Rete di casa e raspberry pi - Home network and Raspberry Pi
CS 626 - Feb 2011
1. Using Labeling to Prevent
Cross-Service Attacks Against
Smart Phones
C. Mulliner, G. Vigna, D. Dagon, and W. Lee.
Detection of Intrusions and Malware & Vulnerability
Assessment (DIMVA)
2006
Presented by : Ruchith Fernando
02-10-2011
3. Problem Statement
● Cross service attacks
● New network accessible services on the device
● Vulnerable to attacks
● Attacker can obtain access to valuable phone
services
● Stack protection
● Was not widely available
● Not enabled by default
CS 626 - Ruchith Fernando 3
4. Contributions
● A proof of concept of cross service attacks
● Policy Language
● Implementation and evaluation
CS 626 - Ruchith Fernando 4
5. Proof of Concept
● Phone : i-mate PDA2k
● Vulnerable application : ftpsvr
● Buffer overflow in strcpy in Session::SendToClient()
● Shell code at a global var (Using error handling
mechanism)
● Shell code
● Library calls → addrs specific to device+version
● Making a call : load library and call make call
CS 626 - Ruchith Fernando 5
6. Main Idea
● Labels are associated with interfaces
● Process labels
● Accessing a resource/interface
● Parent process
● Resource labels
● Process accessing the resource
● Monitoring component intercept system calls
● Evaluate against a set of policy rules
CS 626 - Ruchith Fernando 6
7. Formally
● Process : p
● Resource : r
● Interface : i
● Label (assigned to interfaces) : LS(i) = l
● Set of labels associated with process p : LS(p)
● Set of labels associated with process r : LS(r)
CS 626 - Ruchith Fernando 7
10. Policy Language
● Exceptions
rule => exception path action*
path => /(dirname/)* filename
action => notlabel | notinherit | notpass
notlabel – Don't label when accessing an interface
notinherit – Don't inherit when accessing a resource
notpass – Don't pass to resources and processes
CS 626 - Ruchith Fernando 10
11. Implementation
● Famlier Linux on HP iPAQ h5500
● Intercepted system calls
● execve
● socket
● open
● To handle labeling and exception policies
● Labels
● Kernel process descriptor
● File system file structure
CS 626 - Ruchith Fernando 11
12. Label Bit Field
Policy example :
access wireless_nonfree deny wireless_free
CS 626 - Ruchith Fernando 12
13. Evaluation
● Buggy custom echo server on Linux
● Exploit similar to the proof of concept
● Overhead
● Labeling overhead
● Enforcement overhead
● Tests
● File access only
● Light network usage
● Heavy network usage
CS 626 - Ruchith Fernando 13
16. Limitations
● Legitimate applications that cross service
boundaries
● Example : Bluetooth headset
● How useful is this now?
CS 626 - Ruchith Fernando 16
17. Previous Work
● Mandatory Access Control
● LOMAC - Linux
● Umbrella – Signed binaries for mobile devices
● Deeds - History-based Access Control for
Mobile Code
CS 626 - Ruchith Fernando 17