Se ha denunciado esta presentación.
Se está descargando tu SlideShare. ×

Lab Meeting - 20140902 - Root Guard-Protecting Rooted Android Phones

Próximo SlideShare
Malware Defense-in-Depth 2.0
Malware Defense-in-Depth 2.0
Cargando en…3
×

Eche un vistazo a continuación

1 de 18
1 de 18

Más Contenido Relacionado

Libros relacionados

Gratis con una prueba de 30 días de Scribd

Ver todo

Audiolibros relacionados

Gratis con una prueba de 30 días de Scribd

Ver todo

Lab Meeting - 20140902 - Root Guard-Protecting Rooted Android Phones

  1. 1. RootGuard: Protecting Rooted Android Phones Yuru Shao, Xiapu Luo, and Chenxiong Qian, The Hong Kong Polytechnic University June 18 2014
  2. 2. Outline  Introduction  Related Work  System Overview  Proposed Approach  Result and Conclusion
  3. 3. Introduction  Most popular smartphone operating system  Limitations – ROOT!  ROOT security threats -access to entire system and low-level hardware  Root-management  RootGuard
  4. 4. Related Work  Rooting android and managing root privilege  Security flaws in available root-management tools 1. Behaving like legitimate apps. 2. Rootmanagement tools cannot defend themselves.  Attacking the root request Intent -Intent spoofing. -Intent hijacking and eavesdropping.
  5. 5. Related Work  Attacking su  Attacking Superuser’s policy storage  Attacking the local socket file  ROOTGUARD 1. Provides fine-grain control. 2. Defends itself against attacks
  6. 6. System Overview  The root-privilege management model.
  7. 7. System Overview  RootGuard-enhanced root-management model.
  8. 8. Design and Implementation  RootGuard’s three main components consist of SuperuserEx.
  9. 9. Design and Implementation  SuperuserEx -Offer user a GUI. Built on top of the open source.  Policy storage database -/etc/rootguard -/dev/rootguard  Kernel module -Linux Security Module(LSM) -LSM hooks. -rg_mount -System call hook. –sys_execve  Security Server
  10. 10. Design and Implementation  Default policies -apps for browsing the entire file system and editing files -apps for backing up files -security apps providing real-time detection and protection -apps for accessing and configuring hardware settings.  Mounting system partitions. - /system  Accessing hardware devices. -/dev  Accessing system files or other apps’ private data.  Manipulating process memory
  11. 11. Evaluation  Threat 1: Silent installation and uninstallation. -pm install, pm uninstall  Threat 2: Antimalware tool termination. -kill  Threat 3: Irremovability. -system/app  Threat 4: Access to other apps’ private data.  Threat 5: Back doors.  Threat 6: Rootkits and bootkits.
  12. 12. Case studies showing RootGuard’s effectiveness  RootSmart (Threats 1, 3, and 5). -download other malware from remote servers -creating a backdoor (/system/xbin/smart/sh) into the system partition  AVPass (Threat 4). - modify the signature databases of many popular antimalware apps
  13. 13. Case studies showing RootGuard’s effectiveness  DKFBootKit (Threat 6) -mounts the system partition as writable -copies itself into the /system/lib directory -replaces several commonly used utility programs (for example, ifconfig and mount)  PoC app (Threat 2) -terminates process by executing the kill <pid> command -query key components of an antimalware tool and disable them
  14. 14. Result  RootGuard-enhanced device user experience -Titanium Backup, CPU Tuner, Root Explorer, LBE Privacy Guard, and Root App Delete -Inspect in SuperuserEx and modify policy
  15. 15. Performance overhead  AnTuTu benchmark for two Google Nexus S -basic AOSP -RootGuard
  16. 16. Performance overhead
  17. 17. Other Security Considerations  Kernel-mode rootkits  Exploit kernel vulnerabilities  Direct kernel object modification (DKOM)  Disabled support for the Linux loadable kernel module (LKM)  Who knows RootGuard’s default policies

×