Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
SecureDroid:  An  Android  Security  Framework  Extension  for  Context-­‐‑Aware  policy  Enforcement V.Arena, V. Catania,...
What  do  we  do  with  our  smartphone? Call  +  Text  =  ~  17%
Mobile  Applications v Plenty of applications in online marketsv Loss of money, loss of personal informationv Users’ se...
Applications’  Security  in  Mobile  OSs v Apple – App Storev Microsoft – Windows Phone Storev Google – Google Playv A...
Google’s  guideline  about  application’s  security Android has no mechanism for grantingpermissions dynamically (at run-t...
Android  Security  Framework v  Permissions  are  granted  only  during  installation v  Accept  all  or  cannot  instal...
Android  Security  Framework Android’s security framework checks for permissionswhen one of the following situations occur...
SecureDroid v Extends Android Security Frameworkv  Standard security control still remainsv  Compatible with applicatio...
User’s  Context v  User Context: mobile devices follow the usersv  Context from sensors, device status, …v  Application...
Policy  Model v Based on XACMLv Subject information from certificatev  Package, author, distributor, …v Resource info...
Policy <policy−set combine=”deny−overrides” description=“User’s policyset”> "<policy combine=”deny−overrides”> "<target> "...
SecureDroid’s  Architecture Get  capability 1.  PEP  sends  to  CH  subject’s  information  about  the  App  (e.g.  Certifi...
Request Request SubjectAttribute AttributeId=”id”AttributeValuecom.example.exampleApp/AttributeValue/AttributeAttribute At...
Run-­‐‑Time  policy  enforcement
Who  can  set  policies? v Manufacturerv Operator (e.g. Branded smartphones)v Third-parties (e.g. Museum, Company, …)v...
Policy  Management  UI My Context
Overall  evaluation Android  Check SecureDroid  Check Application  requires  a  capability  at  runtime 1.  Is  a  system ...
Scenarios v User’s context-aware policiesv Companies: Bring Your Own Devicev Museum: Deny camera
Conclusions  and    Future  Works Our contribute: SecureDroidv Acts at system level: platform extensionv Enforces contex...
Thanks  for  your  aXention! Giuseppe  La  Torre PhD  Student University  of  Catania  (ITALY) giuseppe.latorre@dieei.unic...
Upcoming SlideShare
Loading in …5
×

SecureDroid: An Android Security Framework Extension for Context-Aware policy Enforcement

2,149 views

Published on

Mobile devices became the main repository of personal data and source of user-generated contents as well as the principal controller of our social networked life. In this scenario, malicious applications try to take advantage of all the possibilities left open by users and operating systems. In this paper, we propose SecureDroid: an extension of the Android security frame- work able to enforce flexible and declarative security policies at run-time, providing a fine-grained access control system. In particular, we focus on context dependent policies that allow the user to specify the way in which applications work according to current context.

Published in: Technology, Business
no profile picture user

  • Login to see the comments

SecureDroid: An Android Security Framework Extension for Context-Aware policy Enforcement

  1. 1. SecureDroid:  An  Android  Security  Framework  Extension  for  Context-­‐‑Aware  policy  Enforcement V.Arena, V. Catania,G. La Torre, S. MonteleoneDepartment of Electrical,Electronics and ComputerEngineeringUniversity of Catania - ItalyPRISM  2013,  International  Conference  on  Privacy  and  Security  in  Mobile  Systems June  24-­‐‑27,  2013  Atlantic  City,  NJ,  USA F. RicciatoInnovation and IndustryRelationsTelecom Italia S.p.A. - Italy
  2. 2. What  do  we  do  with  our  smartphone? Call  +  Text  =  ~  17%
  3. 3. Mobile  Applications v Plenty of applications in online marketsv Loss of money, loss of personal informationv Users’ security depends on applications’ security
  4. 4. Applications’  Security  in  Mobile  OSs v Apple – App Storev Microsoft – Windows Phone Storev Google – Google Playv Applications are signed and must specify permissionsv User consentv Isolationv Once an application has been installed it gets accessto required permissions until it will be uninstalled
  5. 5. Google’s  guideline  about  application’s  security Android has no mechanism for grantingpermissions dynamically (at run-time)because it complicates the userexperience to the detriment of securityPARTIALLY  TRUE  …
  6. 6. Android  Security  Framework v  Permissions  are  granted  only  during  installation v  Accept  all  or  cannot  install v  Users  don’t  pay  aXention  to  them v  Downloads’  count  and  users’  comments  are  more  effective.
  7. 7. Android  Security  Framework Android’s security framework checks for permissionswhen one of the following situations occurs.v An application wants to access to a particularfunctionality protected by a permission (e.g. GPSinformation),v An application tries to start an activity of anotherapplication,v Both when an application sends and receivesbroadcasts,v An application tries to access and operate on acontent provider andv When binding to or starting a service.
  8. 8. SecureDroid v Extends Android Security Frameworkv  Standard security control still remainsv  Compatible with applications from marketProvides the possibility to:v Check custom policies at runtimev Specify policies after an application has beeninstalledv Use context information as policy’s constraintsv Allow multiple parties to set policiesv Handle policy enforcement: PolicyDenyException
  9. 9. User’s  Context v  User Context: mobile devices follow the usersv  Context from sensors, device status, …v  Applications’ behavior may depend on user/device’scontextSome examplesv  Deny notification from app X while my position is in therange (Lat, Lon, R)v  Deny Internet access to App Y if my device is roamingv  Allow only my girlfriend to call me when I’m running
  10. 10. Policy  Model v Based on XACMLv Subject information from certificatev  Package, author, distributor, …v Resource information from the applicationv  Android permissions e.g android.permission.INTERNETv  Content provider URIv Context information from sensorsv  Battery levelv  User’s Positionv  Roamingv  Accelerometer, gyroscope, …
  11. 11. Policy <policy−set combine=”deny−overrides” description=“User’s policyset”> "<policy combine=”deny−overrides”> "<target> "<subject> "<subject−match attr=”id” match=”com.example.exampleApp”/> "</subject>"</target> "<rule effect=”prompt-session”>"<condition> "<resource−match attr=”android-permission” "match=”android.permission.INTERNET”/>""<resource−match attr=”uri”
match=”http://blockedsite.org∗”/>""<environment−match attr =”connection−type” "match=”mobile−roaming”/> "</condition> "</rule> "<rule effect=”permit”> "</policy> "</policy−set>
  12. 12. SecureDroid’s  Architecture Get  capability 1.  PEP  sends  to  CH  subject’s  information  about  the  App  (e.g.  Certificate)  and  the  required  capability  (e.g.  INTERNET) 2.  CH  asks  the  PAP  which  context  information  are  required  for  the  subject  (e.g.  Roaming) 3.  CH  asks  to  PIP  the  current  value  for  context  (Roaming) 4.  CH  creates  a  request  and  asks  to  PDP  to  evaluate  the  policy  for  given  subject,  resources  and  context App PEP PAP Security  Manager                      Service Context Handler Policy PDP PIP Sensors,   Device  status 1 2 3 4 5 Read/ Write policies
  13. 13. Request Request SubjectAttribute AttributeId=”id”AttributeValuecom.example.exampleApp/AttributeValue/AttributeAttribute AttributeId=”author-signature”AttributeValueBzx62xM45Lc34/AttributeValue/Attribute/SubjectResources Attribute AttributeId=”android-permission AttributeValueandroid.permission.INTERNET/AttributeValue /AttributeAttribute AttributeId=”uri AttributeValuehttp://blockedsite.org/some_content.html/AttributeValue/Attribute/ResourcesEnvironmentAttribute AttributeId=”connection-type AttributeValuemobile-roaming/AttributeValue/Attribute /Environment/Request
  14. 14. Run-­‐‑Time  policy  enforcement
  15. 15. Who  can  set  policies? v Manufacturerv Operator (e.g. Branded smartphones)v Third-parties (e.g. Museum, Company, …)v UserSecurityManagerService class:v Defines READ_POLICY and WRITE_POLICY permissionsv Provides readPolicy and writePolicy methods
  16. 16. Policy  Management  UI My Context
  17. 17. Overall  evaluation Android  Check SecureDroid  Check Application  requires  a  capability  at  runtime 1.  Is  a  system  app/service? 2.  Is  the  permission  declared  in  the  manifest? Policies  evaluation  order Manufacturer    Operator    Third-­‐‑parties    User Allow Deny SecureDroid  won’t  be  invoked
  18. 18. Scenarios v User’s context-aware policiesv Companies: Bring Your Own Devicev Museum: Deny camera
  19. 19. Conclusions  and    Future  Works Our contribute: SecureDroidv Acts at system level: platform extensionv Enforces context-aware policies at runtimev Allows multiple parties to set policiesFuture Workv Analysis of user-experience in dealing with PolicyManagement UIv  Improve context selectionv Help users in choosing policiesv  Similar applications Similar policy in similar context
  20. 20. Thanks  for  your  aXention! Giuseppe  La  Torre PhD  Student University  of  Catania  (ITALY) giuseppe.latorre@dieei.unict.it Q

×