SlideShare ist ein Scribd-Unternehmen logo

Android sandbox

Als PPTX, PDF herunterladen
Anusha Chavan
Anusha Chavan
Technologie
1 von 18
Presented by ANUSHA TUKE
Contents  Introduction  Android  Sandbox  Static software analysis vs. sandboxing  Android application sandbox  System call diagrams  Static &dynamic analysis of AASandbox.  Experiments  Conclusion  References. 2
Introduction • Emerging trend : Smart phones - computational power , sensors & communication • Threat :Malware attacks • Anti virus: block virus, worms & Trojan horses. • Behavioural detection: signatures. • Generate signatures: Analysis of significant & meaningful patterns • Sandbox: execution of suspicious binaries in an isolated environment. E.g CWSandbox . 3
ANDROID  An operating system for mobile device  Based on the Linux kernel  Developed by Google and later the Open Handset Alliance (OHA).  Allows writing managed code in the Java language 4
What is Sandbox?  a sandbox is a "sealed" container, which allows un- trusted programs to have executed within the sandbox. 5
Static Software Analysis vs. Sandboxing Static analysis Sandboxing  Forensic techniques:  Applications are run in an isolated  decompilation,decryption,patter environment(sandbox). n matching.  Policy to stop system to prevent  Filtering binaries by malicious potential damage. patterns, called signatures.  Monitoring & recording system.  Fast & relatively simple.  User space sandbox.  Code pattern has to be known in  Kernal space sandbox. advance. 6
Android Application Sandbox for suspicious software detection  Located in kernal space since access to critical part of OS is realized.  System call hijacking  Monitor system & library calls.  Android uses a modified Linux basis to host a Java-based middleware running the user applications.  Calls are monitored on lowest level possible. 7
Read() system call from user space. 8
Hijacked read() system call. 9
Features  Loadable kernal module(LKM) is placed in Android emulator environment.  LKM intended to hijack all available system calls.  Two step analysis of android applications  Kernal space sandbox.  Fast static pre-check  Aasandbox takes android application archive which is packaged in *.apk file as input.  Java virtual machine-Dalvik. 10
Static analysis of AASandbox  APK scanned for special patterns eg. Runtime.Exec()  Decompression- zip file.  AndroidManifest.xml- descriptions, security permissions.  Classes.dex- complete bytecode.  Res/- layout, language etc.  Decompilation  Classes.dex-bytecode which is converted to Baksmali-human readable format, easily parsable pseudocode.  Pattern search:  Java native interface,System.getRuntime().exec(..),ser vices & IPC provision,android permission. 11
Dynamic analysis of Android applications.  App installed in android emulator.  User inputs –”Android Monkey” tool generates pseudo random streams of user events. Prepare & start Install Install APK & Obtain emulator AASandbox start monkey system call logs • Mobile device • LKM(policy) emulator • ADB • Process killed • Inserted by • 500 generated • AVD closed • AVD (android ADB(android virtual events. device)configuratio debugging bridge). n 12
Experiments as examples  Ex application- self written fork bomb it uses Runtime.Exec() to start external binary program.  App is started & analysis is done.  Static analysis –REPORTS/ForkBomb.apk/  Subdirectories like unzipped/ & disasm/  The log file output after static analysis. 13
Dynamic analysis of code  Dynmic analysis  Android emulator starts installed via adb install ForkBomb.apk  Android monkey is started via adb shell monkey –p $ACTIVITY –vv – throttle 1000 500.  Output of emulator will be logged into LOGS/ForksBomb.apk-s2.log as shown format 14
Experimental analysis  Information is now possible to create a system call histogram as shown  Analysis is done through the official android market representing the Upto 150 applictions.. top 150 popular application.  Current status, malware characteristics & behaviour known from other platform ,e.g. Symbian OS are analysed in sandbox. 15
Conclusion  Android emulator can be used to run android applications in isolated environment.  The pre-check functionality that analyses indicate usage of malicious pattern in source code.  In dynamic analysis, system calls are traced & corresponding reports are logged. 16
REFERENCES  [1] M. Becher, F. Freiling, and B. Leider. On the effort to create smartphone worms in windows mobile. In Information Assurance and Security Workshop, 2007. IAW ’07. IEEESMC, pages 199–206, 20-22 June 2007.  [2] Bundesamt f¨ur Sicherheit in der Informationstechnik. Mobile endger¨ate und mobile applikationen: Sicherheitsgef¨ahrdungen und schutzmassnahmen, 2006.  [3] W. Enck, M. Ongtang, and P. McDaniel. Understanding android security. IEEE Security and Privacy, 7(1):50–57, 2009.  [4] S. Forrest, S. Hofmeyr, and A. Somayaji. The evolution of system-call monitoring. In ACSAC ’08: Proceedings of the 2008 Annual Computer Security Applications Conference,pages 418–430. IEEE Computer Society, 2008.  [5] A. Rubini. Kernel system calls. http://www.ar.linux.it/docs/ksys/ksys.html. [Online; accessed 01-March-2010]. 17
Android sandbox

Empfohlen

Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applications
Adeel Javaid
 
Pentesting Android Apps
Pentesting Android AppsPentesting Android Apps
Pentesting Android Apps
Abdelhamid Limami
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
GTU
 
Nikto
NiktoNikto
Nikto
Sorina Chirilă
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
Megha Sahu
 
NMAP
NMAPNMAP
NMAP
PrateekAryan1
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
Utkarsh Verma
 
Owasp zap
Owasp zapOwasp zap
Owasp zap
ColdFusionConference
 

Empfohlen

Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applications
Adeel Javaid
 
Pentesting Android Apps
Pentesting Android AppsPentesting Android Apps
Pentesting Android Apps
Abdelhamid Limami
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
GTU
 
Nikto
NiktoNikto
Nikto
Sorina Chirilă
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
Megha Sahu
 
NMAP
NMAPNMAP
NMAP
PrateekAryan1
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
Utkarsh Verma
 
Owasp zap
Owasp zapOwasp zap
Owasp zap
ColdFusionConference
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
kkkseld
 
Learn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAPLearn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAP
Paul Ionescu
 
Kali Linux
Kali LinuxKali Linux
Kali Linux
Chanchal Dabriya
 
Metasploit
MetasploitMetasploit
Metasploit
henelpj
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
 
Burp suite
Burp suiteBurp suite
Burp suite
SOURABH DESHMUKH
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...
Noppadol Songsakaew
 
CORS and (in)security
CORS and (in)securityCORS and (in)security
CORS and (in)security
n|u - The Open Security Community
 
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Sam Bowne
 
Vulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptxVulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptx
Suman Astani
 
Network defenses
Network defensesNetwork defenses
Network defenses
G Prachi
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
Michael Furman
 
Thick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfThick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdf
SouvikRoy114738
 
Malware forensics
Malware forensicsMalware forensics
Malware forensics
Sameera Amjad
 
Burp suite
Burp suiteBurp suite
Burp suite
hamdi_sevben
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzing
G Prachi
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
Ajit Dadresa
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
gaurav koriya
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
cclark_isec
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
Ashley Deuble
 
Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solution
Tandhy Simanjuntak
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
Pragati Rai
 

Weitere ähnliche Inhalte

Was ist angesagt?

Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
kkkseld
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
Ashley Deuble
 

Was ist angesagt? (20)

Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
 
Learn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAPLearn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAP
 
Kali Linux
Kali LinuxKali Linux
Kali Linux
 
Metasploit
MetasploitMetasploit
Metasploit
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
Burp suite
Burp suiteBurp suite
Burp suite
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...
 
CORS and (in)security
CORS and (in)securityCORS and (in)security
CORS and (in)security
 
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
 
Vulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptxVulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptx
 
Network defenses
Network defensesNetwork defenses
Network defenses
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Thick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfThick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdf
 
Malware forensics
Malware forensicsMalware forensics
Malware forensics
 
Burp suite
Burp suiteBurp suite
Burp suite
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzing
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
 

Andere mochten auch

Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on android
Ravishankar Kumar
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
Marakana Inc.
 
OWF12/PAUG Conf Days Android system development, maxime ripard, free electrons
OWF12/PAUG Conf Days Android system development, maxime ripard, free electronsOWF12/PAUG Conf Days Android system development, maxime ripard, free electrons
OWF12/PAUG Conf Days Android system development, maxime ripard, free electrons
Paris Open Source Summit
 

Andere mochten auch (20)

Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solution
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on android
 
Android Security
Android SecurityAndroid Security
Android Security
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
 
Android security
Android securityAndroid security
Android security
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'
 
Android secure offline storage - CC Mobile
Android secure offline storage - CC MobileAndroid secure offline storage - CC Mobile
Android secure offline storage - CC Mobile
 
Android ppt
Android ppt Android ppt
Android ppt
 
Security threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsSecurity threats in Android OS + App Permissions
Security threats in Android OS + App Permissions
 
Android security
Android securityAndroid security
Android security
 
Testing Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionTesting Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam edition
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and Security
 
White Paper - Android Security
White Paper - Android SecurityWhite Paper - Android Security
White Paper - Android Security
 
Breaking Through: Gaining Access to Legacy I/O Devices with Android
Breaking Through: Gaining Access to Legacy I/O Devices with AndroidBreaking Through: Gaining Access to Legacy I/O Devices with Android
Breaking Through: Gaining Access to Legacy I/O Devices with Android
 
Security Application for Smart Phones and other Mobile Devices
Security Application for Smart Phones and other Mobile DevicesSecurity Application for Smart Phones and other Mobile Devices
Security Application for Smart Phones and other Mobile Devices
 
Finding Triggered Malice in Android Apps
Finding Triggered Malice in Android AppsFinding Triggered Malice in Android Apps
Finding Triggered Malice in Android Apps
 
[15.10.07] 슈퍼컴퓨터를 이용한 안드로이드 어플리케이션의 정적 분석
[15.10.07] 슈퍼컴퓨터를 이용한 안드로이드 어플리케이션의 정적 분석[15.10.07] 슈퍼컴퓨터를 이용한 안드로이드 어플리케이션의 정적 분석
[15.10.07] 슈퍼컴퓨터를 이용한 안드로이드 어플리케이션의 정적 분석
 
Hooking101 - Deeper on iOS Island
Hooking101 - Deeper on iOS IslandHooking101 - Deeper on iOS Island
Hooking101 - Deeper on iOS Island
 
OWF12/PAUG Conf Days Android system development, maxime ripard, free electrons
OWF12/PAUG Conf Days Android system development, maxime ripard, free electronsOWF12/PAUG Conf Days Android system development, maxime ripard, free electrons
OWF12/PAUG Conf Days Android system development, maxime ripard, free electrons
 

Ähnlich wie Android sandbox

Mobile application security
Mobile application securityMobile application security
Mobile application security
Shubhneet Goel
 
Inspection of Windows Phone applications
Inspection of Windows Phone applicationsInspection of Windows Phone applications
Inspection of Windows Phone applications
Andrey Chasovskikh
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013
Stephan Chenette
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012
hakersinfo
 

Ähnlich wie Android sandbox (20)

Mobile application security
Mobile application securityMobile application security
Mobile application security
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
Andriod Pentesting and Malware Analysis
Andriod Pentesting and Malware AnalysisAndriod Pentesting and Malware Analysis
Andriod Pentesting and Malware Analysis
 
Reading Group Presentation: Why Eve and Mallory Love Android
Reading Group Presentation: Why Eve and Mallory Love AndroidReading Group Presentation: Why Eve and Mallory Love Android
Reading Group Presentation: Why Eve and Mallory Love Android
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentesting
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2
 
Getting started with android
Getting started with androidGetting started with android
Getting started with android
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applications
 
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingNull Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
 
Inspection of Windows Phone applications
Inspection of Windows Phone applicationsInspection of Windows Phone applications
Inspection of Windows Phone applications
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013
 
Hacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraHacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh Mishra
 
Q4.11: Porting Android to new Platforms
Q4.11: Porting Android to new PlatformsQ4.11: Porting Android to new Platforms
Q4.11: Porting Android to new Platforms
 
Advanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to androidAdvanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to android
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012
 
Outsmarting smartphones
Outsmarting smartphonesOutsmarting smartphones
Outsmarting smartphones
 
Android vs ios System Architecture in OS perspective
Android vs ios System Architecture in OS perspectiveAndroid vs ios System Architecture in OS perspective
Android vs ios System Architecture in OS perspective
 
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Android
 

Mehr von Anusha Chavan

Swot analysis of INDIAN ECONOMY
Swot analysis of INDIAN ECONOMYSwot analysis of INDIAN ECONOMY
Swot analysis of INDIAN ECONOMY
Anusha Chavan
 
Power and politics- ANUSHA TUKE
Power and politics- ANUSHA TUKEPower and politics- ANUSHA TUKE
Power and politics- ANUSHA TUKE
Anusha Chavan
 

Mehr von Anusha Chavan (7)

Leadership & Management the chanakya way
Leadership & Management the chanakya wayLeadership & Management the chanakya way
Leadership & Management the chanakya way
 
CORPORATE LEADERSHIP Roles & Responsibilities.
CORPORATE LEADERSHIP Roles & Responsibilities.CORPORATE LEADERSHIP Roles & Responsibilities.
CORPORATE LEADERSHIP Roles & Responsibilities.
 
MARKETING (Thorns to competition)
MARKETING (Thorns to competition)MARKETING (Thorns to competition)
MARKETING (Thorns to competition)
 
Swot analysis of INDIAN ECONOMY
Swot analysis of INDIAN ECONOMYSwot analysis of INDIAN ECONOMY
Swot analysis of INDIAN ECONOMY
 
Power and politics- ANUSHA TUKE
Power and politics- ANUSHA TUKEPower and politics- ANUSHA TUKE
Power and politics- ANUSHA TUKE
 
Ensuring data security in cloud computing. - Anusha Tuke
Ensuring data security in cloud computing. - Anusha TukeEnsuring data security in cloud computing. - Anusha Tuke
Ensuring data security in cloud computing. - Anusha Tuke
 
CSAL
CSAL CSAL
CSAL
 

Kürzlich hochgeladen

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Kürzlich hochgeladen (20)

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Android sandbox

  • 2. Contents  Introduction  Android  Sandbox  Static software analysis vs. sandboxing  Android application sandbox  System call diagrams  Static &dynamic analysis of AASandbox.  Experiments  Conclusion  References. 2
  • 3. Introduction • Emerging trend : Smart phones - computational power , sensors & communication • Threat :Malware attacks • Anti virus: block virus, worms & Trojan horses. • Behavioural detection: signatures. • Generate signatures: Analysis of significant & meaningful patterns • Sandbox: execution of suspicious binaries in an isolated environment. E.g CWSandbox . 3
  • 4. ANDROID  An operating system for mobile device  Based on the Linux kernel  Developed by Google and later the Open Handset Alliance (OHA).  Allows writing managed code in the Java language 4
  • 5. What is Sandbox?  a sandbox is a "sealed" container, which allows un- trusted programs to have executed within the sandbox. 5
  • 6. Static Software Analysis vs. Sandboxing Static analysis Sandboxing  Forensic techniques:  Applications are run in an isolated  decompilation,decryption,patter environment(sandbox). n matching.  Policy to stop system to prevent  Filtering binaries by malicious potential damage. patterns, called signatures.  Monitoring & recording system.  Fast & relatively simple.  User space sandbox.  Code pattern has to be known in  Kernal space sandbox. advance. 6
  • 7. Android Application Sandbox for suspicious software detection  Located in kernal space since access to critical part of OS is realized.  System call hijacking  Monitor system & library calls.  Android uses a modified Linux basis to host a Java-based middleware running the user applications.  Calls are monitored on lowest level possible. 7
  • 8. Read() system call from user space. 8
  • 10. Features  Loadable kernal module(LKM) is placed in Android emulator environment.  LKM intended to hijack all available system calls.  Two step analysis of android applications  Kernal space sandbox.  Fast static pre-check  Aasandbox takes android application archive which is packaged in *.apk file as input.  Java virtual machine-Dalvik. 10
  • 11. Static analysis of AASandbox  APK scanned for special patterns eg. Runtime.Exec()  Decompression- zip file.  AndroidManifest.xml- descriptions, security permissions.  Classes.dex- complete bytecode.  Res/- layout, language etc.  Decompilation  Classes.dex-bytecode which is converted to Baksmali-human readable format, easily parsable pseudocode.  Pattern search:  Java native interface,System.getRuntime().exec(..),ser vices & IPC provision,android permission. 11
  • 12. Dynamic analysis of Android applications.  App installed in android emulator.  User inputs –”Android Monkey” tool generates pseudo random streams of user events. Prepare & start Install Install APK & Obtain emulator AASandbox start monkey system call logs • Mobile device • LKM(policy) emulator • ADB • Process killed • Inserted by • 500 generated • AVD closed • AVD (android ADB(android virtual events. device)configuratio debugging bridge). n 12
  • 13. Experiments as examples  Ex application- self written fork bomb it uses Runtime.Exec() to start external binary program.  App is started & analysis is done.  Static analysis –REPORTS/ForkBomb.apk/  Subdirectories like unzipped/ & disasm/  The log file output after static analysis. 13
  • 14. Dynamic analysis of code  Dynmic analysis  Android emulator starts installed via adb install ForkBomb.apk  Android monkey is started via adb shell monkey –p $ACTIVITY –vv – throttle 1000 500.  Output of emulator will be logged into LOGS/ForksBomb.apk-s2.log as shown format 14
  • 15. Experimental analysis  Information is now possible to create a system call histogram as shown  Analysis is done through the official android market representing the Upto 150 applictions.. top 150 popular application.  Current status, malware characteristics & behaviour known from other platform ,e.g. Symbian OS are analysed in sandbox. 15
  • 16. Conclusion  Android emulator can be used to run android applications in isolated environment.  The pre-check functionality that analyses indicate usage of malicious pattern in source code.  In dynamic analysis, system calls are traced & corresponding reports are logged. 16
  • 17. REFERENCES  [1] M. Becher, F. Freiling, and B. Leider. On the effort to create smartphone worms in windows mobile. In Information Assurance and Security Workshop, 2007. IAW ’07. IEEESMC, pages 199–206, 20-22 June 2007.  [2] Bundesamt f¨ur Sicherheit in der Informationstechnik. Mobile endger¨ate und mobile applikationen: Sicherheitsgef¨ahrdungen und schutzmassnahmen, 2006.  [3] W. Enck, M. Ongtang, and P. McDaniel. Understanding android security. IEEE Security and Privacy, 7(1):50–57, 2009.  [4] S. Forrest, S. Hofmeyr, and A. Somayaji. The evolution of system-call monitoring. In ACSAC ’08: Proceedings of the 2008 Annual Computer Security Applications Conference,pages 418–430. IEEE Computer Society, 2008.  [5] A. Rubini. Kernel system calls. http://www.ar.linux.it/docs/ksys/ksys.html. [Online; accessed 01-March-2010]. 17