17 research outputs found
Understanding and Improving Security of the Android Operating System
Successful realization of practical computer security improvements requires an understanding and insight into the system\u27s security architecture, combined with a consideration of end-users\u27 needs as well as the system\u27s design tenets. In the case of Android, a system with an open, modular architecture that emphasizes usability and performance, acquiring this knowledge and insight can be particularly challenging for several reasons. In spite of Android\u27s open source philosophy, the system is extremely large and complex, documentation and reference materials are scarce, and the code base is rapidly evolving with new features and fixes. To make matters worse, the vast majority of Android devices in use do not run the open source code, but rather proprietary versions that have been heavily customized by vendors for product differentiation.
Proposing security improvements or making customizations without sufficient insight into the system typically leads to less-practical, less-efficient, or even vulnerable results. Point solutions to specific problems risk leaving other similar problems in the distributed security architecture unsolved. Far-reaching general-purpose approaches may further complicate an already complex system, and force end-users to endure significant performance and usability degradations regardless of their specific security and privacy needs. In the case of vendor customization, uninformed changes can introduce access control inconsistencies and new vulnerabilities. Hence, the lack of methodologies and resources available for gaining insight about Android security is hindering the development of practical security solutions, sound vendor customizations, and end-user awareness of the proprietary devices they are using.
Addressing this deficiency is the subject of this dissertation. New approaches for analyzing, evaluating and understanding Android access controls are introduced and used to create an interactive database for use by security researchers as well as system designers and end-user product evaluators. Case studies using the new techniques are described, with results uncovering problems in Android\u27s multiuser framework and vendor-customized System Services. Finally, the new insights are used to develop and implement a novel virtualization-based security architecture that protects sensitive resources while preserving Android\u27s open architecture and expected levels of performance and usability
e-SAFE: Secure, Efficient and Forensics-Enabled Access to Implantable Medical Devices
To facilitate monitoring and management, modern Implantable Medical Devices
(IMDs) are often equipped with wireless capabilities, which raise the risk of
malicious access to IMDs. Although schemes are proposed to secure the IMD
access, some issues are still open. First, pre-sharing a long-term key between
a patient's IMD and a doctor's programmer is vulnerable since once the doctor's
programmer is compromised, all of her patients suffer; establishing a temporary
key by leveraging proximity gets rid of pre-shared keys, but as the approach
lacks real authentication, it can be exploited by nearby adversaries or through
man-in-the-middle attacks. Second, while prolonging the lifetime of IMDs is one
of the most important design goals, few schemes explore to lower the
communication and computation overhead all at once. Finally, how to safely
record the commands issued by doctors for the purpose of forensics, which can
be the last measure to protect the patients' rights, is commonly omitted in the
existing literature. Motivated by these important yet open problems, we propose
an innovative scheme e-SAFE, which significantly improves security and safety,
reduces the communication overhead and enables IMD-access forensics. We present
a novel lightweight compressive sensing based encryption algorithm to encrypt
and compress the IMD data simultaneously, reducing the data transmission
overhead by over 50% while ensuring high data confidentiality and usability.
Furthermore, we provide a suite of protocols regarding device pairing,
dual-factor authentication, and accountability-enabled access. The security
analysis and performance evaluation show the validity and efficiency of the
proposed scheme
Instructions-Based Detection of Sophisticated Obfuscation and Packing
Every day thousands of malware are released online. The vast majority of these malware employ some kind of obfuscation ranging from simple XOR encryption, to more sophisticated anti-analysis, packing and encryption techniques. Dynamic analysis methods can unpack the file and reveal its hidden code. However, these methods are very time consuming when compared to static analysis. Moreover, considering the large amount of new malware being produced daily, it is not practical to solely depend on dynamic analysis methods. Therefore, finding an effective way to filter the samples and delegate only obfuscated and suspicious ones to more rigorous tests would significantly improve the overall scanning process. Current techniques of identifying obfuscation rely mainly on signatures of known packers, file entropy score, or anomalies in file header. However, these features are not only easily bypass-able, but also do not cover all types of obfuscation. In this paper, we introduce a novel approach to identify obfuscated files based on anomalies in their instructions-based characteristics. We detect the presence of interleaving instructions which are the result of the opaque predicate anti-disassembly trick, and present distinguishing statistical properties based on the opcodes and control flow graphs of obfuscated files. Our detection system combines these features with other file structural features and leads to a very good result of detecting obfuscated malware
Fault Coverage Measurement Technique for Analog Circuits
This report describes an effort to develop a technique for measuring the amount of fault detection coverage that an analog test pattern has for a particular analog device. The technique is based on a software tool which statistically analyzes data from a circuit simulator. One example of a fault simulation experiment is presented, and some of the results are discussed. Finally, some ideas for future work in this area are given
PINPOINT: Efficient and Effective Resource Isolation for Mobile Security and Privacy
Virtualization is frequently used to isolate untrusted processes and control their access to sensitive resources. However, isolation usually carries a price in terms of less resource sharing and reduced inter-process communication. In an open architecture such as Android, this price and its impact on performance, usability, and transparency must be carefully considered. Although previous efforts in developing general-purpose isolation solutions have shown that some of these negative sideeffects can be mitigated, doing so involves overcoming significant design challenges by incorporating numerous additional platform complexities not directly related to improved security. Thus, the general purpose solutions become inefficient and burdensome if the end-user has only specific security goals.
In this paper, we present PINPOINT, a resource isolation strategy that forgoes general-purpose solutions in favor of a “building block” approach that addresses specific end-user security goals. PINPOINT embodies the concept of Linux Namespace lightweight isolation, but does so in the Android Framework by guiding the security designer towards isolation points that are contextually close to the resource(s) that need to be isolated. This strategy allows the rest of the Framework to function fully as intended, transparently. We demonstrate our strategy with a case study on Android System Services, and show four applications of PINPOINTed system services functioning with unmodified market apps. Our evaluation results show that practical security and privacy advantages can be gained using our approach, without inducing the problematic side-effects that other general-purpose designs must address
A Systematic Security Evaluation of Android's Multi-User Framework
Like many desktop operating systems in the 1990s, Android is now in the
process of including support for multi-user scenarios. Because these scenarios
introduce new threats to the system, we should have an understanding of how
well the system design addresses them. Since the security implications of
multi-user support are truly pervasive, we developed a systematic approach to
studying the system and identifying problems. Unlike other approaches that
focus on specific attacks or threat models, ours systematically identifies
critical places where access controls are not present or do not properly
identify the subject and object of a decision. Finding these places gives us
insight into hypothetical attacks that could result, and allows us to design
specific experiments to test our hypothesis.
Following an overview of the new features and their implementation, we
describe our methodology, present a partial list of our most interesting
hypotheses, and describe the experiments we used to test them. Our findings
indicate that the current system only partially addresses the new threats,
leaving the door open to a number of significant vulnerabilities and privacy
issues. Our findings span a spectrum of root causes, from simple oversights,
all the way to major system design problems. We conclude that there is still a
long way to go before the system can be used in anything more than the most
casual of sharing environments.Comment: In Proceedings of the Third Workshop on Mobile Security Technologies
(MoST) 2014 (http://arxiv.org/abs/1410.6674
Providing Physical Layer Security for IoTs in the Last Mile
Communication security is one of the top security challenges for connected devices. Different from other links such as backhaul, the last mile technology also depends on the requirements of end users. Wireless technologies are generally selected for the mobility of users and ease of use. However, wireless medium has an open nature and thus wireless links are more prone to physical layer attacks compared to their wired counterparts. Moreover, simple end devices have constrained resources in both hardware and software, and it is not always feasible to apply conventional cryptographic approaches to provide security. We turn to chaos theory to provide security for simple devices at physical layer. The FM-DCSK and FM-CSK transmission system are built and implemented in the proposed secure communication system. The information message is embedded in wideband random-like signals, making the message remain covert. Transmission security is achieved by using the initial conditions and spreading factor as keys. To guard against active attacks, procedures for dynamic adjustment of initial conditions and other parameters are proposed. The scheme\u27s cost effective features include the simplicity of communication setup and the low power consumption in generating and controlling the chaos signal. The sensitivity to initial condition and complex dynamic feature of chaotic function make it a promising approach for physical layer security