android declassification infrastructure
DESCRIPTION
Android Declassification Infrastructure. Matan David Yuval Evron Project Advisor: Roei Schuster. A Short Reminder…. Android’s built-in permissions are very coarse grained. We aim to provide a better solution at the application level (without having to change the OS). - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/1.jpg)
1
Android Declassification Infrastructure
Matan DavidYuval Evron
Project Advisor: Roei Schuster
![Page 2: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/2.jpg)
2
A Short Reminder…
• Android’s built-in permissions are very coarse grained.• We aim to provide a better solution at the application level
(without having to change the OS).• Security is of the essence.
![Page 3: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/3.jpg)
3
A Short Reminder…
• We introduced a new permission mechanism – “A Declassifier”.• The Declassifier would request high permission levels, while exporting lower, finer grained, permissions to third parties.
![Page 4: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/4.jpg)
5
BroadcastReceiver
• Utilizes Android’s permissions mechanism.• Filters incoming intents by caller permissions. (i.e. Does this app have sufficient permissions?)• Enables a callback mechanism which allows
sending back the answer privately.• Each 3rd party app creates its own
BroadcastReceiver to handle the returned result.
![Page 5: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/5.jpg)
6
BroadcastReceiver – A Closer Look
• Upon installation, our Declassifier requests all of the Native OS permissions it plans on using.
• In the Manifest, the Declassifier creates custom permissions that the 3rd party apps will need to use.
Declassifier
PHONE_STATE_READ_SIM_SERIAL_NUMBER_PERMISSION
PHONE_STATE_READ_SUBSCRIBER_ID_PERMISSION
PHONE_STATE_READ_DEVICE_ID_PERMISSION
PHONE_STATE_READ_PHONE_TYPE_PERMISSION
PHONE_STATE_READ_CALL_STATE_PERMISSION APPOS READ_PHONE_STATE
![Page 6: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/6.jpg)
7
BroadcastReceiver – A Closer Look
• Upon installation, the 3rd party app requests only the permissions it needs from the Declassifier (It never asks for a Native OS permission).
![Page 7: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/7.jpg)
8
BroadcastReceiver – A Closer Look
• The app sends a BroadcastReceiver request, with all the information encapsulated inside an Intent.
Intent i = new Intent("com.example.Declassifier.CALENDAR_EVENT_BY_TITLE_ACTION"); i.putExtra("Title",titleNameStr);
• One of the parameters the app supplies in the request, is a custom BroadcastReceiver which will handle the Declassifier’s result (The Callback mechanism).
![Page 8: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/8.jpg)
9
BroadcastReceiver – A Closer Look
Calendar_App_GetEventByTitle_BR eventByTitleReceiver = new Calendar_App_GetEventByTitle_BR(); sendOrderedBroadcast(i,"android.permission.READ_CALENDAR", eventByTitleReceiver, null, Activity.RESULT_OK, null, null);
• At this stage, the Declassifier filters out requests which to not satisfy the relevant permissions.
• In a similar way, the 3rd party app filters out returned results from unauthorized sources.
• With this model, we ensure that Intents reach the designated destination and make their way back securely.
![Page 9: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/9.jpg)
10
Where We Are Today
• Contacts• Calendar• SD Card• Phone State
![Page 10: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/10.jpg)
11
Contacts
1. Contact phone by Name.2. Contact address by Name.3. Contact e-mail address by Name.4. Contact picture by Name.
• Queries are interchangeable (you can search for contact name by phone number as well).
![Page 11: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/11.jpg)
12
Calendar
1. Calendar Event by Title2. Calendar Event by Date3. Calendar Event by Location
• Some queries may produce several results. i.e. entering “June” as a date will present all event in the month of June.
![Page 12: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/12.jpg)
13
SD Card Management
1. Each application gets its own folder using its unique UID.
2. Writing and Reading is limited to this folder only, using the Declassifier’s interface.
• Now no application is granted the WRITE_EXTERNAL_STORAGE permission and thus, can not manipulate the information on the SD Card.
![Page 13: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/13.jpg)
14
Phone State
• READ_PHONE_STATE permission may seem a bit vague to the average user.• It actually grants access to many of the phone’s settings (IMEI, IMSI, Cellular data connection state, Call state, Sim serial number, etc.).•Our Declassifier subdivides the READ_PHONE_STATE permission to sub permissions.
![Page 14: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/14.jpg)
15
Stay Tuned….• Audio Record Requests – We found that when granted
RECORD_AUDIO permission, audio recording is possible at any time without any user consent.
• Wifi – The ACCESS_WIFI_STATE permission grants the app the ability to know the wireless connection’s current state, to connect to a Wi-Fi network, etc.
These permissions present a security risk, as well as a coarse permission granularity as to how applications may use the Wi-Fi / Audio devices on the Android Phone.
![Page 15: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/15.jpg)
16
Phone State Demo
![Page 16: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/16.jpg)
17
Phone State Demo
![Page 17: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/17.jpg)
18
Phone State Demo
![Page 18: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/18.jpg)
19
Phone State Demo
![Page 19: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/19.jpg)
20
Phone State Demo
![Page 20: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/20.jpg)
21
Phone State Demo
![Page 21: Android Declassification Infrastructure](https://reader035.vdocuments.site/reader035/viewer/2022070423/568166af550346895ddaa98e/html5/thumbnails/21.jpg)
22
Phone State Demo