DR BACA: dynamic role based access control for Android

Thesis (M.S.)--Boston UniversityAndroid, as an open platform, dominates the booming mobile market. However, its permission mechanism is inflexible and often results in over-privileged applications. This in turn creates severe security issues. Aiming to support the Principle of Least Privilege, we propose a Dynamic Role Based Access Control for Android (DR BACA) model and implement the DR BACA system to address these problems. Our system offers multi-user management on Android mobile devices, comparable to traditional workstations, and provides fine-grained Role Based Access Control (RBAC) to en- hance Android security at both the application and permission level. Moreover, by leveraging context-aware capabilities of mobile devices and Near Field communication (NFC) technology, our solution supports dynamic RBAC that provides more flexible access control while still being able to mitigate some of the most serious security risks on mobile devices. The DR BACA system is highly scalable, suitable for both end- users and large business environments. It simplifies configuration and management of Android devices and can help enterprises to deal with security issues by implementing a uniform security policy. We show that our DR BACA system can be deployed and used with eet:se. With a proper security policy, our evaluation shows that DR BACA can effectively mitigate the security risks posed by both malicious and vulnerable non-malicious applications while incurring only a small overall system overhead

QUIRE: Lightweight Provenance for Smart Phone Operating Systems

Smartphone applications(apps) often run with full privileges to access the network and sensitive local resources, making it difficult for remote systems to have any trust in the provenance of network connections they receive. Even within the phone, different apps with different privileges can communicate with one another, allowing one app to trick another into improperly exercising its privileges (a confused deputy attack). This thesis presents two new security mechanisms built into the Android operating system to address these issues. First, the call chain of all interprocess communications are tracked, allowing an app the choice of operating with the diminished privileges of its callers or to act explicitly on its own behalf. Additionally, a lightweight signature scheme allows any app to create a signed statement that can be verified anywhere inside the phone. Both of these mechanisms are reflected in network RPCs, allowing remote endpoints visibility into the state of the phone when an RPC is made

MuTent: Dynamic Android Intent Protection with Ownership-Based Key Distribution and Security Contracts

Intents are the plain-text based message object used for ICC by the Android framework. Hence the framework essentially lacks an inbuilt security mechanism to protect the visibility, accessibility, and integrity of Intent\u27s data that facilitates adversaries to intercept or manipulate the data. In this work, we investigate the Intent protection mechanism and propose a security-enhanced Intent library MuTent that allows Android apps to securely exchange sensitive data during ICC. Differently from the existing mechanism, MuTent provides accessibility and visibility of Intent data by validating the receiver\u27s capability and provides integrity by using encryption and the Arc security contract code. Especially, ICC is initiated by exchanging MuTent and follows a novel ownership-based key distribution model, that restricts the malware apps without permission from deciphering data. Through the evaluation, we show that MuTent can improve the security for popular Android apps with minimal performance overheads, demonstrated using F-Droid apps

Man-machine partial program analysis for malware detection

With the meteoric rise in popularity of the Android platform, there is an urgent need to combat the accompanying proliferation of malware. Existing work addresses the area of consumer malware detection, but cannot detect novel, sophisticated, domain-specific malware that is targeted specifically at one aspect of an organization (eg. ground operations of the US Military). Adversaries can exploit domain knowledge to camoflauge malice within the legitimate behaviors of an app and behind a domain-specific trigger, rendering traditional approaches such as signature-matching, machine learning, and dynamic monitoring ineffective. Manual code inspections are also inadequate, scaling poorly and introducing human error. Yet, there is a dire need to detect this kind of malware before it causes catastrophic loss of life and property. This dissertation presents the Security Toolbox, our novel solution for this challenging new problem posed by DARPA\u27s Automated Program Analysis for Cybersecurity (APAC) program. We employ a human-in-the-loop approach to amplify the natural intelligence of our analysts. Our automation detects interesting program behaviors and exposes them in an analysis Dashboard, allowing the analyst to brainstorm flaw hypotheses and ask new questions, which in turn can be answered by our automated analysis primitives. The Security Toolbox is built on top of Atlas, a novel program analysis platform made by EnSoft. Atlas uses a graph-based mathematical abstraction of software to produce a unified property multigraph, exposes a powerful API for writing analyzers using graph traversals, and provides both automated and interactive capabilities to facilitate program comprehension. The Security Toolbox is also powered by FlowMiner, a novel solution to mine fine-grained, compact data flow summaries of Java libraries. FlowMiner allows the Security Toolbox to complete a scalable and accurate partial program analysis of an application without including all of the libraries that it uses (eg. Android). This dissertation presents the Security Toolbox, Atlas, and FlowMiner. We provide empirical evidence of the effectiveness of the Security Toolbox for detecting novel, sophisticated, domain-specific Android malware, demonstrating that our approach outperforms other cutting-edge research tools and state-of-the-art commercial programs in both time and accuracy metrics. We also evaluate the effectiveness of Atlas as a program analysis platform and FlowMiner as a library summary tool

Securing the Home Energy Management Platform

Energy management in households gets increasingly more attention in the struggle to integrate more sustainable energy sources. Especially in the electrical system, smart grid systems are envisioned to be part in the efforts towards a better utilisation of the energy production and distribution infrastructure. The Home Energy Management System (HEMS) is a critical infrastructure component in this endeavour. Its main goal is to enable energy services utilising smart devices in the households based on the interest of the residential consumers and external actors. With the role of being both an essential link in the communication infrastructure for balancing the electrical grid and a surveillance unit in private homes, security and privacy become essential to address. In this chapter, we identify and address potential threats Home Energy Management Platform (HEMP) developers should consider in the progress of designing architecture, selecting hardware and building software. Our approach starts with a general view of the involved stakeholders and the HEMS. Given the system overview, a threat model is constructed from the HEMP developer\u27s point of view. Based on the threats that have been detected, possible mitigation strategies are proposed taking into account the state of the art of technology for securing platforms

Chapter Securing the Home Energy Management Platform

Recently, many efforts have been done to chemically functionalize sensors surface to achieve selectivity towards diagnostics targets, such as DNA, RNA fragments and protein tumoural biomarkers, through the surface immobilization of the related specific receptor. Especially, some kind of sensors such as microcantilevers (gravimetric sensors) and one-dimensional photonics crystals (optical sensors) able to couple Bloch surface waves are very sensitive. Thus, any kind of surface modifications devoted to functionalize them has to be finely controlled in terms of mass and optical characteristics, such as refractive index, to minimize the perturbation, on the transduced signal, that can affect the response sensitivity towards the detected target species

Healthy Home

Master of ScienceDepartment of Computing and Information SciencesMitchell L. NeilsenEvery home has the challenge of matching its grocery to family member’s demands. How well the home maker manages this challenge has a major impact on the food wastage and money spent on buying those. Any typical family with 4 people will spend at least $1500 per month for the groceries and the same family waste around$1000 worth of food in a year. These families don’t know the overall environmental impact of food waste which is piling up in landfills. From the survey done by Environmental Protection Agency, this food waste accounts for 20% of landfill waste.  Healthy Home(HH) Android application helps the user to get the re-order point of the groceries based on the quantity remaining. The user will input the entire grocery list which he/she has purchased and the daily quantity consumed. The application will take this as the input and give the recommendation of what to cook and how many calories that give to your body. It can distinguish and let you know by what time the food should be consumed based on the Best by date or whether it is Perishable/Non-perishable. This application will recommend you the ROP (Reorder Point) and SS (Safety Stock) which any household has to carry based on the DDLT (Demand During the Lead Time). We are using the Supply Chain Industry standard formula to calculate the SS (Safety Stock) and ROP (Reorder Point). ROP = DDLT+ SS *SS = 2 Days’ worth of Food (Defaulting) Instead of going with the Industry standard formula. The user is provided with the database which consists of the standard grocery list with their calories information. The user is also provided with the standard cuisines (recipes) information in place which helps us in building the recommendation systems used to suggest recipes for users

Design and implementation of applications over delay tolerant networks for disaster and battlefield environment

In disaster/battlefield applications, there may not be any centralized network that provides a mechanism for different nodes to connect with each other to share important data. In such cases, we can take advantage of an opportunistic network involving a substantial number of mobile devices that can communicate with each other using Bluetooth and Google Nearby Connections API(it uses Bluetooth, Bluetooth Low Energy (BLE), and Wi-Fi hotspots) when they are close to each other. These devices referred to as nodes form a Delay Tolerant Network (DTN), also known as an opportunistic network. As suggested by its name, DTN can tolerate delays and significant loss of data while forwarding a message from source to destination using store and forward paradigm. In DTN, it is of critical importance that the network is not completely flooded and also the message is not tampered or corrupted and readable only to the destined node. Three algorithms have been implemented in the Android platform. The first algorithm [1] focuses on intelligent data transfer based on each node\u27s interest and encourages each node to participate in data transfer by providing incentives and keeping track of the trustworthiness of each node. The second algorithm [2] focuses on the security of the transferred data by fragmenting both data- and key-shares with some redundancy and the destination node can resurrect the original data from the predefined minimum key- and data-shares. The third algorithm focusses on using object detection models and interest-based authorization using [3] to securely transfer and access data across DTN. The corrupted nodes are identified by using one-way keychain hashes created by source/relay nodes for a message which are validated at the destination node --Abstract, page iii