The Art of Mobile Security 2013
Virtue Security - The Art of Mobile Security 2013
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
 
Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1
 
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile World
 

More from G Prachi

The trusted computing architecture
The trusted computing architectureThe trusted computing architecture
The trusted computing architectureG Prachi
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Network defenses
Network defensesNetwork defenses
Network defensesG Prachi
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilitiesG Prachi
 
Web application security part 02
Web application security part 02Web application security part 02
Web application security part 02G Prachi
 
Web application security part 01
Web application security part 01Web application security part 01
Web application security part 01G Prachi
 
Basic web security model
Basic web security modelBasic web security model
Basic web security modelG Prachi
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system securityG Prachi
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy codeG Prachi
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzingG Prachi
 
Control hijacking
Control hijackingControl hijacking
Control hijackingG Prachi
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Administering security
Administering securityAdministering security
Administering securityG Prachi
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networksG Prachi
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating systemG Prachi
 
Program security
Program securityProgram security
Program securityG Prachi
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptographyG Prachi
 
Information security introduction
Information security introductionInformation security introduction
Information security introductionG Prachi
 
Technology, policy, privacy and freedom
Technology, policy, privacy and freedomTechnology, policy, privacy and freedom
Technology, policy, privacy and freedomG Prachi
 

More from G Prachi (20)

The trusted computing architecture
The trusted computing architectureThe trusted computing architecture
The trusted computing architecture
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
 
Network defenses
Network defensesNetwork defenses
Network defenses
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
 
Web application security part 02
Web application security part 02Web application security part 02
Web application security part 02
 
Web application security part 01
Web application security part 01Web application security part 01
Web application security part 01
 
Basic web security model
Basic web security modelBasic web security model
Basic web security model
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system security
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy code
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzing
 
Control hijacking
Control hijackingControl hijacking
Control hijacking
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Administering security
Administering securityAdministering security
Administering security
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating system
 
Program security
Program securityProgram security
Program security
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptography
 
Information security introduction
Information security introductionInformation security introduction
Information security introduction
 
Technology, policy, privacy and freedom
Technology, policy, privacy and freedomTechnology, policy, privacy and freedom
Technology, policy, privacy and freedom
 

Recently uploaded

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

Mobile platform security models

  • 2. List of Topics • Introduction : Platforms and Attacks • iOS Platform Security Models • Android Platform Security Models • Detecting Android Malware in Play Store
  • 6. Two different Attack Vectors • Web Browsers • Installed Applications Both of these attack vectors are increasing in prevalence and sophistication
  • 7. Mobile Malware Attacks • Unique to Phones: • Premium SMS Messages • Identify Location • Record Phone Calls • Log SMS • Similar to desktops: • Connects to botmasters • Steals Data • Phishing • Malvertising
  • 8. Kaspersky Security Bulletin Overall statistics for 2017 • 4% of user computers were subjected to at least one Malware-class web attack over the year. • Kaspersky Lab solutions repelled 1 188 728 338 attacks launched from online resources located all over the world. • 199 455 606 unique URLs were recognized as malicious by web antivirus components. • Kaspersky Lab’s web antivirus detected 15 714 700 unique malicious objects. • 939 722 computers of unique users were targeted by encryptors. • Kaspersky Lab solutions blocked attempts to launch malware capable of stealing money via online banking on 1 126 701 devices
  • 9. Typical Scenario • Cybercriminals create an affiliate website and invite Internet users to become their accomplices • A unique modification of the malware and a landing page for download is created for each accomplice • Participants of the affiliate program trick Android users into installing malicious application • Infected device sends SMS messages to premium numbers, making money for the cybercriminals • Part of money is paid to the affiliate partners
  • 10. Mobile Malware Examples • DroidDream ( Android ) • Over 58 apps uploaded to Google Play Store • Conducts Data Theft and sends credentials to the Attackers • Ikee ( iOS ) • Worm Capabilites ( Targeted default ssh pwd ) • Worked only on Jailbroken Phones with ssh installed • Zitmo ( Windows ) • Propagates via SMS, claims to install a security certificate • Captures information from SMS, aims to defeat 2-factor Authentication • Works with Zeus botnet, timed with user PC infection
  • 11. Comparison between Platforms • Operating Systems • UNIX • Windows • Approval process for Applications • Market: Vendor controlled / Open • App signing: Vendor-issued / Self-signed • User approval of permission • Programming Language for Applications • Managed Execution: Java, .NET • Native Execution: Objective C
  • 14. iOS Application Development • Apps developed in Objective C using Apple SDK • Event-Handling model based on touch events • Foundation and UIKit frameworks provide the security key services used by all iOS Applications
  • 15. iOS Platform • Cocoa Touch: Foundation framework, OO support for collections, file management, network operations; UIKit • Media layer: supports 2D and 3D drawing, audio, video • Core OS and Core Services: APIs for files, network, etc includes SQLite, POSIX threads, UNIX sockets • Kernel: based on Mach kernel like Mac OS X
  • 16. iOS Security • Device security • Prevent unauthorized use of device • Data security • Protect data at rest; device may be lost or stolen • Network security • Networking protocols and encryption of data in transmission • App security • Secure platform foundation
  • 17. App Security • Runtime protection • System resources, kernel shielded from user apps • App “sandbox” prevents access to other app’s data • Inter-app communication only through iOS APIs • Code generation prevented • Mandatory code signing • All apps must be signed using Apple-issued certificate • Application data protection • Apps can leverage built-in hardware encryption
  • 18. iOS Sandbox • Limit app’s access to files, preferences, network, other resources • Each app has own sandbox directory • Limits consequences of attacks • Same privileges for each app
  • 19. File Encryption • The content of a file is encrypted with a per-file key, which is wrapped with a class key and stored in a file’s metadata, which is in turn encrypted with the file system key. • When a file is opened, its metadata is decrypted with the file system key, revealing the wrapped per-file key anda notation on which class protects it • The per-file key is unwrapped with the class key, then supplied to the hardware AES engine, decrypting the file as it is read from flash memory • The metadata of all files is encrypted with a random key. Since it’s stored on the device, used only for quick erased on demand.
  • 20. Masque Attack • iOS app installed using enterprise/adhoc provisioning could replace genuine app installed through the App Store, if both apps have same bundle identifier • This vulnerability existed because iOS didn't enforce matching certificates for apps with the same bundle identifier
  • 22. Platform Outline • Linux kernel, browser, SQL-lite database • Software for secure network communication • Open SSL, Bouncy Castle crypto API and Java library • C language infrastructure • Java platform for running applications • Also: video stuff, Bluetooth, vibrate phone, etc.
  • 24. Google Play Store • Self-signed apps • App permissions granted on user installation • Open market • Bad applications may show up on market • Shifts focus from remote exploit to privilege escalation
  • 25. Security Features • Isolation • Multi-user Linux operating system • Each application normally runs as a different user • Battery life • Developers must conserve power • Applications store state so they can be stopped (to save power) and restarted – helps with DoS • Communication between applications • May share same Linux user ID • Access files from each other • May share same Linux process and Dalvik VM • Communicate through application framework • “Intents,” based on Binder, discussed in a few slides
  • 26. Application Development Concepts • Activity – one-user task • Example: scroll through your inbox • Email client comprises many activities • Service – Java daemon that runs in background • Example: application that streams an mp3 in background • Activity • User click on inbox entry fires an intent to the viewer activity, which then allows user to view that email • Content provider • Store and share data using a relational database interface • Broadcast receiver • “mailboxes” for messages from other applications • Intents – asynchronous messaging system • Fire an intent to switch from one activity to another • Example: email app has inbox, compose activity, viewer
  • 27. Exploit Prevention • 100 libraries + 500 million lines new code • Open source -> public review, no obscurity • Goals • Prevent remote attacks, privilege escalation • Secure drivers, media codecs, new and custom features • Overflow prevention • ProPolice stack protection • First on the ARM architecture • Some heap overflow protections • Chunk consolidation in DL malloc (from OpenBSD)
  • 28. Application Sandbox • Each application runs with its UID in its own Dalvik virtual machine • Provides CPU protection, memory protection • Authenticated communication protection using Unix domain sockets • Only ping, zygote (spawn another process) run as root • Applications announces permission requirement • Create a whitelist model – user grants access • But don’t want to ask user often – all questions asked as install time • Inter-component communication reference monitor checks permissions
  • 29. Layers of Security • Each application executes as its own user identity • Android middleware has reference monitor that mediates the establishment of inter-component communication (ICC)
  • 30. Java Sandbox Four complementary mechanisms • Class loader • Separate namespaces for separate class loaders • Associates protection domain with each class • Verifier and JVM run-time tests • NO unchecked casts or other type errors, NO array overflow • Preserves private, protected visibility levels • Security Manager • Called by library functions to decide if request is allowed • Uses protection domain associated with code, user policy
  • 31. Comparison: iOS vs Android • App approval process • Android apps from open app store • iOS vendor-controlled store of vetted apps • Application permissions • Android permission based on install-time manifest • All iOS apps have same set of “sandbox” privileges • App programming language • Android apps written in Java; no buffer overflow… • iOS apps written in Objective-C
  • 32. Detecting Malware in Play Store
  • 33. Detecting Malware in Play Store • Signature based Malware Detection • Specification based Malware detection • Behaviour based Malware Detection • Application Permission Analysis • Cloud based Malware Detection
  • 34. Signature Based Malware Detection • Signature-based detection works by scanning the contents of computer files and cross-referencing their contents with the “code signatures” belonging to known viruses. • A library of known code signatures is updated and refreshed constantly by the store. • If a viral signature is detected, the software acts to block application from causing any damage. • Clearly there will always be new and emerging viruses with their own unique code signatures. • Hence the library is updated frequently to detect application with malware
  • 35. Specification Based Malware Detection • Specification based detection makes use of certain rule set of what is considered as normal in order to decide the maliciousness of the program violating the predefined rule set. • Thus programs violating the rule set are considered as malicious program. In specification-based malware detection, where a detection algorithm that addresses the deficiency of pattern-matching was developed. • This algorithm incorporates instruction semantics to detect malware instances. • The approach is highly resilience to common obfuscation techniques. It used template T to describe the malicious behaviours of a malware, which are sequence of instructions represented by variables and symbolic constants. The limitation of this approach is that the attribute of a program cannot be accurately specified. • Specification-based detection is the derivate of anomaly based detection.
  • 36. Behaviour based Malware Detection • The behaviour-based malware detection system is composed of several applications, which together provide the resources and mechanisms needed to detect malware on the Android platform. • Each program has its own specific functionality and purpose in the system and th e combination of all of them creates the Behavior- Based malware detection system. • The Android data mining scripts and applications mentioned in are the responsible for collecting data from Android applications, and the script running on the server will be the responsible for parsing and storing all collected data.
  • 37. Behaviour based Malware Detection • The methods of analysis of the behavior-based malware detection system can be divided into two main groups: • Static Analysis • Static Analysis is responsible for analysing Android source code in order to look for malicious code patterns or signatures. • This form of analysis will decompress, disassemble and search for patterns in the APK files. • The method is fast and does not generate a high processing load.
  • 38. Behaviour based Malware Detection • Dynamic Analysis • Dynamic Analysis analyses the behaviour of Android applications by monitoring system calls with the Strace tool. • All input traces generated by the Android smartphone user will be collected using the data collector application well as the crowd sourcing and data collector script. • In Dynamic Analysis the user will install, execute and generate input data for the Android applications in order to obtain an application behaviour output log file.
  • 39. Application Permission Analysis • Applications run in a sandbox environment however they need permissions to access certain data. • At the time of installation, Android platform asks the user to grant or deny permission for the application based on the activities the application can perform. • The Kirin security service interacts with Android Application installer and it also interacts with collection Kirin Security rules. • Rules represent the malicious patterns and it is compared with configuration of the installed application.
  • 40. Application Permission Analysis The study proposes five steps to identify dangerous configurations 1. Check the phone’s assets 2. What are the functional requirements 3. Analyse asset security goals and threats 4. Specify security requirements 5. Analyse security mechanism limitations
  • 41. Cloud Based Malware Detection • Google Play applications are scanned for malware. • Google uses a service named Bouncer to automatically scan applications on the Google Play Store for malware. • As soon as an application is uploaded, Bouncer checks it and compares it to other known malware, Trojans, and spyware. • Every application is run in a simulated environment to see if it will behave maliciously on an actual device. • The applications behaviour is compared to the behaviour of previous malicious apps to look for red flags. • New developer accounts are particularly scrutinized – this is to prevent repeat offenders from creating new accounts.
  • 42. Cloud Based Malware Detection • Google Play can remotely uninstall applications: If you’ve installed an app that is later found to be malicious, Google has the ability to remotely uninstall this application from your phone when it’s pulled from Google Play. • Google announced an exciting security feature called the "application verification service" to protect against harmful Android applications.