Enhancing Enterprise Policy Enforcement on Android Devices

Slide Note
Embed
Share

Smartphones are increasingly vital in the workplace, but managing Android devices for enterprise use presents challenges due to inadequate permission settings and legacy systems. Current research aims to customize systems for policy enforcement, despite the need for extensive modifications and lack of isolation between apps and management code.

bowe_635
bowe_635 Follow

Uploaded on Oct 01, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Fall 2015 Instructor: Kun Sun, Ph.D.

  2. Roadmap Introduction Overview DeepDroid-Permission DeepDroid-Behavior Evaluation Conclusion

  3. Introduction Smartphones are increasingly adopted in workspace 51% of end users rely on smartphones to perform daily business activities. Cisco However, Android devices are not easily managed for system design Permission: Coarse and not configurable Device Administration API SEAndroid: legacy phones(85.8%<version 4.3), inadequate MAC in middleware

  4. Current Status Device OEMs add their own management APIs Samsung SAFE & Knox HTC APIs 3LM APIs MDM vendors bustle about all these extended APIs

  5. Current Research Customize system to enforce policies Require tremendous modification to source code Portability issue for Android branches and OEMs Rewrite Android apps Intercept security sensitive APIs from multiple layers Lack of isolation between App and management code

  6. Roadmap Introduction Overview DeepDroid-Permission DeepDroid-Behavior Evaluation Conclusion

  7. Overview centralized controller system_server for middleware permissions system_server client-server architecture system services, content providers, etc. com.android.phone /system/bin/mediaserver android.process.media Communication-Binder RPC to services/Callbacks Intent Content Providers Messengers Ashmem android.process.acore

  8. Overview (cont.) Operations inside of process boundary Based on Linux system calls Comply with Linux DAC Create process that can: read/write sdcard access network use camera read contacts Activity Manager zygote Linux privilege authorized right after process creation setgroups/setresgid/setresuid app3 app2 app1

  9. Our approach Dynamic memory instrumentation flexible permission system_server com.android.phone /system/bin/mediaserver android.process.media android.process.acore behavior extraction & enforcement

  10. Our approach (cont.) System call tracking Tracking process creation for privilege authorization Tracking process operations zygote app3 app2 app1

  11. Why our approach? Stable system architecture permission mechanism, system services, binder realization, etc. Reduce source code modification to configuration carry little burden on vendor customization Central management isolation transparent to apps

  12. Roadmap Introduction Overview DeepDroid-Permission DeepDroid-Behavior Evaluation Conclusion

  13. DeepDroid-Permission system_server is the core of permission mechanism. A few checking interfaces system_server Permission Check inter- process Monitoring Code Enterprise Policy Repository Key: Java method redirection

  14. DeepDroid-Permission classes.dex byte code dalvik-LinearAlloc accessFlags Method insns interpretor nativeFunc native code libx.so

  15. DeepDroid-Permission Some permissions (user groups) are checked in Kernel. system_server monitoring 3: reset groups & track until setuid 2: recognize app 1: launch request --runtime-init --setuid=10028 --setgid=10028 --setgroups=1015, 3003, 1006, 1007 android.app.ActivityThread app process zygote fork

  16. Roadmap Introduction Overview DeepDroid-Permission DeepDroid-Behavior Evaluation Conclusion

  17. DeepDroid-Behavior Interactions between apps and system services ioctl(binderFd, BINDER_WRITE_READ, &bwr) By tampering Global Offset Table (GOT) of libbinder.so system_server android.process.acore upper layers upper layers app access to services call-backs Intent ContentProviders Messenger ashmem libbinder.so libbinder.so Behavior Enforcement libc.so libc.so Binder driver

  18. DeepDroid-Behavior Synchronous invocation E.g., getLastKnownLocation(), getDeviceId() system process pairwise within binder thread BR_TRANSACTION requests interfaces defined in aidl & in .java reflect on write buffer BC_REPLY return value

  19. DeepDroid-Behavior Asynchronous invocation With oneway callback(e.g., onLocationChanged) system process counterpart recognization 1) servicemanager 2) IBinder instances get a remote handle reflect on write buffer BC_TRANSACTION callback value interfaces defined in aidl or in .java

  20. DeepDroid-Behavior Parameter types IBinder: map remote handles to uid/pid ParcelFileDescriptor: shared memory (content provider, media, etc.) Parcelable: rebuild objects with built-in CREATOR

  21. Roadmap Introduction Overview DeepDroid-Permission DeepDroid-Behavior Evaluation Conclusion

  22. Tested Resources Resource Permission Group PEP1 Process IMEI package READ_PHONE_STATE com.android.phone Phone # package READ_PHONE_STATE location package system_server ACCESS_FINE_LOCATION contacts package android.process.acore READ_CONTACTS camera camera package/PCG2 mediaserver CAMERA account package system_server GET_ACCOUNTS logs log READ_LOGS PCG2 app process network inet package/PCG2 INTERNET SMS package com.android.phone SEND_SMS 1PEP: permission enforcement point 2PCG Process Creation Guard

  23. Tested Devices Device Android OS Nexus S(Samsung) Android OS 2.3.6 Sony LT29i Android OS 4.1.2 Android OS 4.2.2 Android OS 4.0 Galaxy Nexus(Samsung) Samsung Galaxy Note II Android OS 4.1 Samsung Galaxy Note 3 Android OS 4.3 Nexus 5(LG) Android OS 4.4 Meizu MX II Flyme 3.2 (Android OS 4.2.1) Android OS 4.2 Huawei Honor 3c

  24. Performance

  25. Performance (cont.)

  26. Performance (cont.) Benchmark Scores Normal Quadrant Traced Quadrant Normal CaffeineMark Trace CaffeineMark MX II 2508.5 2507.6 6367.2 6207.5 LT29i 4653.8 4553.6 14125.5 13998.5 Nexus S 1750.0 1705.6 5982.8 5959.9

  27. Roadmap Introduction Overview DeepDroid-Permission DeepDroid-Behavior Evaluation Conclusion

  28. Conclusion We propose a framework to achieve a fine- grained control on Android resources. DeepDroid dynamically instruments and traces core processes of Android system. Based on stable structures across multiple OS versions, DeepDroid is easily ported. DeepDroid requires little firmware configuration rather than customizing Android source code.

Related


Introduction to Android App Development

Introduction to Android App Development

raal100
Mobile Device Management with Microsoft Intune and Android Enterprise

Mobile Device Management with Microsoft Intune and Android Enterprise

quno547
Android Studio Files

Android Studio Files

markus
Android Programming Overview and Setup

Android Programming Overview and Setup

hauf_a
Investigating Speech-to-Text Tools for Android Devices

Investigating Speech-to-Text Tools for Android Devices

snaza
Analyzing Android Applications for Malware Detection

Analyzing Android Applications for Malware Detection

mare117
Understanding Android Debug Bridge (ADB) Commands

Understanding Android Debug Bridge (ADB) Commands

ares
Advancing Enterprise Solutions Presentation for Discussion

Advancing Enterprise Solutions Presentation for Discussion

mae_261
The Global Code of Digital Enforcement: Embracing Innovation in Justice

The Global Code of Digital Enforcement: Embracing Innovation in Justice

iver
Understanding OpenGL ES for Android Development

Understanding OpenGL ES for Android Development

ammy_13
Understanding I/O Systems and Devices

Understanding I/O Systems and Devices

dson
Real-time Monitoring and Detection of Android Privacy Leakage

Real-time Monitoring and Detection of Android Privacy Leakage

sam_pla
Ultimate Guide to Setting Up Android Studio and SDK

Ultimate Guide to Setting Up Android Studio and SDK

clayborne_a
Understanding Android Application Life Cycle

Understanding Android Application Life Cycle

bjan
Event-Based Race Detection in Android Apps Using SIERRA

Event-Based Race Detection in Android Apps Using SIERRA

chibuik
Overview of Enforcement Initiatives and Outcomes at National Conference of Enforcement Officers

Overview of Enforcement Initiatives and Outcomes at National Conference of Enforcement Officers

xyla
Android Network Access Configuration Guide for Eduroam Network

Android Network Access Configuration Guide for Eduroam Network

abdulkadi
An Overview of Android Development Framework

An Overview of Android Development Framework

eval_60
Android Application Development: Enhancing User Interface with Menus

Android Application Development: Enhancing User Interface with Menus

jane_7
National Conference of Enforcement Chiefs: Enhancing Tax Compliance and Enforcement Practices

National Conference of Enforcement Chiefs: Enhancing Tax Compliance and Enforcement Practices

dustin
Enhancing Android Development Lifecycle with VALERA Record-and-Replay Approach

Enhancing Android Development Lifecycle with VALERA Record-and-Replay Approach

alejand
Occupational Safety and Health Enforcement in Nigeria: Challenges and Recommendations

Occupational Safety and Health Enforcement in Nigeria: Challenges and Recommendations

iona
Utah Division of Water Rights Enforcement Procedures Overview

Utah Division of Water Rights Enforcement Procedures Overview

keon185
OSHA Enforcement Update - MACOSH Washington, DC Summary

OSHA Enforcement Update - MACOSH Washington, DC Summary

kdole

More Related Content