Mobile System Security

lcsmith With the increasing adoption of Android devices, the security threats in Android are also increasing. Privacy leaks have caught users’ attentions. Various security vulnerabilities (such as privilege escalation, capability leaks, permission re-delegation, component hijacking, content leaks and pollution, etc.) allow the attackers to compromise the vulnerable apps and even the Android device.  Malicious apps are also increasing. We propose both dynamic and static analysis techniques to tackle these problems.

lcsmithPapers of Mobile System Security

[1] Lok-Kwong Yan and Heng Yin. DroidScope: Seamlessly reconstructing os and dalvik semantic views for dynamic android malware analysis. In Proceedings of the 21st USENIX Security Symposium, August 2012. [ bib | .pdf ]
Abstract:The prevalence of mobile platforms, the large market share of Android, plus the openness of the Android Market makes it a hot target for malware attacks. Once a malware sample has been identified, it is critical to quickly reveal its malicious intent and inner workings. In this paper we present DroidScope, an Android analysis platform that continues the tradition of virtualization-based malware analysis. Unlike current desktop malware analysis platforms, DroidScope reconstructs both the OS-level and Java-level semantics simultaneously and seam-lessly. To facilitate custom analysis, DroidScope exports three tiered APIs that mirror the three levels of an Android device:hardware, OS and Dalvik Virtual Machine. On top of DroidScope, we further developed several analysis tools to collect detailed native and Dalvik instruction traces, profile API-level activity, and track information leakage through both the Java and native components using taint analysis. These tools have proven to be effective in analyzing real world malware samples and incur reasonably low performance overheads.
[2] Tongbo Luo, Hao Hao, Wenliang Du, Yifei Wang, and Heng Yin. Attacks on webview in the android system. In Proceedings of the 27th Annual Computer Security Application Conference (ACSAC’11), December 2011. [ bib | .pdf ]
Abstract:WebView is an essential component in both Android and iOS platforms, enabling smartphone and tablet apps to embed a simple but powerful browser inside them. To achieve a better interaction between apps and their embedded “browsers”, WebView provides a number of APIs, allowing code in apps to invoke and be invoked by the JavaScript code within the web pages, intercept their events, and modify those events. Using these features, apps can become customized “browsers” for their intended web applications. Currently, in the Android market, 86 percent of the top 20 most downloaded apps in 10 diverse categories use WebView. The design of WebView changes the landscape of the Web, especially from the security perspective. Two essential pieces of the Web’s security infrastructure are weakened if WebView and its APIs are used: the Trusted Computing Base(TCB) at the client side, and the sandbox protection implemented by browsers. As results, many attacks can be launched either against apps or by them. The objective of this paper is to present these attacks, analyze their fundamental causes, and discuss potential solutions.

Mobile System Security

<-To be continued…->