Detection externalisée de vulnerabilités pour la plateforme Android à l'aide du langage OVAL

National audienceNous proposons dans ce rapport une approche novatrice pour analyser les systèmes Android et détecter leurs vulnérabilités de façon légère. Cette approche regroupe les principales composantes du processus d'analyse sous forme de service externalisé que les clients mobiles peuvent ensuite exploiter à l'aide d'un agent minimal. Le langage OVAL est utilisé comme support pour la description et l'analyse de vulnérabilités. En configurant la fréquence des analyses et le pourcentage de vulnérabilités à traiter au cours de chacune d'entre elles, l'approche proposée permet de limiter l'allocation de ressources côté client et de transférer les différents traitements sur des serveurs distants. La stratégie employée consiste à partager et distribuer les analyses à travers le temps pour réduire significativement l'activité sur les systèmes mobiles, tout en assurant un traitement de la totalité des vulnérabilités connues dans un laps de temps fini. De cette méthodologie résulte un processus d'analyse orienté cloud plus léger et plus rapide, pouvant limiter de façon significative la consommation de ressources et d'énergie côté client

A Probabilistic Cost-efficient Approach for Mobile Security Assessment

International audienceThe development of mobile technologies and services has contributed to the large-scale deployment of smartphones and tablets. These environments are exposed to a wide range of security attacks and may contain critical information about users such as contact directories and phone calls. Assessing configuration vulnerabilities is a key challenge for maintaining their security, but this activity should be performed in a lightweight manner in order to minimize the impact on their scarce resources. In this paper we present a novel approach for assessing configuration vulnerabilities in mobile devices by using a probabilistic cost-efficient security framework. We put forward a probabilistic assessment strategy supported by a mathematical model and detail our assessment framework based on OVAL vulnerability descriptions. We also describe an implementation prototype and evaluate its feasibility through a comprehensive set of experiments

Behavioral and Dynamic Security Functions Chaining For Android Devices

Abstract-We present an approach for dynamically outsourcing and composing security functions for mobile devices, according to the network behavior of their running applications. Applications are characterized from a network point of view using data mining and clustering techniques with the aim to select their appropriate security functions. Software-defined networking mechanisms are employed to chain the selected functions and to redirect mobile apps traffic through the resulting security compositions. Those ones can be fully outsourced or split between incloud and on-device. Both a prototype and extensive simulations demonstrate the feasibility of the approach and assess its benefits

Behavioral and Dynamic Security Functions Chaining For Android Devices

International audience—We present an approach for dynamically outsourc-ing and composing security functions for mobile devices, according to the network behavior of their running applications. Applications are characterized from a network point of view using data mining and clustering techniques with the aim to select their appropriate security functions. Software-defined networking mechanisms are employed to chain the selected functions and to redirect mobile apps traffic through the resulting security compositions. Those ones can be fully outsourced or split between in-cloud and on-device. Both a prototype and extensive simulations demonstrate the feasibility of the approach and assess its benefits

Analysis and Evaluation of OpenFlow Message Usage for Security Applications

Part 3: Security Attacks and DefensesInternational audienceWith the advances in cloud computing and virtualization technologies, Software-Defined Networking (SDN) has become a fertile ground for building network applications regarding management and security using the OpenFlow protocol giving access to the forwarding plane. This paper presents an analysis and evaluation of OpenFlow message usage for supporting network security applications. After describing the considered security attacks, we present mitigation and defence strategies that are currently used in SDN environments to tackle them. We then analyze the dependencies of these mechanisms to OpenFlow messages that support their instantiation. Finally, we conduct series of experiments on software and hardware OpenFlow switches in order to validate our analysis and quantify the limits of current security mechanisms with different OpenFlow implementations

Increasing Android Security using a Lightweight OVAL-based Vulnerability Assessment Framework

International audienceMobile computing devices and the services offered by them are utilized by millions of users on a daily basis. However, they operate in hostile environments getting exposed to a wide variety of threats. Accordingly, vulnerability management mechanisms are highly required. We present in this paper a novel approach for increasing the security of mobile devices by efficiently detecting vulnerable configurations. In that context, we propose a modeling for performing vulnerability assessment activities as well as an OVAL-based distributed framework for ensuring safe configurations within the Android platform. We also describe an implementation prototype and evaluate its performance through an extensive set of experiments

Towards Cloud-Based Compositions of Security Functions For Mobile Devices

International audienceIn order to prevent attacks against smartphones and tablets, dedicated security applications can be deployed on the mobile devices themselves. However, these applications may have a significant impact on the device resources. Users may be tempted to uninstall or disable them with the objective of increasing battery lifetime and avoiding configuration operations and updates. In this paper, we propose a new approach for outsourcing mobile security functions and building transparent in-path security compositions for mobile devices. The outsourced functions are dynamically activated, configured and composed using software-defined networking and virtualization capabilities. We present a mathematical model to formalize the security com-positions, and describe the functional architecture. We provide an implementation prototype and evaluate the solution through an extensive set of experiments

Outsourcing Mobile Security in the Cloud

International audienceIn order to prevent attacks against smartphones and tablets, dedicated security applications are deployed on the mobile devices them-selves. However, these applications may have a significant impact on the device resources. Users may be tempted to uninstall or disable them with the objective of increasing battery lifetime and avoiding configuration operations and updates. In this paper, we propose a new approach for outsourcing mobile security functions as cloud-based services. The out-sourced functions are dynamically activated, configured and composed using software-defined networking and virtualization capabilities. We de-tail also preliminary results and point out future research efforts

Ovaldroid: an OVAL-based Vulnerability Assessment Framework for Android

Mobile computing devices and the services offered by them are utilized by millions of users on a daily basis. However, they operate in hostile environments getting exposed to a wide variety of threats. Accordingly, vulnerability management mechanisms are highly required. We present in this demo a novel approach for increasing the security of mobile devices by efficiently detecting vulnerable configurations. In that context, we propose Ovaldroid, an OVAL-based distributed framework for ensuring safe configurations within the Android platform and we present an implementation prototype developed to this end