learning from ourselves
play

Learning from Ourselves: Where are we and where can we go in mobile - PowerPoint PPT Presentation

Mar 05, 2023 •288 likes •910 views

Learning from Ourselves: Where are we and where can we go in mobile systems security? Patrick McDaniel, Penn State University 1 A cautionary tale Where are we now ... September 23, 2008 May 26 th , 2016 7.67 years

  1. Learning from Ourselves: Where are we and where can we go in mobile systems security? Patrick McDaniel, Penn State University 1 �

  2. A cautionary tale …

  3. Where are we now ... • September 23, 2008 – May 26 th , 2016 • 7.67 years • 242,179,200 seconds • 4,036,320 minutes • 67,272 hours • 2,803 days • 400 weeks and 3 days

  4. 2008 View : Security and smartphones • Smartphones: long awaited realization of mobile computing • Usage model is very different • Multi-user single machine to single-user multiple machines • Always on, always computing social instrument • Enterprise: separate action from geography • Changing Risk • Necessarily contains secrets (financial, personal) • Collects sensitive data as a matter of operation • Drifts between “ unknown ” environments • Highly malleable development practices, largely unknown developers 4 �

  5. Where are we now ... • We are closing in on a decade of research and use of smartphones. • What questions have we asked and what have we learned? • What questions should we be asking? Promise: the next four dissertations will be …. �

  6. Three questions (2009-2011) … 6 �

  7. What do applications ask for? • Kirin certifies applications by vetting policies at install-time (relies on runtime enforcement ) • Obvious insight: app config and security policy is an upper bound on runtime behavior. • Kirin is a modified application installer • Apps with unsafe policies are rejected Where’s the system policy? � 2009 William Enck, Machigar Ongtang, and Patrick McDaniel. On Lightweight Mobile Phone App Certification. Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS) , pages 235-245, November 2009. 7 �

  8. Studying the (early) Market • Kirin enforces security invariants at install-time • Signatures of “malicious permission sets” restrict ¡permission ¡[ACCESS_FINE_LOCATION, ¡INTERNET] ¡ ¡ approach ¡ ¡ ¡ ¡ ¡and ¡receive ¡ ¡ ¡ ¡[BOOT_COMPLETE] ¡ • Local evaluation of requested permissions, Intent listeners Evaluate 311* popular Market apps (Jan 2009) • 5 had both dangerous configuration / functionality (1.6%) • 5 dangerous configs, but plausable use of permisions (1.6%) 3 apps failed -- (2) An application must � (1) An application must not have the SET_DEBUG_APP permission � (2) An application must not have the PHONE_STATE, RECORD_AUDIO, and INTERNET permissions � not have the PHONE_STATE, RECORD_AUDI (3) An application must not have the PROCESS_OUTGOING_CALL, RECORD_AUDIO, and INTERNET permissions � (4) An application must not have the ACCESS_FINE_LOCATION, INTERNET, and RECEIVE_BOOT_COMPLETE permissions � (5) An application must not have the ACCESS_COARSE_LOCATION, INTERNET, and RECEIVE_BOOT_COMPLETE permissions � O, and INTERNET permissions � (6) An application must not have the RECEIVE_SMS and WRITE_SMS permissions � (7) An application must not have the SEND_SMS and WRITE_SMS permissions � (8) An application must not have the INSTALL_SHORTCUT and UNINSTALL_SHORTCUT permissions � (9) An application must not have the SET_PREFERRED_APPLICATION permission and receive Intents for the CALL action string � 8 �

  9. What do the applications do? • TaintDroid is performs system-wide taint 2010 tracking in the Android platform 1. VM Layer : variable tracking throughout Dalvik VM 2. Native Layer : patches state after native method (JNI) 3. Binder IPC Layer : extends tracking between applications 4. Storage Layer : persistent tracking on files (Firmware mod) � William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth, TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. Communications of the ACM, 57(3), March, 2014. 9 �

  10. Findings • 15 of the 30 applications shared physical location with an ad server (admob.com, ad.qwapi.com, ads.mobclix.com, data.flurry.com) • Not trying hard to hide (e.g., AdMob HTTP GET): ...&s=a14a4a93f1e4c68&..&t=062A1CB1D476DE85 B717D9195A6722A9&d%5Bcoord%5D=47.6612278900 00006%2C-122.31589477&... • 7 applications sent device (IMEI) and 2 apps sent phone info (Ph. #, IMSI, ICC-ID) to a remote server without informing the user. 10 �

  11. What can the applications do? • Static analysis : look at the possible paths 2011 and interaction of data • Very, very hard (often undecidable), but community has learned that we can do a lot with small analyses. • Step 1: decompiler for Android applications (ded) • Step 2: static source code analysis for both dangerous functionality and vulnerabilities The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again. • What data could be exfiltrated from the application? • Are developers safely using interfaces? William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri. A Study of Android Application Security. Proceedings of the 20th USENIX Security Symposium , August 2011. San Francisco, CA. 11 �

  12. Studying Application Security • Decompiled top 1,100 apps from Android market: > 21 MLOC • Queried for security properties using program analysis , followed by manual inspection to understand purpose • Used several types of analysis to design security properties specific to Android using the Fortify SCA framework Analysis for Dangerous Behavior � Analysis for Vulnerabilities � Leaking Information to Logs � Leaking Information to Logs Data flow analysis � Data flow analysis Misuse of Phone Identifiers Misuse of Phone Identifiers � Data flow analysis � Data flow analysis Exposure of Physical Location Exposure of Physical Location � Data flow analysis � Data flow analysis Leaking Information to IPC � Leaking Information to IPC Control flow analysis � Control flow analysis Unprotected Broadcast Unprotected Broadcast Abuse of Telephony Services Abuse of Telephony Services � Semantic analysis � Semantic analysis Control flow analysis � Control flow analysis Receivers � Receivers Eavesdropping on Video Eavesdropping on Video � Control flow analysis � Control flow analysis Intent Injection Vulnerabilities Intent Injection Vulnerabilities � Control flow analysis Control flow analysis � Structural analysis Structural analysis Eavesdropping on Audio � Eavesdropping on Audio Delegation Vulnerabilities � Delegation Vulnerabilities Control flow analysis � Control flow analysis (+CG) (+CG) � Botnet Characteristics Botnet Characteristics Null Checks on IPC Input � Null Checks on IPC Input Control flow analysis � Control flow analysis Structural analysis Structural analysis � (Sockets) (Sockets) � Password Management* Password Management* � Data flow analysis � Data flow analysis Havesting Installed Havesting Installed Structural analysis � Structural analysis Cryptography Misuse* � Cryptography Misuse* Structural analysis Structural analysis � Applications Applications � Injection Vulnerabilities* Injection Vulnerabilities* � Data flow analysis Data flow analysis � 12 �

  13. Phone Identifiers com.avantar.wny - com/avantar/wny/PhoneStats.java � public String toUrlFormatedString() { IMEI � • Analysis pin-pointed 33 apps leaking Phone StringBuilder $r4; if (mURLFormatedParameters == null) IDs { $r4 = new StringBuilder(); $r4.append((new StringBuilder("&uuid=")).append(URLEncoder.encode(mUuid)).toString()); $r4.append((new StringBuilder("&device=")).append(URLEncoder.encode(mModel)).toString()); $r4.append((new StringBuilder("&platform=")).append(URLEncoder.encode(mOSVersion)).toString()); $r4.append((new StringBuilder("&ver=")).append(mAppVersion).toString()); $r4.append((new StringBuilder("&app=")).append(this.getAppName()).toString()); $r4.append("&returnfmt=json"); mURLFormatedParameters = $r4.toString(); } return mURLFormatedParameters; } 13 �

  14. Tracking com.froogloid.kring.google.zxing.client.android - Activity_Router.java (Main Activity) � public void onCreate(Bundle r1) http://kror.keyringapp.com/service.php � { ... IMEI = ((TelephonyManager) this.getSystemService("phone")).getDeviceId(); retailerLookupCmd = (new StringBuilder(String.valueOf(constants.server))).append("identifier=").append(EncodeU RL.KREncodeURL(IMEI)).append("&command=retailerlookup&retailername=").toString(); ... } com.Qunar - net/NetworkTask.java � public void run() http://client.qunar.com:80/QSearch � { ... r24 = (TelephonyManager) r21.getSystemService("phone"); url = (new StringBuilder(String.valueOf(url))).append("&vid=60001001&pid=10010&cid=C1000&uid=").appen d(r24.getDeviceId()).append("&gid=").append(QConfiguration.mGid).append("&msg=").append(QC onfiguration.getInstance().mPCStat.toMsgString()).toString(); ... } 14 �

Recommend

Learning is a never-ending process Tasks come and go, but learning is forever Learn more e ff

Learning is a never-ending process Tasks come and go, but learning is forever Learn more e ff

NeurIPS 2018 Tutorial on Automatic Machine Learning Learning to Learn Learning Learning Learning Learning Learning automl.org/events -> AutoML Tutorial -> Slides Frank Hutter Joaquin Vanschoren Eindhoven University of Technology

1.36k views • 40 slides
What is Action Learning? What is an ALC? 1 What is Action Learning? Learning by doing

What is Action Learning? What is an ALC? 1 What is Action Learning? Learning by doing

What is Action Learning? What is an ALC? 1 What is Action Learning? Learning by doing Process for bringing together a group of people with varied levels of skills and experience (but with influence, passion, etc. to impact an

191 views • 5 slides
Learning From Data Lecture 2 The Perceptron The Learning Setup A Simple Learning Algorithm: PLA

Learning From Data Lecture 2 The Perceptron The Learning Setup A Simple Learning Algorithm: PLA

Learning From Data Lecture 2 The Perceptron The Learning Setup A Simple Learning Algorithm: PLA Other Views of Learning Is Learning Feasible: A Puzzle M. Magdon-Ismail CSCI 4100/6100 recap: The Plan 1. What is Learning? 2. Can We do it?

613 views • 25 slides
4. Learning in MAS 4.1. What is learning? One definition: Bower, Hilgard: Theories of learning,

4. Learning in MAS 4.1. What is learning? One definition: Bower, Hilgard: Theories of learning,

4. Learning in MAS 4.1. What is learning? One definition: Bower, Hilgard: Theories of learning, Prentice-Hall, 1975: Learning refers to the change in a subjects behavior to a given situation brought about by his repeated experiences in

173 views • 15 slides
What are learning outcomes? Learning Outcomes Learning outcomes are statements that specify what

What are learning outcomes? Learning Outcomes Learning outcomes are statements that specify what

What are learning outcomes? Learning Outcomes Learning outcomes are statements that specify what learners will know or be able to Everybody Wins do as a result of a learning FYE 2007 activity. Dr. Carolyn Hopper Middle Tennessee State

344 views • 11 slides
Machine Learning 11 AI Slides (6e) c Lin Zuoquan@PKU 1998-2020 11 1 11 Machine Learning

Machine Learning 11 AI Slides (6e) c Lin Zuoquan@PKU 1998-2020 11 1 11 Machine Learning

Machine Learning 11 AI Slides (6e) c Lin Zuoquan@PKU 1998-2020 11 1 11 Machine Learning 11.1 Learning agents 11.2 Inductive learning 11.3 Deep learning 11.4 Statistical learning 11.5 Reinforcement learning 11.6 Transfer learning

1.7k views • 159 slides
04 FOCUS ON LEARNING STUDENTS REFLECTING ON THEIR LEARNING In this unit we are learning to

04 FOCUS ON LEARNING STUDENTS REFLECTING ON THEIR LEARNING In this unit we are learning to

workshop 04 FOCUS ON LEARNING STUDENTS REFLECTING ON THEIR LEARNING In this unit we are learning to . discuss the role of reflection as an important part of learning identify strategies that will help students to reflect on their

539 views • 14 slides
The JOY of LEARNING Think of a topic you are passionate about Think about your learning

The JOY of LEARNING Think of a topic you are passionate about Think about your learning

The JOY of LEARNING Think of a topic you are passionate about Think about your learning process How much time was spent? How did you practice? To experience research-based learning tools: Focus/Diffuse modes of thinking

1.03k views • 18 slides
Complex learning example: curve fitting t = sin(2 x ) + noise t n t 1 y ( x n , w ) 0 1

Complex learning example: curve fitting t = sin(2 x ) + noise t n t 1 y ( x n , w ) 0 1

Artificial Intelligence: Representation and Problem Solving 15-381 April 10, 2007 Introduction to Learning & Decision Trees Learning and Decision Trees to learning aka: regression What is learning? pattern recognition

462 views • 17 slides
Further thoughts How does e-Learning relate to instruction? How does eLearning change

Further thoughts How does e-Learning relate to instruction? How does eLearning change

Ideas from group What is the difference between learning and training? What is the difference between learning and education? Where does learning take place? Who learns? What is the role of instruction in learning? Further

800 views • 47 slides
Learning Sciences: Impact on Learning Technologies & Learning Activities Phillip D. Long,

Learning Sciences: Impact on Learning Technologies & Learning Activities Phillip D. Long,

Learning Sciences: Impact on Learning Technologies & Learning Activities Phillip D. Long, Ph.D. 12-May, 2015 Narrative Arc ( 5 2) Conclusion: What do we want? Learning learning |lrniNG | noun the acquisition of knowledge or

653 views • 36 slides
The Learning Tree Workshop: The Learning Tree Workshop: Regulating Sensation Series on Learning

The Learning Tree Workshop: The Learning Tree Workshop: Regulating Sensation Series on Learning

The Learning Tree Workshop: The Learning Tree Workshop: Regulating Sensation Series on Learning Differences, Learning Challenges, and Learning Strengths Transcript by Stanley I. Greenspan M.D. Narration by Brian MacDonald Sensory Modulation

453 views • 16 slides
Foundations of AI Why learning works 1 6 . Statistical Machine Learning Bayesian Learning and

Foundations of AI Why learning works 1 6 . Statistical Machine Learning Bayesian Learning and

Contents Statistical learning Foundations of AI Why learning works 1 6 . Statistical Machine Learning Bayesian Learning and Why Learning Works W olfram Burgard, Bernhard Nebel, and Andreas Karw ath 10/ 1 10/ 2 Statistical Learning

305 views • 5 slides
Welcome to Welcome to The Learning Tree Workshop Series on Learning Differences, Learning

Welcome to Welcome to The Learning Tree Workshop Series on Learning Differences, Learning

Welcome to Welcome to The Learning Tree Workshop Series on Learning Differences, Learning Challenges, and Learning Strengths Strengths As a companion to Dr. Greenspans The Learning Tree : g Overcoming Learning Disabilities From the

367 views • 16 slides
Active Learning Passive Learning Active Learning 1. Think 1. Acquisition of knowledge Ability

Active Learning Passive Learning Active Learning 1. Think 1. Acquisition of knowledge Ability

Active Learning Passive Learning Active Learning 1. Think 1. Acquisition of knowledge Ability 2. Decision making 2. Application of knowledge 3. Explain/communicate 1. Deep learning Approach to Uni-directional 2. Interactive Learning

282 views • 5 slides
Traditional Machine Learning: Unsupervised Learning Juhan Nam Traditional Machine Learning

Traditional Machine Learning: Unsupervised Learning Juhan Nam Traditional Machine Learning

GCT634/AI613: Musical Applications of Machine Learning (Fall 2020) Traditional Machine Learning: Unsupervised Learning Juhan Nam Traditional Machine Learning Pipeline in Classification Tasks A set of hand-designed audio features are selected

398 views • 26 slides
1 Why Study Machine Learning? Why Study Machine Learning? Cognitive Science The Time is Ripe

1 Why Study Machine Learning? Why Study Machine Learning? Cognitive Science The Time is Ripe

What is Learning? Herbert Simon: Learning is any process by which a system improves performance from CS 391L: Machine Learning experience. Introduction What is the task? Classification Problem solving / planning /

603 views • 6 slides
Meta Learning Shengchao Liu Background Meta Learning (AKA Learning to Learn) A

Meta Learning Shengchao Liu Background Meta Learning (AKA Learning to Learn) A

Meta Learning Shengchao Liu Background Meta Learning (AKA Learning to Learn) A fast-learning algorithm: quickly adapted from the source tasks to the target tasks Key terminologies Support Set & Query Set C-Way K-Shot

2k views • 41 slides
MACHINE LEARNING, STATISTICAL LEARNING AND PARALLEL COMPUTING INTRODUCTION VS MACHINE LEARNING

MACHINE LEARNING, STATISTICAL LEARNING AND PARALLEL COMPUTING INTRODUCTION VS MACHINE LEARNING

JACOPO DI IORIO, MATTEO FONTANA, DANIELE OCCHIUTO, CLAUDIA VOLPETTI MACHINE LEARNING, STATISTICAL LEARNING AND PARALLEL COMPUTING INTRODUCTION VS MACHINE LEARNING STATISTICAL LEARNING Separate evolutions, but with shared methodologies MERGE

565 views • 55 slides
Improving Integration of Learning in Learning Communities Through the Development of a Shared

Improving Integration of Learning in Learning Communities Through the Development of a Shared

Improving Integration of Learning in Learning Communities Through the Development of a Shared Learning Space Presented by: Emily Richardson richardsone2@queens.edu Director of the Hayworth Center for Online Learning; CATO School of Education

547 views • 15 slides
UNSUPERVISED LEARNING, CLUSTERING UNSUPERVISED LEARNING UNSUPERVISED LEARNING Supervised

UNSUPERVISED LEARNING, CLUSTERING UNSUPERVISED LEARNING UNSUPERVISED LEARNING Supervised

UNSUPERVISED LEARNING, CLUSTERING UNSUPERVISED LEARNING UNSUPERVISED LEARNING Supervised learning: X - y pairs, f(x) function approximation Unsupervised learning: only X, no y Exploring the space of X measurements,

440 views • 14 slides
3. Preference Learning Techniques a. Learning Utility Functions b. Learning Preference

3. Preference Learning Techniques a. Learning Utility Functions b. Learning Preference

AGENDA 1. Preference Learning Tasks 2. Performance Assessment and Loss Functions 3. Preference Learning Techniques a. Learning Utility Functions b. Learning Preference Relations c. Structured Output Prediction d. Model-Based Preference

583 views • 39 slides
Machine Learning: Study of algorithms that improve their performance P at some task T

Machine Learning: Study of algorithms that improve their performance P at some task T

Machine Learning 10-601 Tom M. Mitchell Machine Learning Department Carnegie Mellon University January 12, 2015 Today: Readings: What is machine learning? The Discipline of ML Decision tree learning Mitchell, Chapter 3

872 views • 29 slides
Learning about vs learning to be It's not what you know, It's what you want to learn. How to

Learning about vs learning to be It's not what you know, It's what you want to learn. How to

Learning about vs learning to be It's not what you know, It's what you want to learn. How to get a job 1. study hard 2. Get good grades 3. Make a resume 4. Do research 5. Apply to jobs 6. Get interviewed 7. Get an offer 8. Accept the

422 views • 26 slides

More recommend