marlon
Uploaded by
36 SLIDES
498 VIEWS
360LIKES

Android Declassification Infrastructure

DESCRIPTION

The Declassifier Project aims to improve Android security by refining the permission model for applications. Built upon the foundations of the Android OS, which powers a vast majority of smartphones, our initiative identifies commonly used and vulnerable permissions, breaking them down into smaller, more specific permissions. This leads to less-privileged applications that maintain operational functionality while enhancing user security. This paper outlines the technical implementation of our Declassifier services, including broadcast receivers, content providers, and activity prompts, to ensure refined control over data access.

1 / 36

Download Presentation

Android Declassification Infrastructure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Android Declassification Infrastructure Matan David Yuval Evron Project Advisor: Roei Schuster

  2. Smart Phones • Go with us everywhere we go. • Getting richer in capabilities and sensors. • We install different applications on our phone. • An over-privileged application could pose a serious threat to us as end users.

  3. Android OS • Unveiled by Google at 2007. • Based on the Linux OS. • Used by 50% of smartphone owners in the U.S. • Over 400 million Android devices in use by February 2012. • Over 1,000,000 Android devices activated every day.

  4. Android Permissions • Enables apps to “communicate” with different hardware components (Camera, SD Card..) • <uses-permission android:name= "android.permission.CAMERA"/> • Not very fine grained. • Each permission grants access to not only one service, but to several.

  5. Our Project • Does not involve changing the OS infrastructure itself. • Identify the most commonly used and most vulnerable permissions . • Subdivide them into smaller, finer grained permissions. • A “Declassifier”.

  6. Project Goals • Enable much safer Android programming. • Applications utilizing our infrastructure will be less privileged and more secure. • No compromise on application functionality. • Make porting of applications as simple as possible.

  7. Success Criteria • Try to influence as many applications as possible. • Success will be measured by revising consumer applications, limiting their privileges, while preserving their original capabilities.

  8. Implemented Declassifier Services • Android Permission – android.permission.READ_CONTACTS Declassifier Permissions: • my.declassifier.CONTACTS_PHOTO_BY_NAME_PERMISSION • my.declassifier.CONTACTS_PHONE_BY_NAME_PERMISSION • my.declassifier.CONTACTS_ADDRESS_BY_NAME_PERMISSION • my.declassifier.CONTACTS_BIRTHDAY_BY_NAME_PERMISSION • my.declassifier.CONTACTS_EMAIL_BY_NAME_PERMISSION • my.declassifier.CONTACTS_IS_STARRED_BY_NUMBER_PERMISSION • Android Permission - android.permission.WRITE_EXTERNAL_STORAGE Declassifier Permissions: • my.declassifier.EXTERNALSTORAGE_WRITE_FILE_PERMISSION • my.declassifier.EXTERNALSTORAGE_DELETE_FILE_PERMISSION • my.declassifier.EXTERNALSTORAGE_ALL_FILENAMES_PERMISSION • my.declassifier.EXTERNALSTORAGE_CLEAR_ALL_DATA_PERMISSION • Android Permission – android.permission.READ_PHONE_STATE Declassifier Permissions: • my.declassifier.PHONE_STATED_READ_PHONE_TYPE_PERMISSION • my.declassifier.PHONE_STATE_READ_SUBSCRIBER_ID_PERMISSION • my.declassifier.PHONE_STATE_READ_CALL_STATE_PERMISSION • my.declassifier.PHONE_STATE_READ_SIM_SERIAL_NUMBER_PERMISSION

  9. Implemented Declassifier Services • Android Permission -android.permission.READ_CALENDAR Declassifier Permissions: • my.declassifier.CALENDAR_EVENT_DATE_BY_TITLE_PERMISSION • my.declassifier.CALENDAR_LOCATION_BY_TITLE_PERMISSION • my.declassifier.CALENDAR_DESCRIPTION_BY_TITLE_PERMISSION • Android Permission -android.permission.RECORD_AUDIO Declassifier Permissions: • my.declassifier.START_VOICE_RECORD_PERMISSION • Android Permission -android.permission.CHANGE_WIFI_STATE Declassifier Permissions: • my.declassifier.TURN_OFF_WIFI_PERMISSION • my.declassifier.TURN_ON_WIFI_PERMISSION • my.declassifier.CONNECT_TO_WIFI_PERMISSION

  10. Implementation We broke down our Declassifier into 3 types: • BroadcastReceiver – • The app sends an ordered broadcast, with all the information encapsulated inside an Intent. Intent i = newIntent("com.example.Declassifier. CALENDAR_EVENT_BY_TITLE_ACTION"); i.putExtra("Title",titleNameStr); • The app also supplies a custom BroadcastReceiver which will handle the Declassifier’s result (callback mechanism). • The Declassifier filters out requests which to not satisfy the relevant permissions, and the app filters out returned results from unauthorized sources.

  11. Implementation • ContentProvider – • Encapsulates data and provides it to applications through the single ContentResolver interface. • Content is queried: Uri uri = Uri.parse("content://" + AUTHORITY + "/" + BASE_PATH + "/" + GET_EVENT_DESCRIPTION_BY_TITLE); Cursor cursor = cr.query(uri,null,selection,null,null); • A cursor to the content is returned. • The Declassifier checks if the given URI is permitted access (using the path-permission mechanism) and filters out queries that are not.

  12. Implementation • Activity - • Pops up a confirmation screen on the service the 3rd party application is trying to access. • The User has the option of granting or denying the application access. • If permission is granted, the calling application uses service as needed. • If permission is denied, the calling application will return appropriate message and end running method.

  13. Ported Applications • SMS Popup – For use with the Phone State declassifier • http://code.google.com/p/android-smspopup/ • Auto Answer – For use with the Contacts declassifier. • http://code.google.com/p/auto-answer/ • My Simple Notepad – For use with the External Storage declassifier. • http://code.google.com/p/my-simple-notepad/feeds • Wifi Compass – For use with the Wifideclassifier. • http://code.google.com/p/wificompass/ • GVoiceMail – For use with the Voice Record declassifier. • http://code.google.com/p/gvoicemail/

  14. Running Examples - Auto Answer

  15. Running Examples - Auto Answer

  16. Running Examples - Auto Answer

  17. Running Examples - GVoiceMail

  18. Running Examples - GVoiceMail

  19. Running Examples - GVoiceMail

  20. Running Examples - GVoiceMail

  21. Running Examples - GVoiceMail

  22. Running Examples - wificompass

  23. Running Examples - wificompass

  24. Running Examples - wificompass

  25. Running Examples - wificompass

  26. Running Examples - wificompass

  27. Running Examples - wificompass

  28. Running Examples - wificompass

  29. Running Examples - my-simple-notepad

  30. Running Examples - my-simple-notepad

  31. Running Examples - my-simple-notepad

  32. Running Examples - my-simple-notepad

  33. Running Examples - my-simple-notepad

  34. Running Examples - my-simple-notepad

  35. Running Examples - SMSPopup

  36. Running Examples - SMSPopup

More Related