leave me alone: app-level protection against runtime information
TRANSCRIPT
![Page 1: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/1.jpg)
Wayne State University CSC 6991 Advanced Computer Security 1
Nan Zhang, Kan Yuan, Muhammad Naveed, Xiaoyong Zhou and XiaoFeng Wang
Presented by Hitakshi Annayya
Leave Me Alone: App-level Protection Against Runtime Information
Gathering on Android
![Page 2: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/2.jpg)
Contents
Wayne State University CSC 6991 Advanced Computer Security 2
1. RIG Attacks 2. Android-Based IoT 3. Previous Works 4. App Guardian 5. Evaluation and Analysis 6. Conclusion 7. References
![Page 3: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/3.jpg)
RIG Attacks
Wayne State University CSC 6991 Advanced Computer Security 3
Runtime-Information-Gathering (RIG)
- Collect runtime information from target app (the victim) - Directly steal or indirectly infer sensitive user information 1) Design weaknesses of the OS shared communication channels such as Bluetooth 2) Side channels memory and network-data usages
![Page 4: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/4.jpg)
Android Permission Issues
Wayne State University CSC 6991 Advanced Computer Security 4
A malicious app needs to run side-by-side with the target app (the victim) to collect its runtime information. A malicious app can abuse the permission it gets “to directly collect sensiAve data from the target app running in the foreground.” RIG aHacks exploit apps to obtain sensiAve user data “ranging from phone conversaAons to health informaAon;” A game app with the Bluetooth permission for connecAng to its playpad can also download paAent data from a Bluetooth glucose meter.”
![Page 5: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/5.jpg)
Android-based Internet of Things (IoT)
Wayne State University CSC 6991 Advanced Computer Security 5
1. Belkin NetCam Wi-Fi Camera with Night Vision Designed for home surveillance and motion detection Report to the house owner remotely
2. Nest Protect Shipped 440,000 of its smoke alarms in the United States between Nov. 2013 and Apr. 2014
![Page 6: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/6.jpg)
NetCam Communication Model
Wayne State University CSC 6991 Advanced Computer Security 6
![Page 7: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/7.jpg)
NetCam Attacks
Wayne State University CSC 6991 Advanced Computer Security 7
Ø Utilize two side channels • Traffic statistics: tcp_snd and tcp_rcv • CPU usage: /proc/<pid>/stat
Three steps • Infer if anybody is at home • Mute alarm • Infer anybody is watching surveillance https://sites.google.com/site/appguaridan/
Motion Detection
![Page 8: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/8.jpg)
How to Protect from RIG a0ack ?
Wayne State University CSC 6991 Advanced Computer Security 8
![Page 9: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/9.jpg)
Previous Works
Wayne State University CSC 6991 Advanced Computer Security 9
Ø Enhancing access control causes compatibility issues + Prevent information leaks during security-critical operations such as phone calls
+ Remove public resources that could be used for a side-channel analysis
- Inevitably make the system less usable
- Cause compatibility issues
![Page 10: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/10.jpg)
Previous Works
Wayne State University CSC 6991 Advanced Computer Security 10
Ø Modify OS
Complicated and painful (Android OS ecosystem: fragmentation)
- New protection takes a long time before it can reach Android devices worldwide; - New RIG attacks continue to be brought to the spotlight; - It is less clear what an app can do by itself to control its information exposed by the OS.
![Page 11: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/11.jpg)
Researchers proposed solution
App Guardian
Wayne State University CSC 6991 Advanced Computer Security 11
![Page 12: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/12.jpg)
App Guardian
Wayne State University CSC 6991 Advanced Computer Security 12
1. IntroducAon 2. Network Architecture 3. EvaluaAon 4. Conclusion 5. References
1. Information Gathering - Permissions, side-channels
2. Install / Run time features
3. Report suspicious apps
4. kill suspicious app
5. Principal finished 6. Resume suspicious app
![Page 13: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/13.jpg)
Grant Guardian a set of permissions
• KILL_BACKGROUND_PROCESSES – for closing other third-‐party apps • SYSTEM_ALERT_WINDOW -‐ for popping up an alert to the user • INTERNET – to access internet • GET_TASK -‐ for ge_ng top acAvity • BIND_NOTIFICATION_LISTENER_SERVICE -‐ for controlling noAficaAons
Wayne State University CSC 6991 Advanced Computer Security 13
![Page 14: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/14.jpg)
Life cycle of Guardian Protection
Wayne State University CSC 6991 Advanced Computer Security 14
Normal Mode
Ward Mode
![Page 15: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/15.jpg)
Monitoring
Wayne State University CSC 6991 Advanced Computer Security 15
![Page 16: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/16.jpg)
Entering the ward
Wayne State University CSC 6991 Advanced Computer Security 16
![Page 17: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/17.jpg)
Entering the ward
(typically) 9 2
oom_adj score (-‐17 ~ 15)
CSC 6991 Advanced Computer Security 17
![Page 18: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/18.jpg)
Exiting the ward
Wayne State University CSC 6991 Advanced Computer Security 18 CSC 6991 Advanced Computer Security
![Page 19: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/19.jpg)
Impacts on Performance • Close an app which might be restarted later + App states are well preserved -‐ Take longer Ame than Switch to foreground
Wayne State University CSC 6991 Advanced Computer Security 19
![Page 20: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/20.jpg)
Finding suspicious App • Use malicious app’s side channel
Wayne State University CSC 6991 Advanced Computer Security 20
![Page 21: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/21.jpg)
Data Stealing A7acks
1. RECORD_AUDIO permission
2. Start Audioin_X process to record audio (/proc/<pid>/task/<Ad>/status)
Side-‐channel A7acks
• How frequently app uses the CPU resources
• Number of Ames schedule to use CPU
Finding suspicious App (Cont.)
Wayne State University CSC 6991 Advanced Computer Security 21
![Page 22: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/22.jpg)
Behavior change • Challenge: -‐ keep low profile before the principal show up -‐ act aggressively anerwards • Solu<on: Pearson correlaAon coefficient (r)
Wayne State University CSC 6991 Advanced Computer Security 22
![Page 23: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/23.jpg)
Collusion • Challenge:
MulAple apps sample at a lower rate but sAll collect sufficient informaAon
• Solu<on: Ø Grouping apps with same signature Ø Detect link-‐installed apps Ø Ask user if less obvious recommenendaAon
Wayne State University CSC 6991 Advanced Computer Security 23
![Page 24: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/24.jpg)
Self Protec6on
• Use startForceground to start a service Prevent it from killed by KILL_BACKGROUND_PROCESSES
Wayne State University CSC 6991 Advanced Computer Security 24
![Page 25: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/25.jpg)
Evaluation and analysis
Wayne State University CSC 6991 Advanced Computer Security 25
![Page 26: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/26.jpg)
Effectiveness • Defeat all 12 RIG Attacks
Wayne State University CSC 6991 Advanced Computer Security 26
![Page 27: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/27.jpg)
Utility Impacts and Performance • 475 popular Apps from 27 categories on Google Play Store
- 92 apps (19.3%) apps potentially needs to be closed - 8 apps (1.68%) may affect phone users’ experience
Wayne State University CSC 6991 Advanced Computer Security 27
![Page 28: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/28.jpg)
Overhead • CPU & Memory usage Two Nexus5 phones with 250 apps installed on each
- In ward mode, 5% CPU Resource, 40MB Memory - Out of ward mode, < 1% CPU
• Battery Usage Two Nexus5 phones with 50 apps installed on each
- In ward mode, 0.12% ~ 0.18% per hour - Out of ward mode, 0.75% ~ 1.05% per day - Estimate a day, 0.84~ 1.18% per day
Wayne State University CSC 6991 Advanced Computer Security 28
![Page 29: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/29.jpg)
Discussion and future work • Detection and Separation
A more accurate identification of malicious activities will help
• Background process protection Protect background process at minimal cost
• Sanitization Thoroughly clean up the principals’ execution environment after the program stop running
• Possible side-channel attack on iOS / WatchOS
Wayne State University CSC 6991 Advanced Computer Security 29
![Page 30: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/30.jpg)
Conclusion
Ø Serious of RIG attacks on Android IoT systems are also vulnerable
Ø App Guardian • App level protection • Uses side channel to protect principle
Wayne State University CSC 6991 Advanced Computer Security 30
![Page 31: Leave Me Alone: App-level Protection Against Runtime Information](https://reader030.vdocuments.us/reader030/viewer/2022020213/58a2f30b1a28ab90228c4910/html5/thumbnails/31.jpg)
Thank you !
Wayne State University CSC 6991 Advanced Computer Security 31