android declassification infrastructure
DESCRIPTION
Android Declassification Infrastructure. Matan David Yuval Evron Project Advisor: Roei Schuster. A Short Reminder…. Android’s built-in permissions are very coarse grained. We aim to provide a better solution at the application level (without having to change the OS). - PowerPoint PPT PresentationTRANSCRIPT
1
Android Declassification Infrastructure
Matan DavidYuval Evron
Project Advisor: Roei Schuster
2
A Short Reminder…
• Android’s built-in permissions are very coarse grained.• We aim to provide a better solution at the application level
(without having to change the OS).• Security is of the essence.
3
A Short Reminder…
• We introduced a new permission mechanism – “A Declassifier”.• The Declassifier would request high permission levels, while exporting lower, finer grained, permissions to third parties.
5
BroadcastReceiver
• Utilizes Android’s permissions mechanism.• Filters incoming intents by caller permissions. (i.e. Does this app have sufficient permissions?)• Enables a callback mechanism which allows
sending back the answer privately.• Each 3rd party app creates its own
BroadcastReceiver to handle the returned result.
6
BroadcastReceiver – A Closer Look
• Upon installation, our Declassifier requests all of the Native OS permissions it plans on using.
• In the Manifest, the Declassifier creates custom permissions that the 3rd party apps will need to use.
Declassifier
PHONE_STATE_READ_SIM_SERIAL_NUMBER_PERMISSION
PHONE_STATE_READ_SUBSCRIBER_ID_PERMISSION
PHONE_STATE_READ_DEVICE_ID_PERMISSION
PHONE_STATE_READ_PHONE_TYPE_PERMISSION
PHONE_STATE_READ_CALL_STATE_PERMISSION APPOS READ_PHONE_STATE
7
BroadcastReceiver – A Closer Look
• Upon installation, the 3rd party app requests only the permissions it needs from the Declassifier (It never asks for a Native OS permission).
8
BroadcastReceiver – A Closer Look
• The app sends a BroadcastReceiver request, with all the information encapsulated inside an Intent.
Intent i = new Intent("com.example.Declassifier.CALENDAR_EVENT_BY_TITLE_ACTION"); i.putExtra("Title",titleNameStr);
• One of the parameters the app supplies in the request, is a custom BroadcastReceiver which will handle the Declassifier’s result (The Callback mechanism).
9
BroadcastReceiver – A Closer Look
Calendar_App_GetEventByTitle_BR eventByTitleReceiver = new Calendar_App_GetEventByTitle_BR(); sendOrderedBroadcast(i,"android.permission.READ_CALENDAR", eventByTitleReceiver, null, Activity.RESULT_OK, null, null);
• At this stage, the Declassifier filters out requests which to not satisfy the relevant permissions.
• In a similar way, the 3rd party app filters out returned results from unauthorized sources.
• With this model, we ensure that Intents reach the designated destination and make their way back securely.
10
Where We Are Today
• Contacts• Calendar• SD Card• Phone State
11
Contacts
1. Contact phone by Name.2. Contact address by Name.3. Contact e-mail address by Name.4. Contact picture by Name.
• Queries are interchangeable (you can search for contact name by phone number as well).
12
Calendar
1. Calendar Event by Title2. Calendar Event by Date3. Calendar Event by Location
• Some queries may produce several results. i.e. entering “June” as a date will present all event in the month of June.
13
SD Card Management
1. Each application gets its own folder using its unique UID.
2. Writing and Reading is limited to this folder only, using the Declassifier’s interface.
• Now no application is granted the WRITE_EXTERNAL_STORAGE permission and thus, can not manipulate the information on the SD Card.
14
Phone State
• READ_PHONE_STATE permission may seem a bit vague to the average user.• It actually grants access to many of the phone’s settings (IMEI, IMSI, Cellular data connection state, Call state, Sim serial number, etc.).•Our Declassifier subdivides the READ_PHONE_STATE permission to sub permissions.
15
Stay Tuned….• Audio Record Requests – We found that when granted
RECORD_AUDIO permission, audio recording is possible at any time without any user consent.
• Wifi – The ACCESS_WIFI_STATE permission grants the app the ability to know the wireless connection’s current state, to connect to a Wi-Fi network, etc.
These permissions present a security risk, as well as a coarse permission granularity as to how applications may use the Wi-Fi / Audio devices on the Android Phone.
16
Phone State Demo
17
Phone State Demo
18
Phone State Demo
19
Phone State Demo
20
Phone State Demo
21
Phone State Demo
22
Phone State Demo