A Policy Enforcement Framework for Android - Kanwal Rekhi fileIntroductionLiterature...

Introduction Literature Survey Polork Conclusion

A Policy Enforcement Framework for Android

Kaustubh Keskar(10305909)

Guided by: Prof. D. B. Phatak

Department of Computer Science and EngineeringIndian Institute of Technology, Bombay

Mumbai

June 23, 2013


Outline

1 Introduction

2 Literature Survey

3 Polork

4 Conclusion


A Policy Enforcement Framework

Deals with users’ security and privacy concerns by allowingthem to define policy rules

Goals

To restrict the usage of resourcesTo mitigate malwareTo prevent privilege escalation attackIn general, to provide fine-grained access control

Users of the system: End-user or trusted third party or both

Context-aware policies

Based on environmental or system attributes like time,location, battery, etc.


Problem Statement

Goal

To have control over devices, regarding which apps can belaunched (depending upon environmental attributes)

What do we need?

A Policy Enforcement Framework

What will it do?

Monitor apps which are being launched

What action will it take?

Enforce the policies against apps

Allow or Deny (kill) those apps


Motivation

A policy enforcement framework for Aakash tablet

No apps during quiz/exam timeLimited set of apps during school-timeDifferent set of apps for different subjects/coursesParental control (at home)

Context Attributes (for context-aware policies)

Battery virtualization: Battery consumption information perprocess


Outline

1 Introduction

2 Literature Survey

3 Polork

4 Conclusion


Kirin [8]

Framework to mitigate malware (Protect phone from apps)

Provides protection by comparing security policies againstpermissions and action strings defined in app’s manifest file

User has 2 options:Reject the application (Abort installation)Override the result (Continue installation)

Figure: Kirin [8]


Kirin [8]

Install-time enforcement

Parameters considered for policy

Permission labelsIntents (Action strings)

Examples:

An application must not have PHONE STATE ,RECORD AUDIO, and INTERNET permission labels.

An application must not have theSET PREFERRED APPLICATION permission label andreceive Intents for the CALL action string.


Saint [10]

Framework to protect apps from other apps

Install-time enforcement: Controls permission assignment

Runtime enforcement: Governs communication accessbetween components

Figure: Saint [10]


Saint [10]

Example:

(com.xyz .abc) (com.xyz .loc)

required − permission(ACCESS FINE LOCATION)

(access) (com.test.pqr , any , GET LOC ) (any , any)

forbid − permissions(INTERNET )

expose: Callee’s requirements specified by caller (source)access: Caller’s requirements specified by callee (target)


Outline

1 Introduction

2 Literature Survey

3 Polork

4 Conclusion


Polork

Polork: Policy Enforcement Framework

Implemented as an Android app

Policies are defined remotely and Polork can download themautomatically

Context-aware policies are supported

Time, Location

Has support for disabling (freezing) the apps [2], [1]


Attributes

Tag Explanation

Name Name of the policy.

ValidFrom,ValidTill

Between this time range, a policy is consideredas valid.

Priority The lower the assigned value, higher is the pri-ority of the policy.

SeqNumber A secondary attribute used to decide priority ofthe policy.

Cmd Whether to allow launching of an applicationdepends upon value assigned to ‘Cmd’.

Table: Policy Tags


Attributes

Tag Explanation

Context Contains logical expression (using &&, ‖, !) of all thecontext attributes defined in the policy. A policy isconsidered as valid (or applicable) if the context eval-uates to true. Otherwise, next policy is considered.

CA-Time Defined as “<From-time>, <To-time>”. Time at-tribute evaluates to true, if the current (system) timeis within this time range.

CA-Location

Defined as “<Latitude>, <Longitude>, <Range>”.If the current location is within the range of specifiedlocation, then its value is considered as true.

Pkg Specifies a package name.

Table: Policy Tags


Commands

Figure: ALLOW

ALLOW P1, P2, P3, P4 (and do nothing else)


Commands

Figure: DENY

DENY P1, P2, P3, P4 (and do nothing else)


Commands

System-wide impact

Figure: ALLOW EXCEPT

ALLOW EXCEPT P1, P2, P3, P4= DENY P1, P2, P3, P4 + ALLOW remaining packages


Commands

System-wide impact

Figure: DENY EXCEPT

DENY EXCEPT P1, P2, P3, P4= ALLOW P1, P2, P3, P4 + DENY remaining packages


Commands

System-wide impact

Figure: ALLOW ALL

ALLOW ALL = ALLOW all packages


Commands

System-wide impact

Figure: DENY ALL

DENY ALL = DENY all packages


Example

Allow all packages except Elixir (com.bartat.android.elixir) andTemple Run (com.imangi.templerun) from 15:00hrs to 19:00hrs

Figure: Example of Policy


Policy Enforcement - Algorithm

Figure: isAccessAllowed(pkgName)



Figure: getValidPolicyForPkg(pkgName), getValidSpecialPolicy()



Figure: isPolicyValid()

Figure: isContextValid()


Context Attributes

Battery Level

Allow app YouTube, if battery level is more than 50%

Battery Consumption per App

Block app VLC Player, if battery consumed by that app ismore than 10%

Application Foreground Time

Block app Angry Birds, if its foreground time is more than 75minutes

Data Usage

Allow app Firefox, if data usage is less than 20MB


Outline

1 Introduction

2 Literature Survey

3 Polork

4 Conclusion


Conclusion

Conclusion:

Implemented first-of-a-kind policy framework which monitorsapps being launched and enforces policies accordingly.

Schools, employers can use it to have control over the devices.

Future Work:

Integration of Context Attributes in Polork

Adding Support for Resource Level Policies

Creating an User Interface to Define Policies

Implementing Polork as a System Service


References I

Bloat Freezer - Root for Android.

http://www.bloatfreezer.com/, 2013.[Online; accessed on 15-Jun-2013].

FAQ - Link2SD.

http://www.link2sd.info/faq, 2013.[Online; accessed on 15-Jun-2013].

Guangdong Bai, Liang Gu, Tao Feng, Yao Guo, and Xiangqun Chen.

Context-Aware Usage Control for Android.In Security and Privacy in Communication Networks, volume 50 of Lecture Notes of the Institute forComputer Sciences, Social Informatics and Telecommunications Engineering, pages 326–343. SpringerBerlin Heidelberg, 2010.

Hammad Banuri, Masoom Alam, Shahryar Khan, Jawad Manzoor, Bahar Ali, Yasar Khan, Mohsin Yaseen,

Mir Tahir, Tamleek Ali, Quratulain Alam, and Xinwen Zhang.An Android runtime security policy enforcement framework.Personal and Ubiquitous Computing, 16:631–641, 2012.10.1007/s00779-011-0437-6.

Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, and Ahmad-Reza Sadeghi.

XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks.Technical Report TR-2011-04, Technische Universitat Darmstadt, Apr 2011.

Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Ahmad-Reza Sadeghi, and Bhargava

Shastry.Practical and lightweight domain isolation on Android.In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, SPSM’11, pages 51–62, New York, NY, USA, 2011. ACM.

http://www.bloatfreezer.com/

http://www.link2sd.info/faq


References II

Mauro Conti, Vu Thien Nga Nguyen, and Bruno Crispo.

CRePE: context-related policy enforcement for android.In Proceedings of the 13th international conference on Information security, ISC’10, pages 331–345, Berlin,Heidelberg, 2011. Springer-Verlag.

William Enck, Machigar Ongtang, and Patrick McDaniel.

On lightweight mobile phone application certification.In Proceedings of the 16th ACM conference on Computer and communications security, CCS ’09, pages235–245, New York, NY, USA, 2009. ACM.

Mohammad Nauman, Sohail Khan, and Xinwen Zhang.

Apex: extending Android permission model and enforcement with user-defined runtime constraints.In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security,ASIACCS ’10, pages 328–332, New York, NY, USA, 2010. ACM.

Machigar Ongtang, Stephen McLaughlin, William Enck, and Patrick McDaniel.

Semantically Rich Application-Centric Security in Android.In Proceedings of the 2009 Annual Computer Security Applications Conference, ACSAC ’09, pages 340–349,Washington, DC, USA, 2009. IEEE Computer Society.

G. Russello, B. Crispo, E. Fernandes, and Y. Zhauniarovich.

YAASE: Yet Another Android Security Extension.In Privacy, security, risk and trust (passat), 2011 ieee third international conference on and 2011 ieee thirdinternational conference on social computing (socialcom), pages 1033 –1040, Oct 2011.

Literature Survey

Outline

5 Literature Survey

Literature Survey

Policy Frameworks

Framework Explanation

Kirin [8] Lightweight certification of apps at install-time

Saint [10] Allows developer to define (context-aware) fine-grained policies

Apex [9] Selectively grant permissions to apps; Impose run-time constraints on usage of resources

CRePE [7] Can define fine-grained context-related security pol-icy; Contexts are activated based on context at-tributes

XManDroid[5]

Monitors communication links between apps and ver-ifies them against security rules

Table: Policy Frameworks

Literature Survey

Policy Frameworks

Framework Explanation

TrustDroid[6]

Domain isolation by preventing interdomain applica-tion communication and data access

ConUCON[3]

Can define fine-grained context-aware security policy;Context is activated based on context attributes

YAASE [11] Performs data tagging and tracking to control thedata flow through applications

SEAF [4] Helps to identify potentially dangerous behavior ofapplications

Table: Policy Frameworks

Date post:	26-Aug-2019
Category:	Documents
Upload:	truongkien
View:	215 times
Download:	0 times

A Policy Enforcement Framework for Android - Kanwal Rekhi fileIntroductionLiterature...

Documents