csc591 006 smartphone os security introduction
play

CSC591-006 Smartphone OS Security Introduction Spring 2012 Prof. - PowerPoint PPT Presentation

Sep 11, 2022 •124 likes •536 views

CSC591-006 Smartphone OS Security Introduction Spring 2012 Prof. William Enck NC State -- Department of Computer Science Page 1 Why Study Smartphone Security? New platform / theyre popular / its a buzzword Resource constrained

  1. CSC591-006 Smartphone OS Security Introduction Spring 2012 Prof. William Enck NC State -- Department of Computer Science Page 1

  2. Why Study Smartphone Security? • New platform / they’re popular / it’s a buzzword • Resource constrained devices (still?) • Different (intensified?) security risks • The future of computing? NC State -- Department of Computer Science Page 2

  3. This Course • This is a paper-based seminar course considering smartphone operating systems and their security • Seminar-style : round-table discussions of scientific papers led by a student moderator • OS Report : breadth study of top platforms (Android, iOS, Windows Phone, and BlackBerry) • Research Project : students will complete a conference- like paper NC State -- Department of Computer Science Page 3

  4. Grading • Project: 40% • Smartphone OS Report: 15% • Class participation: 25% • Moderating+Presentations: 10% • Paper critiques: 10% NC State -- Department of Computer Science Page 4

  5. Paper Critiques • We will discuss one or two papers every class • Critiques are due by noon the day of class ‣ Graded as “satisfactory,” “satisfactory-”, “satisfactory+” ‣ Need a “satisfactory” average to pass the class • Identify: ‣ Three technical strengths ‣ Three technical weaknesses • For each strength/weakness: ‣ Identify it and support it by arguments • Late Policy: ‣ Four 1-day extensions ‣ Drop up to 4 summaries NC State -- Department of Computer Science Page 5

  6. Paper Moderating • Assigned moderators will make a brief (5-7 minute) presentation (template on Moodle) ‣ Proposes three discussion questions • Breakout roundtable discussions for about 10 mins ‣ Groups of three (changes every class) • “All hands” discussion for about 15 mins NC State -- Department of Computer Science Page 6

  7. Selecting Papers to Moderate • Everyone must go once before anyone goes twice • Paper discussions start next week • Email me 5 top choices by next class ‣ I will make assignments ‣ If a paper isn’t desired by anyone, I’ll pick someone NC State -- Department of Computer Science Page 7

  8. OS Reports • Class broken into four teams (decided today!) ‣ Android, iOS, BlackBerry, Windows Phone • Written Report (Prelim) • Oral Presentation • Written Report (Final) ‣ Application environment ‣ Security Framework • Conclude with at least three positive and three negative critiques of the security framework. NC State -- Department of Computer Science Page 8

  9. Research Projects (Proposal) • 3-5 page project description (Written in LaTeX) ‣ Section 1: Introduction ‣ Section 2: Approach ‣ Section 3: Deliverables ‣ Section 4: Schedule ‣ References • Groups of one or two (with approval) • Oral presentations (~10 mins) NC State -- Department of Computer Science Page 9

  10. Project Status Report • Early draft of your final report ‣ Should have well written: abstract, introduction, overview of approach. ‣ Protocol/Architecture/Design should have some technical detail and a high-level architecture ‣ Placeholders for remaining sections ‣ Related work should be near complete NC State -- Department of Computer Science Page 10

  11. Final Project Report • 8-10 pages (11pt) • Final Presentation • Suggested outline: ‣ ~20 mins (depending on number of projects) ‣ Abstract ‣ 5 mins Q&A ‣ Introduction ‣ Overview of Approach ‣ Protocol/Architecture/ Design/... ‣ Evaluation ‣ Discussion ‣ Related Work ‣ Conclusions ‣ References NC State -- Department of Computer Science Page 11

  12. OS Report Teams NC State -- Department of Computer Science Page 12

  13. Quick Android Primer NC State -- Department of Computer Science Page 13

  14. Android Phones • An Android contains a number of “ applications ” ‣ Android comes installed with a number of basic systems tools, e.g., dialer, address book, etc. ‣ Developers use the Android API to construct applications. • All apps are written in Java and executed within a custom Java virtual machine. ‣ Each application package is contained in a jar file (.apk) • Applications are installed by the user ‣ No “app store” required, just build and go. ‣ Open access to data and voice services NC State -- Department of Computer Science Page 14

  15. Architecture • The Android smartphone operating system is built upon Linux and includes many libraries and a core set of applications. • The middleware makes it interesting ‣ Not focused on UNIX processes ‣ Uses the Binder component framework • Originally part of BeOS, then enhanced Phone Contacts Maps by Palm, now used in Android Application Application Application ‣ Applications consist of many Reference Binder Monitor Android Middleware Component components of different types Framework Policy ‣ Applications interact via components Linux • We focus on security with respect to the component API NC State -- Department of Computer Science Page 15

  16. Component Model • While each application runs as its own UNIX uid, sharing can occur through application-level interactions ‣ Interactions based on components ‣ Different component types • Activity • Service start/stop/bind start • Content Provider call Activity Activity Activity Service return • Broadcast Receiver callback Communicating with a Service Starting an Activity for a Result ‣ Target component in the same or different application Read/Write System Query Send Broadcast ‣ but first ... Content Activity Activity Intent Receiver Provider return Service Querying a Content Provider Receiving an Intent Broadcast NC State -- Department of Computer Science Page 16

  17. Intents • Intents are objects used as inter-component signaling ‣ Starting the user interface for an application ‣ Sending a message between components ‣ Starting a background service NC State -- Department of Computer Science Page 17

  18. Activity Component • The user interface consists of a series of Activity components. • Each Activity is a “screen”. • User actions tell an Activity to start another Activity, possibly with the expectation of a result . • The target Activity is not necessarily in the same application. • Directly or via Intent “action strings”. • Processing stops when another Activity is “on top”. NC State -- Department of Computer Science Page 18

  19. Service Component • Background processing occurs in Service components. ‣ Downloading a file, playing music, tracking location, polling, etc. ‣ Local vs. Remote Services (process-level distinction) • Also provides a “service” interface between applications ‣ Arbitrary interfaces for data transfer Android Interface Definition Language (AIDL) • ‣ Register callback methods ‣ Core functionality often implemented as Service components e.g., Location API, Alarm service • • Multiple interfaces ‣ Control: start, stop ‣ Method invocation: bind NC State -- Department of Computer Science Page 19

  20. Content Provider Component • Content Provider components provide a standardized interface for sharing data, i.e., content (between applications). • Models content in a relational DB ‣ Users of Content Providers can perform queries equivalent to SELECT, UPDATE, INSERT, DELETE ‣ Works well when content is tabular ‣ Also works as means of addressing “files” • URI addressing scheme content://<authority>/<table>/[<id>] ‣ content://contacts/people/10 ‣ NC State -- Department of Computer Science Page 20

  21. Broadcast Receiver Component • Broadcast Receiver components act as specialized event Intent handlers (also think of as a message mailbox). • Broadcast Receiver components “ subscribe ” to specific action strings (possibly multiple) ‣ action strings are defined by the system or developer ‣ component is automatically called by the system • Recall that Android provides automatic Activity resolution using “action strings”. ‣ The action string was assigned to an Intent object ‣ Sender can specify component recipient (no action string) NC State -- Department of Computer Science Page 21

  22. The Android Manifest • Manifest files are the technique for describing the contents of an application package (i.e., resource file) • Each Android application has a special AndroidManifest.xml file (included in the .apk package) ‣ describes the contained components • components cannot execute unless they are listed ‣ specifies rules for “auto-resolution” ‣ specifies access rules ‣ describes runtime dependencies ‣ optional runtime libraries ‣ required system permissions NC State -- Department of Computer Science Page 22

  23. Manifest Specification NC State -- Department of Computer Science Page 23

  24. Example Applications • FriendTracker Application FriendTracker Service to poll for friend locations ‣ Broadcasts an Intent when near a friend • FriendProvider Content Provider to store location of friends ‣ Cross references friends with system Contacts Provider • FriendTrackerControl Activity to start and stop the Service ‣ BootReceiver Broadcast Receiver to start the service on boot ‣ • FriendViewer Application FriendViewer Activity to display list of friend locations ‣ FriendMap Activity to show friends on a map (on right) ‣ FriendReceiver Broadcast Receiver to display when near ‣ • Available from http://siis.cse.psu.edu/android_sec_tutorial.html NC State -- Department of Computer Science Page 24

Recommend

Lecture 8a: Smartphone Sensing Emmanuel Agu Smartphone Sensing Recall: Smartphone Sensors

Lecture 8a: Smartphone Sensing Emmanuel Agu Smartphone Sensing Recall: Smartphone Sensors

Mobile and Ubiquitous Computing on Smartphones Lecture 8a: Smartphone Sensing Emmanuel Agu Smartphone Sensing Recall: Smartphone Sensors Typical smartphone sensors today accelerometer, compass, GPS, microphone, camera, proximity

898 views • 68 slides
This PIN Can Be Easily Guessed Analyzing the Security of Smartphone Unlock PINs Philipp Markert,

This PIN Can Be Easily Guessed Analyzing the Security of Smartphone Unlock PINs Philipp Markert,

This PIN Can Be Easily Guessed Analyzing the Security of Smartphone Unlock PINs Philipp Markert, Daniel V. Bailey, Maximilian Golla, Markus Drmuth, and Adam J. Aviv May 18, 2020 | 41st IEEE Symposium on Security and Privacy Overview ?!

355 views • 18 slides
The Privacy and CyLab Security Behaviors of Smartphone Engineering &amp; App Developers

The Privacy and CyLab Security Behaviors of Smartphone Engineering &amp; App Developers

The Privacy and CyLab Security Behaviors of Smartphone Engineering &amp; App Developers Public Policy Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason Hong, Lorrie Faith y &amp; c S a e v c i u r P r i t e y l b L a

646 views • 26 slides
AppsPlayground: Automatic Security Analysis of Smartphone Applications Vaibhav Rastogi , Yan Chen,

AppsPlayground: Automatic Security Analysis of Smartphone Applications Vaibhav Rastogi , Yan Chen,

AppsPlayground: Automatic Security Analysis of Smartphone Applications Vaibhav Rastogi , Yan Chen, and William Enck Lab for Internet and Security Technology, Northwestern University North Carolina State University h li S i i 1

1.22k views • 19 slides
Analyzing End-Users Knowledge and Feelings Surrounding Smartphone Security and Privacy May

Analyzing End-Users Knowledge and Feelings Surrounding Smartphone Security and Privacy May

Analyzing End-Users Knowledge and Feelings Surrounding Smartphone Security and Privacy May 21st 2015 Lydia Kraus*, Tobias Fiebig*, Viktor Miruchna*, Sebastian Mller*, Asaf Shabtai+ * Technische Universitt Berlin + Ben-Gurion University

397 views • 18 slides
Hey, You, Get Off of My Market: RAFAEL MICHAEL CS 682- ADVANCED SECURITY TOPICS Smartphone

Hey, You, Get Off of My Market: RAFAEL MICHAEL CS 682- ADVANCED SECURITY TOPICS Smartphone

Hey, You, Get Off of My Market: RAFAEL MICHAEL CS 682- ADVANCED SECURITY TOPICS Smartphone users over the years Leading app stores 2019 Smartphones are becoming increasingly ubiquitous With great popularity Comes great

385 views • 37 slides
Ubiquitous and Mobile Computing CS 528: Hooked on Smartphones: An Exploratory Study on Smartphone

Ubiquitous and Mobile Computing CS 528: Hooked on Smartphones: An Exploratory Study on Smartphone

Ubiquitous and Mobile Computing CS 528: Hooked on Smartphones: An Exploratory Study on Smartphone Overuse among College Students Nan Zhang Computer Science Dept. Worcester Polytechnic Institute (WPI) Introduction Smartphone Overuse Introduction

329 views • 30 slides
How to do it Wrong: Smartphone Antivirus and Security Applications Under Fire Stephan Huber,

How to do it Wrong: Smartphone Antivirus and Security Applications Under Fire Stephan Huber,

How to do it Wrong: Smartphone Antivirus and Security Applications Under Fire Stephan Huber, Siegfried Rasthofer, Steven Arzt, Michael Trger, Andreas Wittmann, Philipp Roskosch, Daniel Magin 1 Who are we Stephan Siegfried Mobile

751 views • 50 slides
CS 4518 Mobile and Ubiquitous Computing Smartphone Sensing Emmanuel Agu Smartphone Sensors

CS 4518 Mobile and Ubiquitous Computing Smartphone Sensing Emmanuel Agu Smartphone Sensors

CS 4518 Mobile and Ubiquitous Computing Smartphone Sensing Emmanuel Agu Smartphone Sensors Typical smartphone sensors today accelerometer, compass, GPS, microphone, camera, proximity Future sensors? Heart rate monitor,

825 views • 20 slides
Smartphone Sensors Using raw smartphone sensor data in the classroom Albert Schueller Department

Smartphone Sensors Using raw smartphone sensor data in the classroom Albert Schueller Department

JMM Denver 2020 Smartphone Sensors Using raw smartphone sensor data in the classroom Albert Schueller Department of Mathematics and Statistics Overview Introduce a collection of useful technologies that have a broad range of applications and

289 views • 15 slides
Regaining control of your smartphone with postmarketOS and Maemo Leste Merlijn Wajer, Bart

Regaining control of your smartphone with postmarketOS and Maemo Leste Merlijn Wajer, Bart

Regaining control of your smartphone with postmarketOS and Maemo Leste Merlijn Wajer, Bart Ribbers February 2, 2020 February 2, 2020 1 / 29 Status of GNU/Linux on the smartphone Brief introduction Why GNU/Linux on the smartphone?

498 views • 34 slides
Route Choice Model using Smartphone GPS Data Gregory Lue Presentation Outline Introduction

Route Choice Model using Smartphone GPS Data Gregory Lue Presentation Outline Introduction

Estimating a Toronto Pedestrian Route Choice Model using Smartphone GPS Data Gregory Lue Presentation Outline Introduction Background Data Smartphone Data Alternative Route Generation Choice Model Toronto Case Study

1.32k views • 84 slides
Smartphone Imaging Trends Brian Klug Sr. Smartphone Editor, AnandTech.com Thursday, February 7,

Smartphone Imaging Trends Brian Klug Sr. Smartphone Editor, AnandTech.com Thursday, February 7,

Smartphone Imaging Trends Brian Klug Sr. Smartphone Editor, AnandTech.com Thursday, February 7, 13 Background B.S. - Optical Sciences &amp; Engineering, University of Arizona Imaging Technology Lab with Steward Observatory Worlds first curved

560 views • 44 slides
Privacy in the Smartphone Age Di Ma NSF US/Mid-East Workshop on Trustworthiness in Emerging

Privacy in the Smartphone Age Di Ma NSF US/Mid-East Workshop on Trustworthiness in Emerging

Privacy in the Smartphone Age Di Ma NSF US/Mid-East Workshop on Trustworthiness in Emerging Distributed Systems and Networks June 4-6, 2012 Istanbul, Turkey The issue Privacy in the smartphone age I s important because smartphones

233 views • 6 slides
A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

ADVANCED COMPUTER SECURITY INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT IS SECURITY? A systems security policies describe What the system is supposed to do Store and provide access

479 views • 16 slides
Ubiquitous and Mobile Computing CS 528: My Smartphone Knows I am Hungry Hoang Ngo Computer Science

Ubiquitous and Mobile Computing CS 528: My Smartphone Knows I am Hungry Hoang Ngo Computer Science

Ubiquitous and Mobile Computing CS 528: My Smartphone Knows I am Hungry Hoang Ngo Computer Science Dept. Worcester Polytechnic Institute (WPI) Smartphone and Unhealthy Eating 25 Students 10 weeks Run in background 24/7 Collect:

570 views • 34 slides
Nomadic Honeypots A Novel Concept for Smartphone Honeypots Steffen Liebergeld , Matthias Lange and

Nomadic Honeypots A Novel Concept for Smartphone Honeypots Steffen Liebergeld , Matthias Lange and

Nomadic Honeypots A Novel Concept for Smartphone Honeypots Steffen Liebergeld , Matthias Lange and Collin Mulliner Security in Telecommunications Technische Universit at Berlin, Germany { steffen,mlange } @sec.t-labs.tu-berlin.de Northeastern

713 views • 11 slides
Security of diabetes monitoring apps Research project 1 Security and Network Engineering Edgar

Security of diabetes monitoring apps Research project 1 Security and Network Engineering Edgar

Security of diabetes monitoring apps Research project 1 Security and Network Engineering Edgar Bohte &amp; Roy Vermeulen Why diabetes? 2 3 The upside 4 Smartphone app security 5 Health data confidentiality 6 Diabetes data integrity

645 views • 28 slides
Are Mobile OS Ready for the Post-Smartphone Era? Felix Xiaozhu Lin Assistant Professor,

Are Mobile OS Ready for the Post-Smartphone Era? Felix Xiaozhu Lin Assistant Professor,

Are Mobile OS Ready for the Post-Smartphone Era? Felix Xiaozhu Lin Assistant Professor, Purdue ECE http://xsel.rocks In Collaboration with Prof. Feng Qian , Indiana University Sponsors: NSF and Google Post Smartphone Era

764 views • 41 slides
Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security Council Security Council Practices and Charter Research Branch Security Council Affairs Division Department of Political Affairs United Nations August

490 views • 28 slides
Alec Mitnik Computer Science Dept. Worcester Polytechnic Institute (WPI) Introduction/Motivation

Alec Mitnik Computer Science Dept. Worcester Polytechnic Institute (WPI) Introduction/Motivation

BeWell: A Smartphone Application to Monitor, Model and Promote Wellbeing CS 525: Mobile and Ubiquitous Computing Alec Mitnik Computer Science Dept. Worcester Polytechnic Institute (WPI) Introduction/Motivation BeWell: A smartphone app that

500 views • 19 slides
Ubiquitous and Mobile Computing CS 528: Visage: A Face Interpretation Engine for Smartphone

Ubiquitous and Mobile Computing CS 528: Visage: A Face Interpretation Engine for Smartphone

Ubiquitous and Mobile Computing CS 528: Visage: A Face Interpretation Engine for Smartphone Applications Qiwen Chen Electrical and Computer Engineering Dept. Worcester Polytechnic Institute (WPI) Introduction Visage: A robust, real time

572 views • 24 slides
DroidCluster: Towards Smartphone Cluster Computing The Streets are Paved with Potential Computer

DroidCluster: Towards Smartphone Cluster Computing The Streets are Paved with Potential Computer

DroidCluster: Towards Smartphone Cluster Computing The Streets are Paved with Potential Computer Clusters Sebastian Schildt, Felix B usching, Lars Wolf PhoneCom 2012 Introduction The Cluster Implications Opportunities Once upon a time...

471 views • 21 slides

More recommend