SlideShare una empresa de Scribd logo

Android sandbox

Descargar como PPTX, PDF
Anusha Chavan
Anusha Chavan
Tecnología
1 de 18
Presented by ANUSHA TUKE
Contents  Introduction  Android  Sandbox  Static software analysis vs. sandboxing  Android application sandbox  System call diagrams  Static &dynamic analysis of AASandbox.  Experiments  Conclusion  References. 2
Introduction • Emerging trend : Smart phones - computational power , sensors & communication • Threat :Malware attacks • Anti virus: block virus, worms & Trojan horses. • Behavioural detection: signatures. • Generate signatures: Analysis of significant & meaningful patterns • Sandbox: execution of suspicious binaries in an isolated environment. E.g CWSandbox . 3
ANDROID  An operating system for mobile device  Based on the Linux kernel  Developed by Google and later the Open Handset Alliance (OHA).  Allows writing managed code in the Java language 4
What is Sandbox?  a sandbox is a "sealed" container, which allows un- trusted programs to have executed within the sandbox. 5
Static Software Analysis vs. Sandboxing Static analysis Sandboxing  Forensic techniques:  Applications are run in an isolated  decompilation,decryption,patter environment(sandbox). n matching.  Policy to stop system to prevent  Filtering binaries by malicious potential damage. patterns, called signatures.  Monitoring & recording system.  Fast & relatively simple.  User space sandbox.  Code pattern has to be known in  Kernal space sandbox. advance. 6
Android Application Sandbox for suspicious software detection  Located in kernal space since access to critical part of OS is realized.  System call hijacking  Monitor system & library calls.  Android uses a modified Linux basis to host a Java-based middleware running the user applications.  Calls are monitored on lowest level possible. 7
Read() system call from user space. 8
Hijacked read() system call. 9
Features  Loadable kernal module(LKM) is placed in Android emulator environment.  LKM intended to hijack all available system calls.  Two step analysis of android applications  Kernal space sandbox.  Fast static pre-check  Aasandbox takes android application archive which is packaged in *.apk file as input.  Java virtual machine-Dalvik. 10
Static analysis of AASandbox  APK scanned for special patterns eg. Runtime.Exec()  Decompression- zip file.  AndroidManifest.xml- descriptions, security permissions.  Classes.dex- complete bytecode.  Res/- layout, language etc.  Decompilation  Classes.dex-bytecode which is converted to Baksmali-human readable format, easily parsable pseudocode.  Pattern search:  Java native interface,System.getRuntime().exec(..),ser vices & IPC provision,android permission. 11
Dynamic analysis of Android applications.  App installed in android emulator.  User inputs –”Android Monkey” tool generates pseudo random streams of user events. Prepare & start Install Install APK & Obtain emulator AASandbox start monkey system call logs • Mobile device • LKM(policy) emulator • ADB • Process killed • Inserted by • 500 generated • AVD closed • AVD (android ADB(android virtual events. device)configuratio debugging bridge). n 12
Experiments as examples  Ex application- self written fork bomb it uses Runtime.Exec() to start external binary program.  App is started & analysis is done.  Static analysis –REPORTS/ForkBomb.apk/  Subdirectories like unzipped/ & disasm/  The log file output after static analysis. 13
Dynamic analysis of code  Dynmic analysis  Android emulator starts installed via adb install ForkBomb.apk  Android monkey is started via adb shell monkey –p $ACTIVITY –vv – throttle 1000 500.  Output of emulator will be logged into LOGS/ForksBomb.apk-s2.log as shown format 14
Experimental analysis  Information is now possible to create a system call histogram as shown  Analysis is done through the official android market representing the Upto 150 applictions.. top 150 popular application.  Current status, malware characteristics & behaviour known from other platform ,e.g. Symbian OS are analysed in sandbox. 15
Conclusion  Android emulator can be used to run android applications in isolated environment.  The pre-check functionality that analyses indicate usage of malicious pattern in source code.  In dynamic analysis, system calls are traced & corresponding reports are logged. 16
REFERENCES  [1] M. Becher, F. Freiling, and B. Leider. On the effort to create smartphone worms in windows mobile. In Information Assurance and Security Workshop, 2007. IAW ’07. IEEESMC, pages 199–206, 20-22 June 2007.  [2] Bundesamt f¨ur Sicherheit in der Informationstechnik. Mobile endger¨ate und mobile applikationen: Sicherheitsgef¨ahrdungen und schutzmassnahmen, 2006.  [3] W. Enck, M. Ongtang, and P. McDaniel. Understanding android security. IEEE Security and Privacy, 7(1):50–57, 2009.  [4] S. Forrest, S. Hofmeyr, and A. Somayaji. The evolution of system-call monitoring. In ACSAC ’08: Proceedings of the 2008 Annual Computer Security Applications Conference,pages 418–430. IEEE Computer Society, 2008.  [5] A. Rubini. Kernel system calls. http://www.ar.linux.it/docs/ksys/ksys.html. [Online; accessed 01-March-2010]. 17
Android sandbox

Recomendados

Burp Suite Starter
Burp Suite StarterBurp Suite Starter
Burp Suite Starter
Fadi Abdulwahab
 
Malware Analysis - x86 Disassembly
Malware Analysis - x86 DisassemblyMalware Analysis - x86 Disassembly
Malware Analysis - x86 Disassembly
Natraj G
 
CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management
Sam Bowne
 
DNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededDNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification needed
Frans Rosén
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019
Michel Schudel
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
Nikhil Mashruwala
 
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Ajin Abraham
 
Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic Analysis
David Sweigert
 

Recomendados

Burp Suite Starter
Burp Suite StarterBurp Suite Starter
Burp Suite Starter
Fadi Abdulwahab
 
Malware Analysis - x86 Disassembly
Malware Analysis - x86 DisassemblyMalware Analysis - x86 Disassembly
Malware Analysis - x86 Disassembly
Natraj G
 
CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management
Sam Bowne
 
DNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededDNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification needed
Frans Rosén
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019
Michel Schudel
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
Nikhil Mashruwala
 
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Ajin Abraham
 
Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic Analysis
David Sweigert
 
cyber forensics
cyber forensicscyber forensics
cyber forensics
Ambuj Kumar
 
BugBounty Tips.pdf
BugBounty Tips.pdfBugBounty Tips.pdf
BugBounty Tips.pdf
KhaledMohamed767546
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Oldsun
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
Marco Balduzzi
 
CSRF Basics
CSRF BasicsCSRF Basics
CSRF Basics
n|u - The Open Security Community
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication Overview
Jim Fenton
 
Qr codes
Qr codesQr codes
Qr codes
Ronan Dunne, CEH, SSCP
 
JavaScript for Hackers.pdf
JavaScript for Hackers.pdfJavaScript for Hackers.pdf
JavaScript for Hackers.pdf
slideshareadmin2
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
n|u - The Open Security Community
 
9: OllyDbg
9: OllyDbg9: OllyDbg
9: OllyDbg
Sam Bowne
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
vishnuv43
 
CORS and (in)security
CORS and (in)securityCORS and (in)security
CORS and (in)security
n|u - The Open Security Community
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic Presentation
MD. SHORIFUL ISLAM
 
iOS Architecture
iOS ArchitectureiOS Architecture
iOS Architecture
Jacky Lian
 
HTTP Security Headers
HTTP Security HeadersHTTP Security Headers
HTTP Security Headers
Ismael Goncalves
 
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
Krzysztof Kotowicz
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug Bounties
OWASP Nagpur
 
Evil Twin
Evil TwinEvil Twin
Evil Twin
n|u - The Open Security Community
 
Scapy TLS: A scriptable TLS 1.3 stack
Scapy TLS: A scriptable TLS 1.3 stackScapy TLS: A scriptable TLS 1.3 stack
Scapy TLS: A scriptable TLS 1.3 stack
Alexandre Moneger
 
Practical Application of the API Security Top Ten: A Tester's Perspective
Practical Application of the API Security Top Ten: A Tester's PerspectivePractical Application of the API Security Top Ten: A Tester's Perspective
Practical Application of the API Security Top Ten: A Tester's Perspective
RajniHatti
 
Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solution
Tandhy Simanjuntak
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
Pragati Rai
 

Más contenido relacionado

La actualidad más candente

HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
Marco Balduzzi
 
iOS Architecture
iOS ArchitectureiOS Architecture
iOS Architecture
Jacky Lian
 

La actualidad más candente (20)

cyber forensics
cyber forensicscyber forensics
cyber forensics
 
BugBounty Tips.pdf
BugBounty Tips.pdfBugBounty Tips.pdf
BugBounty Tips.pdf
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
 
CSRF Basics
CSRF BasicsCSRF Basics
CSRF Basics
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication Overview
 
Qr codes
Qr codesQr codes
Qr codes
 
JavaScript for Hackers.pdf
JavaScript for Hackers.pdfJavaScript for Hackers.pdf
JavaScript for Hackers.pdf
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
 
9: OllyDbg
9: OllyDbg9: OllyDbg
9: OllyDbg
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
CORS and (in)security
CORS and (in)securityCORS and (in)security
CORS and (in)security
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic Presentation
 
iOS Architecture
iOS ArchitectureiOS Architecture
iOS Architecture
 
HTTP Security Headers
HTTP Security HeadersHTTP Security Headers
HTTP Security Headers
 
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug Bounties
 
Evil Twin
Evil TwinEvil Twin
Evil Twin
 
Scapy TLS: A scriptable TLS 1.3 stack
Scapy TLS: A scriptable TLS 1.3 stackScapy TLS: A scriptable TLS 1.3 stack
Scapy TLS: A scriptable TLS 1.3 stack
 
Practical Application of the API Security Top Ten: A Tester's Perspective
Practical Application of the API Security Top Ten: A Tester's PerspectivePractical Application of the API Security Top Ten: A Tester's Perspective
Practical Application of the API Security Top Ten: A Tester's Perspective
 

Destacado

Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on android
Ravishankar Kumar
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
Marakana Inc.
 
OWF12/PAUG Conf Days Android system development, maxime ripard, free electrons
OWF12/PAUG Conf Days Android system development, maxime ripard, free electronsOWF12/PAUG Conf Days Android system development, maxime ripard, free electrons
OWF12/PAUG Conf Days Android system development, maxime ripard, free electrons
Paris Open Source Summit
 

Destacado (20)

Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solution
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on android
 
Android Security
Android SecurityAndroid Security
Android Security
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
 
Android security
Android securityAndroid security
Android security
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'
 
Android secure offline storage - CC Mobile
Android secure offline storage - CC MobileAndroid secure offline storage - CC Mobile
Android secure offline storage - CC Mobile
 
Android ppt
Android ppt Android ppt
Android ppt
 
Security threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsSecurity threats in Android OS + App Permissions
Security threats in Android OS + App Permissions
 
Android security
Android securityAndroid security
Android security
 
Testing Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionTesting Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam edition
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and Security
 
White Paper - Android Security
White Paper - Android SecurityWhite Paper - Android Security
White Paper - Android Security
 
Breaking Through: Gaining Access to Legacy I/O Devices with Android
Breaking Through: Gaining Access to Legacy I/O Devices with AndroidBreaking Through: Gaining Access to Legacy I/O Devices with Android
Breaking Through: Gaining Access to Legacy I/O Devices with Android
 
Security Application for Smart Phones and other Mobile Devices
Security Application for Smart Phones and other Mobile DevicesSecurity Application for Smart Phones and other Mobile Devices
Security Application for Smart Phones and other Mobile Devices
 
Finding Triggered Malice in Android Apps
Finding Triggered Malice in Android AppsFinding Triggered Malice in Android Apps
Finding Triggered Malice in Android Apps
 
[15.10.07] 슈퍼컴퓨터를 이용한 안드로이드 어플리케이션의 정적 분석
[15.10.07] 슈퍼컴퓨터를 이용한 안드로이드 어플리케이션의 정적 분석[15.10.07] 슈퍼컴퓨터를 이용한 안드로이드 어플리케이션의 정적 분석
[15.10.07] 슈퍼컴퓨터를 이용한 안드로이드 어플리케이션의 정적 분석
 
Hooking101 - Deeper on iOS Island
Hooking101 - Deeper on iOS IslandHooking101 - Deeper on iOS Island
Hooking101 - Deeper on iOS Island
 
OWF12/PAUG Conf Days Android system development, maxime ripard, free electrons
OWF12/PAUG Conf Days Android system development, maxime ripard, free electronsOWF12/PAUG Conf Days Android system development, maxime ripard, free electrons
OWF12/PAUG Conf Days Android system development, maxime ripard, free electrons
 

Similar a Android sandbox

Mobile application security
Mobile application securityMobile application security
Mobile application security
Shubhneet Goel
 
Inspection of Windows Phone applications
Inspection of Windows Phone applicationsInspection of Windows Phone applications
Inspection of Windows Phone applications
Andrey Chasovskikh
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013
Stephan Chenette
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012
hakersinfo
 

Similar a Android sandbox (20)

Mobile application security
Mobile application securityMobile application security
Mobile application security
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
Andriod Pentesting and Malware Analysis
Andriod Pentesting and Malware AnalysisAndriod Pentesting and Malware Analysis
Andriod Pentesting and Malware Analysis
 
Reading Group Presentation: Why Eve and Mallory Love Android
Reading Group Presentation: Why Eve and Mallory Love AndroidReading Group Presentation: Why Eve and Mallory Love Android
Reading Group Presentation: Why Eve and Mallory Love Android
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentesting
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2
 
Getting started with android
Getting started with androidGetting started with android
Getting started with android
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applications
 
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingNull Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
 
Inspection of Windows Phone applications
Inspection of Windows Phone applicationsInspection of Windows Phone applications
Inspection of Windows Phone applications
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013
 
Hacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraHacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh Mishra
 
Q4.11: Porting Android to new Platforms
Q4.11: Porting Android to new PlatformsQ4.11: Porting Android to new Platforms
Q4.11: Porting Android to new Platforms
 
Advanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to androidAdvanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to android
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012
 
Outsmarting smartphones
Outsmarting smartphonesOutsmarting smartphones
Outsmarting smartphones
 
Android vs ios System Architecture in OS perspective
Android vs ios System Architecture in OS perspectiveAndroid vs ios System Architecture in OS perspective
Android vs ios System Architecture in OS perspective
 
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Android
 

Más de Anusha Chavan

Swot analysis of INDIAN ECONOMY
Swot analysis of INDIAN ECONOMYSwot analysis of INDIAN ECONOMY
Swot analysis of INDIAN ECONOMY
Anusha Chavan
 
Power and politics- ANUSHA TUKE
Power and politics- ANUSHA TUKEPower and politics- ANUSHA TUKE
Power and politics- ANUSHA TUKE
Anusha Chavan
 

Más de Anusha Chavan (7)

Leadership & Management the chanakya way
Leadership & Management the chanakya wayLeadership & Management the chanakya way
Leadership & Management the chanakya way
 
CORPORATE LEADERSHIP Roles & Responsibilities.
CORPORATE LEADERSHIP Roles & Responsibilities.CORPORATE LEADERSHIP Roles & Responsibilities.
CORPORATE LEADERSHIP Roles & Responsibilities.
 
MARKETING (Thorns to competition)
MARKETING (Thorns to competition)MARKETING (Thorns to competition)
MARKETING (Thorns to competition)
 
Swot analysis of INDIAN ECONOMY
Swot analysis of INDIAN ECONOMYSwot analysis of INDIAN ECONOMY
Swot analysis of INDIAN ECONOMY
 
Power and politics- ANUSHA TUKE
Power and politics- ANUSHA TUKEPower and politics- ANUSHA TUKE
Power and politics- ANUSHA TUKE
 
Ensuring data security in cloud computing. - Anusha Tuke
Ensuring data security in cloud computing. - Anusha TukeEnsuring data security in cloud computing. - Anusha Tuke
Ensuring data security in cloud computing. - Anusha Tuke
 
CSAL
CSAL CSAL
CSAL
 

Último

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Último (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Android sandbox

  • 2. Contents  Introduction  Android  Sandbox  Static software analysis vs. sandboxing  Android application sandbox  System call diagrams  Static &dynamic analysis of AASandbox.  Experiments  Conclusion  References. 2
  • 3. Introduction • Emerging trend : Smart phones - computational power , sensors & communication • Threat :Malware attacks • Anti virus: block virus, worms & Trojan horses. • Behavioural detection: signatures. • Generate signatures: Analysis of significant & meaningful patterns • Sandbox: execution of suspicious binaries in an isolated environment. E.g CWSandbox . 3
  • 4. ANDROID  An operating system for mobile device  Based on the Linux kernel  Developed by Google and later the Open Handset Alliance (OHA).  Allows writing managed code in the Java language 4
  • 5. What is Sandbox?  a sandbox is a "sealed" container, which allows un- trusted programs to have executed within the sandbox. 5
  • 6. Static Software Analysis vs. Sandboxing Static analysis Sandboxing  Forensic techniques:  Applications are run in an isolated  decompilation,decryption,patter environment(sandbox). n matching.  Policy to stop system to prevent  Filtering binaries by malicious potential damage. patterns, called signatures.  Monitoring & recording system.  Fast & relatively simple.  User space sandbox.  Code pattern has to be known in  Kernal space sandbox. advance. 6
  • 7. Android Application Sandbox for suspicious software detection  Located in kernal space since access to critical part of OS is realized.  System call hijacking  Monitor system & library calls.  Android uses a modified Linux basis to host a Java-based middleware running the user applications.  Calls are monitored on lowest level possible. 7
  • 8. Read() system call from user space. 8
  • 10. Features  Loadable kernal module(LKM) is placed in Android emulator environment.  LKM intended to hijack all available system calls.  Two step analysis of android applications  Kernal space sandbox.  Fast static pre-check  Aasandbox takes android application archive which is packaged in *.apk file as input.  Java virtual machine-Dalvik. 10
  • 11. Static analysis of AASandbox  APK scanned for special patterns eg. Runtime.Exec()  Decompression- zip file.  AndroidManifest.xml- descriptions, security permissions.  Classes.dex- complete bytecode.  Res/- layout, language etc.  Decompilation  Classes.dex-bytecode which is converted to Baksmali-human readable format, easily parsable pseudocode.  Pattern search:  Java native interface,System.getRuntime().exec(..),ser vices & IPC provision,android permission. 11
  • 12. Dynamic analysis of Android applications.  App installed in android emulator.  User inputs –”Android Monkey” tool generates pseudo random streams of user events. Prepare & start Install Install APK & Obtain emulator AASandbox start monkey system call logs • Mobile device • LKM(policy) emulator • ADB • Process killed • Inserted by • 500 generated • AVD closed • AVD (android ADB(android virtual events. device)configuratio debugging bridge). n 12
  • 13. Experiments as examples  Ex application- self written fork bomb it uses Runtime.Exec() to start external binary program.  App is started & analysis is done.  Static analysis –REPORTS/ForkBomb.apk/  Subdirectories like unzipped/ & disasm/  The log file output after static analysis. 13
  • 14. Dynamic analysis of code  Dynmic analysis  Android emulator starts installed via adb install ForkBomb.apk  Android monkey is started via adb shell monkey –p $ACTIVITY –vv – throttle 1000 500.  Output of emulator will be logged into LOGS/ForksBomb.apk-s2.log as shown format 14
  • 15. Experimental analysis  Information is now possible to create a system call histogram as shown  Analysis is done through the official android market representing the Upto 150 applictions.. top 150 popular application.  Current status, malware characteristics & behaviour known from other platform ,e.g. Symbian OS are analysed in sandbox. 15
  • 16. Conclusion  Android emulator can be used to run android applications in isolated environment.  The pre-check functionality that analyses indicate usage of malicious pattern in source code.  In dynamic analysis, system calls are traced & corresponding reports are logged. 16
  • 17. REFERENCES  [1] M. Becher, F. Freiling, and B. Leider. On the effort to create smartphone worms in windows mobile. In Information Assurance and Security Workshop, 2007. IAW ’07. IEEESMC, pages 199–206, 20-22 June 2007.  [2] Bundesamt f¨ur Sicherheit in der Informationstechnik. Mobile endger¨ate und mobile applikationen: Sicherheitsgef¨ahrdungen und schutzmassnahmen, 2006.  [3] W. Enck, M. Ongtang, and P. McDaniel. Understanding android security. IEEE Security and Privacy, 7(1):50–57, 2009.  [4] S. Forrest, S. Hofmeyr, and A. Somayaji. The evolution of system-call monitoring. In ACSAC ’08: Proceedings of the 2008 Annual Computer Security Applications Conference,pages 418–430. IEEE Computer Society, 2008.  [5] A. Rubini. Kernel system calls. http://www.ar.linux.it/docs/ksys/ksys.html. [Online; accessed 01-March-2010]. 17