Claudio Marforio
ABSTRACT
Modern smartphones that implement permission-based security mechanisms suffer from attacks by colluding applications. Users are not made aware of possible implications of application collusion attacks---quite the contrary---on existing platforms, users are implicitly led to believe that by approving the installation of each application independently, they can limit the damage that an application can cause.
We implement and analyze a number of covert and overt communication channels that enable applications to collude and therefore indirectly escalate their permissions. Furthermore, we present and implement a covert channel between an installed application and a web page loaded in the system browser. We measure the throughput of all these channels as well as their bit-error rate and required synchronization for successful data transmission. The measured throughput of covert channels ranges from 3.7 bps to 3.27 kbps on a Nexus One phone and from 0.47 bps to 4.22 kbps on a Samsung Galaxy S phone; such throughputs are sufficient to efficiently exchange users' sensitive information (e.g., GPS coordinates or contacts). We test two popular research tools that track information flow or detect communication channels on mobile platforms, and confirm that even if they detect some channels, they still do not detect all the channels and therefore fail to fully prevent application collusion. Attacks using covert communication channels remain, therefore, a real threat to smartphone security and an open problem for the research community.
- J. Anderson, J. Bonneau, and F. Stajano. Inglorious Installers: Security in the Application Marketplace. In Workshop on the Economics of Information Security, WEIS '10, 2010.Google Scholar
- D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji. A methodology for empirical analysis of permission-based security models and its application to Android. In Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS '10, pages 73--84, New York, NY, USA, 2010. ACM. Google ScholarDigital Library
- S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A.-R. Sadeghi. XManDroid: A new Android evolution to mitigate privilege escalation attacks. Technical Report TR-2011-04, Technische Universität Darmstadt, April 2011.Google Scholar
- S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry. Towards taming privilege-escalation attacks on Android. In Proceedings of the 19th Annual Network and Distributed System Security Symposium, NDSS '12, February 2012.Google Scholar
- J. Burns. Developing secure mobile applications for Android. https://www.isecpartners.com/files/iSEC_Securing_Android_Apps.pdf (accessed October 2012), 2008.Google Scholar
- L. Cavallaro, P. Saxena, and R. Sekar. On the limits of information flow techniques for malware analysis and containment. In Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA '08, pages 143--163, Berlin, Heidelberg, 2008. Springer-Verlag. Google ScholarDigital Library
- A. Chaudhuri. Language-based security on Android. In Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, PLAS '09, pages 1--7, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy. Privilege escalation attacks on Android. In Proceedings of the 13th International Conference on Information Security, ISC'10, pages 346--360, Berlin, Heidelberg, 2011. Springer-Verlag. Google ScholarDigital Library
- D. E. Denning and P. J. Denning. Data security. ACM Comput. Surv., 11(3): 227--249, Sept. 1979. Google ScholarDigital Library
- W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI'10, pages 1--6, Berkeley, CA, USA, 2010. USENIX Association. Google ScholarDigital Library
- W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification. In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS '09, pages 235--245, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- C. G. Girling. Covert Channels in LAN's. IEEE Transactions on Software Engineering, 13(2): 292--296, 1987. Google ScholarDigital Library
- V. Gligor. A guide to understanding covert channel analysis of trusted systems, version 1 (light pink book). NCSC-TG-030, Library No. S-240, 572, November 1993. National Computer Security Center, TCSEC Rainbow Series Library.Google Scholar
- Google. Android OS (up to version 2.3.7). http://developer.android.com/.Google Scholar
- GRSecurity. The GRSecurity project. http://grsecurity.net/features.php.Google Scholar
- T. Harada, T. Horie, and K. Tanaka. Task oriented management obviates your onus on linux (TOMOYO Linux). Linux Conference, 2004.Google Scholar
- W.-M. Hu. Reducing timing channels with fuzzy time. In Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy, pages 8--20, May 1991.Google ScholarCross Ref
- B. W. Lampson. A note on the confinement problem. Commun. ACM, 16(10): 613--615, Oct. 1973. Google ScholarDigital Library
- A. M. Lineberry. These aren't the permissions you're looking for. BlackHat USA, August 2010.Google Scholar
- S. B. Lipner. A comment on the confinement problem. In Proceedings of the 5th ACM Symposium on Operating Systems Principles, SOSP '75, pages 192--196, New York, NY, USA, 1975. ACM. Google ScholarDigital Library
- Microsoft. Security for Windows Phone 7. http://msdn.microsoft.com/en-us/library/ff402533%28v=VS.92%29.aspx (accessed October 2012).Google Scholar
- S. K. Nair, P. N. D. Simpson, B. Crispo, and A. S. Tanenbaum. A virtual machine based information flow control system for policy enforcement. Electron. Notes Theor. Comput. Sci., 197(1): 3--16, Feb. 2008. Google ScholarDigital Library
- Nokia. Symbian OS. http://symbian.nokia.com.Google Scholar
- J. Oberheide. Android Hax. SummerCon 2010, June 2010. http://jon.oberheide.org/files/summercon10-androidhax-jonoberheide.pdf (accessed October 2012).Google Scholar
- J. Oberheide and F. Jahanian. When mobile is harder than fixed (and vice versa): demystifying security challenges in mobile environments. In Proceedings of the 11th Workshop on Mobile Computing Systems and Applications, HotMobile '10, pages 43--48, New York, NY, USA, 2010. ACM. Google ScholarDigital Library
- M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel. Semantically rich application-centric security in Android. In Proceedings of the 25th Annual Computer Security Applications Conference, ACSAC '09, pages 340--349, dec. 2009. Google ScholarDigital Library
- F. A. Petitcolas, R. J. Anderson, and M. G. Kuhn. Information hiding-a survey. Proceedings of the IEEE, 87(7): 1062--1078, July 1999.Google ScholarCross Ref
- G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos. Paranoid Android: versatile protection for smartphones. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC '10, pages 347--356, New York, NY, USA, 2010. ACM. Google ScholarDigital Library
- R. Schlegel, K. Zhang, X. Zhou, M. Intwala, A. Kapadia, and X. Wang. Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones. In Proceedings of the 18th Annual Network and Distributed System Security Symposium, NDSS '11, pages 17--33, Feb. 2011.Google Scholar
- A. B. Shaffer, M. Auguston, C. E. Irvine, and T. E. Levin. A security domain model to assess software for exploitable covert channels. In Proceedings of the 3rd ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, PLAS '08, pages 45--56, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- S. Smalley, NSA, and Trust Mechanisms (R2X). SEAndroid. http://selinuxproject.org/page/SEAndroid (accessed October 2012).Google Scholar
- The Lookout Blog. Lookout's privacy advisor protects your private information. http://blog.mylookout.com/2010/11/lookout%E2%80%99s-privacy-advisor-protects-your-private-information/ (accessed October 2012).Google Scholar
- M. Tiwari, J. K. Oberg, X. Li, J. Valamehr, T. Levin, B. Hardekopf, R. Kastner, F. T. Chong, and T. Sherwood. Crafting a usable microkernel, processor, and I/O system with strict and provable information flow security. In Proceedings of the 38th Annual International Symposium on Computer Architecture, ISCA '11, pages 189--200, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- C.-R. Tsai, V. D. Gligor, and C. S. Shandersekaran. On the identification of covert storage channels in secure systems. IEEE Transactions on Software Engineering, 16: 569--580, June 1990. Google ScholarDigital Library
- T. Vennon and D. Stroop. Threat analysis of the Android market. Technical report, GTC, June 2010. Smobile systems technical report, Available at http://threatcenter.smobilesystems.com/wp-content/uploads/2010/06/Android-Market-Threat-Analysis-6-22-10-v1.pdf (accessed October 2012).Google Scholar
- Z. Wang and R. B. Lee. Covert and side channels due to processor architecture. In Proceedings of the 22nd Annual Computer Security Applications Conference, ACSAC '06, pages 473--482, dec. 2006. Google ScholarDigital Library
Index Terms
- Analysis of the communication between colluding applications on modern smartphones
Recommendations
Towards end-user development of REST client applications on smartphones
HTML5 can be used to develop client applications by composing REST web services within the context of Web 2.0. However, the possibility of implementing cross-platform smartphone applications with REST services needs to be studied. Accordingly, we ...
Security analysis of modern mission critical android mobile applications
ACSW '17: Proceedings of the Australasian Computer Science Week MulticonferenceMobile devices have become an indispensable component of our daily life. New applications published by developers help users to do their daily activities easier and faster. As the market leader of mobile OS, Android provides numerous applications in ...
Comments