collaborative verification of information flow for a high
play

Collaborative Verification of Information Flow for a High-Assurance - PowerPoint PPT Presentation

Collaborative Verification of Information Flow for a High-Assurance App Store Michael D. Ernst, Ren Just , Suzanne Millstein, Werner Dietl*, Stuart Pernsteiner, Franziska Roesner, Karl Koscher, Paulo Barros, Ravi Bhoraskar, Seungyeop Han, Paul


  1. Collaborative Verification of Information Flow for a High-Assurance App Store Michael D. Ernst, René Just , Suzanne Millstein, Werner Dietl*, Stuart Pernsteiner, Franziska Roesner, Karl Koscher, Paulo Barros, Ravi Bhoraskar, Seungyeop Han, Paul Vines, and Edward X. Wu University of Washington *University of Waterloo November 6, 2014

  2. Introduction Approach Evaluation Conclusion Current commercial app stores Several hundred Approval process new apps per day René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 1/24

  3. Introduction Approach Evaluation Conclusion Current commercial app stores Several hundred Approval process new apps per day Problem: Every major app store has approved malware! René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 1/24

  4. Introduction Approach Evaluation Conclusion Current commercial app stores Several hundred Approval process new apps per day Problem: Every major app store has approved malware! Best-effort solution: Malware removed when encountered René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 1/24

  5. Introduction Approach Evaluation Conclusion High-assurance app stores Needed in multiple domains ◮ Government app stores (e.g., DoD) ◮ Corporate app stores (e.g., financial sector) ◮ App stores for medical apps Require stronger guarantees ◮ Verified absence of (certain types of) malware Verification is costly ◮ Effort is solely on app store side ◮ Analyst needs to understand/reverse-engineer the app René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 2/24

  6. Introduction Approach Evaluation Conclusion High-assurance app stores Needed in multiple domains ◮ Government app stores (e.g., DoD) ◮ Corporate app stores (e.g., financial sector) ◮ App stores for medical apps Require stronger guarantees ◮ Verified absence of (certain types of) malware Verification is costly ◮ Effort is solely on app store side ◮ Analyst needs to understand/reverse-engineer the app Our solution: Collaboratively verify absence of malware Our focus: Information-flow malware René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 2/24

  7. Introduction Approach Evaluation Conclusion Example: Information-flow malware App Permissions Read location Internet Sudoku René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 3/24

  8. Introduction Approach Evaluation Conclusion Example: Information-flow malware App Permissions Read location Internet Sudoku René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 3/24

  9. Introduction Approach Evaluation Conclusion Example: Information-flow malware App Permissions Read location Internet Sudoku Read location Internet Camera René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 3/24

  10. Introduction Approach Evaluation Conclusion Example: Information-flow malware App Permissions Read location Internet Sudoku Read location Internet Camera René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 3/24

  11. Introduction Approach Evaluation Conclusion Example: Information-flow malware App Permissions Information flow Read location Internet Sudoku Read location Location → Internet Internet Camera René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 3/24

  12. Introduction Approach Evaluation Conclusion Example: Information-flow malware App Permissions Information flow Read location Internet Sudoku Read location Location → Internet Internet Camera René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 3/24

  13. Introduction Approach Evaluation Conclusion Example: Information-flow malware App Permissions Information flow Read location Internet Sudoku Read location Location → Internet Internet Camera Read location Internet Map René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 3/24

  14. Introduction Approach Evaluation Conclusion Example: Information-flow malware App Permissions Information flow Read location Internet Sudoku Read location Location → Internet Internet Camera Read location Internet Map René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 3/24

  15. Introduction Approach Evaluation Conclusion Example: Information-flow malware App Permissions Information flow Read location Internet Sudoku Read location Location → Internet Internet Camera Read location Location → Internet Internet Map René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 3/24

  16. Introduction Approach Evaluation Conclusion Example: Information-flow malware App Permissions Information flow Read location Internet Sudoku Read location Location → Internet Internet Camera Read location Location → Internet Internet Map René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 3/24

  17. Introduction Approach Evaluation Conclusion Example: Information-flow malware App Permissions Information flow Read location Internet Sudoku Read location Location → Internet Internet Camera Location → Read location Location → BadGuy.com Internet Internet Map René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 3/24

  18. Introduction Approach Evaluation Conclusion Example: Information-flow malware App Permissions Information flow Read location Internet Sudoku Read location Location → Internet Internet Camera Location → Read location Location → BadGuy.com Internet Internet Map René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 3/24

  19. Introduction Approach Evaluation Conclusion Example: Information-flow malware App Permissions Information flow Read location Internet Prevent malware using an Sudoku information flow type-system Read location Location → Internet Internet Camera Location → Read location Location → BadGuy.com Internet Internet Map René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 3/24

  20. Introduction Approach Evaluation Conclusion Approach: Overview Collaborative verification model ◮ Leverage but don’t trust the developer Information Flow Type-checker (IFT) ◮ Finer-grained permission model for Android ◮ False positives and declassifications ◮ Implicit information flow Evaluation ◮ Effectiveness: Effective for real malware in real apps ◮ Usability: Low annotation and auditing burden René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 4/24

  21. Introduction Approach Evaluation Conclusion Collaborative verification model Developer provides App Annotated description source code René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 5/24

  22. Introduction Approach Evaluation Conclusion Collaborative verification model Developer provides App Declassification Information Annotated description justifications flow policy source code High-level description of information flows in app ( LOCATION -> INTERNET ) René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 5/24

  23. Introduction Approach Evaluation Conclusion Collaborative verification model Developer provides App Declassification Information Annotated description justifications flow policy source code App store verifies René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 5/24

  24. Introduction Approach Evaluation Conclusion Collaborative verification model Developer provides App Declassification Information Annotated description justifications flow policy source code 1 Analyst verifies: acceptable behavior App store verifies René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 5/24

  25. Introduction Approach Evaluation Conclusion Collaborative verification model Developer provides App Declassification Information Annotated description justifications flow policy source code 1 2 Analyst verifies: Type checker verifies: acceptable behavior annotations consistent App store verifies René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 5/24

  26. Introduction Approach Evaluation Conclusion Collaborative verification model Developer provides App Declassification Information Annotated description justifications flow policy source code 1 2 3 Analyst verifies: Type checker verifies: Analyst verifies: acceptable behavior annotations consistent declassifications App store verifies René Just, UW CSE Collaborative Verification of Information Flow for a High-Assurance App Store 5/24

Recommend


More recommend