Dynamic Security Policy Enforcement on Android

Tato práce navrhuje systém pro dynamické vynucování přístupových práv pro platformu Android. Každá podezřelá aplikace může být zabezpečena tímto systémem tak, že je znemožněn únik citlivých dat mimo zařízení. Systém zachycuje systémová volání s použitím Aurasium framework, a přidává nový přístup sledování informačních toků z citlivých zdrojů s použitím systému značkování tak, aby nepotřeboval administrátorská práva. V práci bylo navrženo sledování dat na úrovni souborů a obsahu souborů, a vynucování bezpečnostní politiky vycházející z technologie Android binder.This work proposes the system for dynamic enforcement of access rights on Android. Each suspicious application can be repackaged by this system, so that the access to selected private data is restricted for the outer world. The system intercepts the system calls using Aurasium framework and adds an innovative approach of tracking the information flows from the privacy-sensitive sources using tainting mechanism without need of administrator rights. There has been designed file-level and data-level taint propagation and policy enforcement based on Android binder.

Protecting Commodity Operating Systems through Strong Kernel Isolation

Today’s operating systems are large, complex, and plagued with vulnerabilities that allow perpetrators to exploit them for profit. The constant rise in the number of software weaknesses, coupled with the sophistication of modern adversaries, make the need for effective and adaptive defenses more critical than ever. In this dissertation, we develop a set of novel protection mechanisms, and introduce new concepts and techniques to secure commodity operating systems against attacks that exploit vulnerabilities in kernel code. Modern OSes opt for a shared process/kernel model to minimize the overhead of operations that cross protection domains. However, this design choice provides a unique vantage point to local attackers, as it allows them to control—both in terms of permissions and contents—part of the memory that is accessible by the kernel, easily circumventing protections like kernel-space ASLR and WˆX. Attacks that leverage the weak separation between user and kernel space, characterized as return-to-user (ret2usr) attacks, have been the de facto kernel exploitation technique in virtually every major OS, while they are not limited to the x86 platform, but have also targeted ARM and others. Given the multi-OS and cross-architecture nature of ret2usr threats, we propose kGuard: a kernel protection mechanism, realized as a cross-platform compiler extension, which can safeguard any 32- or 64-bit OS kernel from ret2usr attacks. kGuard enforces strong address space segregation by instrumenting exploitable control transfers with dynamic Control- Flow Assertions (CFAs). CFAs, a new confinement (inline monitoring) concept that we introduce, act as guards that prevent the unconstrained transition of privileged execution paths to user space. To thwart attacks against itself, kGuard also incorporates two novel code diversification techniques: code inflation and CFA motion. Both countermeasures randomize the location of the inline guards, creating a moving target for an attacker that tries to pinpoint their exact placement to evade kGuard. Evaluation results indicate that kGuard provides comprehensive ret2usr protection with negligible overhead (∼1%). Furthermore, we expose a set of additional kernel design practices that trade stronger isolation for performance, all of which can be harnessed to deconstruct kernel isolation. To demonstrate the significance of the problem, we introduce a new kernel exploitation technique, dubbed return-to-direct-mapped memory (ret2dir), which relies on inherent properties of the memory management (sub)system of modern OSes to bypass every ret2usr defense to date. To illustrate the effectiveness of ret2dir, we outline a principled methodology for constructing reliable exploits against hardened targets. We further apply it on real-world kernel exploits for x86, x86-64, and ARM Linux, transforming them into ret2dir-equivalents that bypass deployed ret2usr protections, like Intel SMEP and ARM PXN. Finally, we introduce the concept of eXclusive Page Frame Ownership (XPFO): a memory management approach that prevents the implicit sharing of page frames among user processes and the kernel, ensuring that user-controlled content can no longer be injected into kernel space using ret2dir. We built XPFO on Linux and implemented a set of optimizations, related to TLB handling and page frame content sanitization, to minimize its performance penalty. Evaluation results show that our proposed defense offers effective protection against ret2dir attacks with low runtime overhead (<3%)

Европейский и национальный контексты в научных исследованиях

В настоящем электронном сборнике «Европейский и национальный контексты в научных исследованиях. Технология» представлены работы молодых ученых по геодезии и картографии, химической технологии и машиностроению, информационным технологиям, строительству и радиотехнике. Предназначены для работников образования, науки и производства. Будут полезны студентам, магистрантам и аспирантам университетов.=In this Electronic collected materials “National and European dimension in research. Technology” works in the fields of geodesy, chemical technology, mechanical engineering, information technology, civil engineering, and radio-engineering are presented. It is intended for trainers, researchers and professionals. It can be useful for university graduate and post-graduate students

Fundamental Approaches to Software Engineering

computer software maintenance; computer software selection and evaluation; formal logic; formal methods; formal specification; programming languages; semantics; software engineering; specifications; verificatio

Platform rules : a case study of Samsung’s failure in the smartphone platform industry

By investigating Samsung’s platform strategies, organizational culture and control mechanisms in the Android ecosystem, this research provides a balanced view on the global smartphone platform industry. In addition, this dissertation provides both empirical evidence and critical explanations by exploring the challenges of global leading manufacturer Samsung, especially Samsung’s Media Solution Center (hereinafter, MSC) which was in charge of software and platform services of the company. In the literature review and methodology chapter, this study reviews 1) how successful platform providers actually control other platform participants, 2) how they develop platform ecosystems and extend their businesses, 3) how a fast follower strategy which is considered a typical strategy of Samsung Electronics affects business performance, and 4) how cultural elements of organizations affect the performance of a company, especially an ICT firm. This research poses three research questions: RQ 1: How did Samsung’s platform strategies such as the fast follower strategy affect MSC’s platform services? RQ 2: How did the platform governance and control mechanisms in the global smartphone industry influence Samsung’s platform services? And RQ 3: How did the organizational culture of Samsung and MSC influence Samsung’s platform businesses? The research relies on interviews with 25 platform experts who once designed and worked on platform services such as Samsung Apps or Bada in Samsung’s MSC. This study basically explores business experiences of Samsung’s MSC whose challenges were not successful. Since Samsung’s attempts to control a platform failed, this research is in part a study of failure. In this it deviates from the typical study that pays much attention to the winner’s position or experience rather than that of a loser. Based on the interview data, this research provides significant findings. First, Samsung’s strategy of being the fastest follower generated positive network effects for the Google Play Store instead of Samsung’s platforms. Second, Google tightly controlled its competitors’ platform services in diverse (somewhat unfair) ways in order to maintain its dominance. Lastly, Samsung’s hierarchical and micromanaging organizational culture exerted negative influence on MSC’s platform services.Radio-Television-Fil

Web-sovelluksen asiakaspuolen muistinkulutuksen hallinta

Today web browsers are used more and more as application runtime environment in addition to their use and origins as document viewers. At the same time web application’s architecture is undergoing changes. For instance functionality is being moved from the backend into the client, following the so-called Thick client architecture. Currently it is quite easy to create client side web applications that do not manage their memory allocations. There has not been large focus in client side application’s memory usage for various reasons. However, currently client side web applications are widely being built and some of these applications are expected to be run for extended periods. Longevity of the application requires application’s succesful memory management. From the performance point of view it is also beneficial that the application manages its memory succesfully. The client-side behaviour of the application is developed with JavaScript, which has automatically managed memory allocations. However, like all abstractions, automatically managed memory is a leaky abstraction to an undecidable problem. In this thesis we aim at finding out what it takes to create client side applications that succesfully manage their memory allocations. We will take a look at the tools available for investigating memory issues during application development. We also developed a memory diagnostics module, in order to be able to diagnose application instance’s memory usage during its use. The diagnostics module developed during this thesis was used succesfully to monitor application’s memory usage over time. With the use of the data provided by the diagnostics module, we were able to identify memory issues from our demo application. However, currently the Web platform does not enable the creation of cross-browser standard relying solution for diagnosing web application’s memory usage

Understanding and assessing security on Android via static code analysis

Smart devices have become a rich source of sensitive information including personal data (contacts and account data) and context information like GPS data that is continuously aggregated by onboard sensors. As a consequence, mobile platforms have become a prime target for malicious and over-curious applications. The growing complexity and the quickly rising number of mobile apps have further reinforced the demand for comprehensive application security vetting. This dissertation presents a line of work that advances security testing on Android via static code analysis. In the first part of this dissertation, we build an analysis framework that statically models the complex runtime behavior of apps and Android’s application framework (on which apps are built upon) to extract privacy and security-relevant data-flows. We provide the first classification of Android’s protected resources within the framework and generate precise API-to-permission mappings that excel over prior work. We then propose a third-party library detector for apps that is resilient against common code obfuscations to measure the outdatedness of libraries in apps and to attribute vulnerabilities to the correct software component. Based on these results, we identify root causes of app developers not updating their dependencies and propose actionable items to remedy the current status quo. Finally, we measure to which extent libraries can be updated automatically without modifying the application code.Smart Devices haben sich zu Quellen persönlicher Daten (z.B. Kontaktdaten) und Kontextinformationen (z.B. GPS Daten), die kontinuierlich über Sensoren gesammelt werden, entwickelt. Aufgrund dessen sind mobile Platformen ein attraktives Ziel für Schadsoftware geworden. Die stetig steigende App Komplexität und Anzahl verfügbarer Apps haben zusätzlich ein Bedürfnis für gründliche Sicherheitsüberprüfungen von Applikationen geschaffen. Diese Dissertation präsentiert eine Reihe von Forschungsarbeiten, die Sicherheitsbewertungen auf Android durch statische Code Analyse ermöglicht. Zunächst wurde ein Analyseframework gebaut, dass das komplexe Laufzeitverhalten von Apps und Android’s Applikationsframework (dessen Funktionalität Apps nutzen) statisch modelliert, um sicherheitsrelevante Datenflüsse zu extrahieren. Zudem ermöglicht diese Arbeit eine Klassifizierung geschützter Framework Funktionalität und das Generieren präziser Mappings von APIs-auf-Berechtigungen. Eine Folgearbeit stellt eine obfuskierungs-resistente Technik zur Erkennung von Softwarekomponenten innerhalb der App vor, um die Aktualität der Komponenten und, im Falle von Sicherheitlücken, den Urheber zu identifizieren. Darauf aufbauend wurde Ursachenforschung betrieben, um herauszufinden wieso App Entwickler Komponenten nicht aktualisieren und wie man diese Situation verbessern könnte. Abschließend wurde untersucht bis zu welchem Grad man veraltete Komponenten innerhalb der App automatisch aktualisieren kann

Internet of Things From Hype to Reality

The Internet of Things (IoT) has gained significant mindshare, let alone attention, in academia and the industry especially over the past few years. The reasons behind this interest are the potential capabilities that IoT promises to offer. On the personal level, it paints a picture of a future world where all the things in our ambient environment are connected to the Internet and seamlessly communicate with each other to operate intelligently. The ultimate goal is to enable objects around us to efficiently sense our surroundings, inexpensively communicate, and ultimately create a better environment for us: one where everyday objects act based on what we need and like without explicit instructions