Browsing by Author "Wallach, Dan Seth"

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    An Historical Analysis of SE Android Policy
    (2018-05-29) Im, Bumjin; Wallach, Dan Seth
    Android adopted SELinux’s mandatory access control mechanisms in 2013, and since then billions of Android devices are now benefiting from MAC security policies, enforced in the OS kernel. Initially, Android took a gentle approach, with a large number of resources “unconfined”, but the policies are now quite detailed and comprehensive. This paper presents a historical analysis of the MAC security policies enforced by Android, based on years of Git commits in the Android Open Source Project (AOSP). We quantify the complexity of how these policies have evolved over time. In particular, SELinux allows for policies to be expressed as macros, where one policy “rule” may apply to a large number of system objects. We can similarly measure how many rules touch a given system object. Both measures have been creeping steadily upward over the years, suggesting that these measures are a good proxy for “complexity”; reducing this complexity should be a long-term Android engineering goal. We additionally discuss specific hallmarks in Android history, such as the “Stagefright” vulnerability in Android’s media facilities, and the rollout of time-of-use vs. time-of-install permission checks, pointing out how these hallmarks led to changes in the MAC policies.
  • Thumbnail Image
    Item
    Identifying and Mitigating Misuse of Secrets in Android with Dynamic Analysis Techniques
    (2019-11-22) Lee, Jaeho; Wallach, Dan Seth
    Mobile phones have been completely changing the way people think and behave, making our lives convenient. At the same time, this accelerated growth has brought with it unprecedented new threats related to user privacy. A myriad of apps in Android phones are handling various user data. However, each app developer has the principle responsibility to protect them because the Android framework lacks direct support for them. This is not good news, because developers have varying levels of secure coding practice, and the resulting apps may inadvertently misuse of sensitive data of users. In this thesis, I will present my studies with various Android apps and the Android framework to understand the misuse of secrets in the mobile environment. To assist my work, I have used various analysis techniques and developed a dynamic analysis framework to perform systematic analyses of Android apps. This dissertation describes approaches and tools I have developed, my findings on how sensitive data is misused, and mitigation to address found security problems. Our research has had a significant practical impact and helped to mitigate the misuse of secrets in the mobile ecosystem. Specifically, I designed a memory analysis framework that provides physical and logical memory dumping, along with a high degree of automation of experiments. We have discovered that Android keeps TLS master secret live in memory for an unnecessarily long period of time, posing a threat to all Android applications built on standard HTTPS libraries. I found modest changes to Android codebase could mitigate these issues, and reported to Google. Also, our comprehensive analysis of variety of apps revealed that user passwords can survive in a variety of locations for an extended period of time, including UI widgets where users enter their passwords, apps that retain passwords rather than exchange them for tokens, old copies not yet reused by garbage collectors, keyboard apps, password management apps, and even the lockscreen system service. I have developed solutions that fix these problems and assist apps to follow more secure practices. Lastly, I will present FlowPass, an efficient and informative dynamic taint tracking system that I developed. FlowPass found 13 previously unknown security bugs in popular apps that have each been installed more than one million times. I have reported these misuses to the app vendors, and most have fixed the bugs shortly afterward.