SlideShare une entreprise Scribd logo

REUdupresentation

Télécharger en tant que PPTX, PDF
A
Achintya Sakthi Sankarraman

The document summarizes a research project investigating "Hanging Attribute References (HARE)" problems in customized Android images. The researchers decompiled vendor images to compare them with stock Android Open Source Project (AOSP) images and identify differences that could create vulnerabilities. They learned how to analyze app permissions, decompose images, and build a tool to compare two images. Comparing a Samsung image to AOSP showed insights into customizations and highlighted potential security issues from resources referred to by system apps that were removed.

1  sur  7
Hanging Attribute References REU: Yousra’s Research Team Sakthi Sankarraman Martin Pan Shengmin Huang Wei Yang Zhihe Jing
What is a HARE Problem… Translate Email 你好 Translate Email 你好 Send Email 你好 Email App Email App • A HARE is when pre-installed apps are referring to a resource that might not be present on a customized image. • This creates opportunities for an attacker to squat the resource. • We want to understand the security issues. Google Translate App Malicious App Database
Investigation of Hare… • Image Repository • Collect as many vendor images of the android operating system • Image Handling • Decompile the images and framework code • Automating Image Comparison • Find the differences between the images • Understand the differences • Google makes the Android Operating System image • Vendors: Samsung, LG, HTC, Huwaei, etc. manufacture the phones • They change the image based on phone’s features and customize it. • Customization causes apps to be changed or removed. Framework code is altered. • Once the code is altered it provides vulnerabilities for malicious actions. Root Cause HARE…
What we learned… • We learned how to decompile an image. • Once we decompiled it we began to understand the image’s structure. • We then learned how to parse the android manifest file by decompiling the apps. • We viewed the build properties to understand the type of phone and its build properties • We learned the difference between declared permissions vs used permissions. • Find all resources that are referred by the system apps but do not exist on the phone • We built a tool to show the differences between two images. (A base image from AOSP and a customized image)
• Compared the samsung image to an AOSP image. • Could easily see differences Comparing Images… • Showed us insight in how Samsung changes the image. • Different customizations • Picture on the right shows the differences between vendors • Some have more methods • Some have less methods
Summer learning… • We did a lot of general learning • Intents • Difference between explicit and implicit • Experienced brainstorming sessions with Phd students • Getting a Phd require a lot of perseverance and hard work • Classes are not as difficult as Research • Research is much more exciting • Learned a lot from other projects • Learned about the Data Residue attack form Xiao’s project • Learned a lot from the BigPhone project. • Sometimes its difficult to justify an idea • Learned about Static Analysis • Learned how to use the Flowdroid tool • Understood its benefits • Performed SEED Labs
What we thought… • Research is a pretty exciting and it was really fun to be involved • Possibly having the opportunity to address an idea from the Android class and then evolving it into a research program for the summer • Begin working with the Phd mentor earlier in the summer. Get to know them a little better.

Recommandé

Iterating a form wizard | from research to design
Iterating a form wizard | from research to designIterating a form wizard | from research to design
Iterating a form wizard | from research to designVernon Fowler
 
5. pre production
5. pre production5. pre production
5. pre productionkallum-sykes
 
Developed by REU
Developed by REUDeveloped by REU
Developed by REUAchintya Sakthi Sankarraman
 
Cee
CeeCee
CeeAchintya Sakthi Sankarraman
 
Applying Computer Vision to Art History
Applying Computer Vision to Art HistoryApplying Computer Vision to Art History
Applying Computer Vision to Art Historyjeresig
 
Applying Computer Vision to Art History
Applying Computer Vision to Art HistoryApplying Computer Vision to Art History
Applying Computer Vision to Art Historyjeresig
 
Introduction to Xamarin Forms
Introduction to Xamarin Forms Introduction to Xamarin Forms
Introduction to Xamarin Forms Russ Fustino
 
Large Scale Data Management
Large Scale Data ManagementLarge Scale Data Management
Large Scale Data ManagementThomas Miller
 

Recommandé

Iterating a form wizard | from research to design
Iterating a form wizard | from research to designIterating a form wizard | from research to design
Iterating a form wizard | from research to designVernon Fowler
 
5. pre production
5. pre production5. pre production
5. pre productionkallum-sykes
 
Developed by REU
Developed by REUDeveloped by REU
Developed by REUAchintya Sakthi Sankarraman
 
Cee
CeeCee
CeeAchintya Sakthi Sankarraman
 
Applying Computer Vision to Art History
Applying Computer Vision to Art HistoryApplying Computer Vision to Art History
Applying Computer Vision to Art Historyjeresig
 
Applying Computer Vision to Art History
Applying Computer Vision to Art HistoryApplying Computer Vision to Art History
Applying Computer Vision to Art Historyjeresig
 
Introduction to Xamarin Forms
Introduction to Xamarin Forms Introduction to Xamarin Forms
Introduction to Xamarin Forms Russ Fustino
 
Large Scale Data Management
Large Scale Data ManagementLarge Scale Data Management
Large Scale Data ManagementThomas Miller
 
Image Processing and Computer Vision in iOS
Image Processing and Computer Vision in iOSImage Processing and Computer Vision in iOS
Image Processing and Computer Vision in iOSOge Marques
 
Final year ppt
Final year pptFinal year ppt
Final year pptShruti Chandra
 
Buddy navigator
Buddy navigatorBuddy navigator
Buddy navigatorRishabh Gupta
 
Software Design
Software DesignSoftware Design
Software DesignAhmed Misbah
 
Face Recognition System for Door Unlocking
Face Recognition System for Door UnlockingFace Recognition System for Door Unlocking
Face Recognition System for Door UnlockingHassan Tariq
 
Social Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadSocial Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadTom Eston
 
Capstone presentation
Capstone presentationCapstone presentation
Capstone presentationJohnStendardo
 
Why do mobile projects (still) fail - September 2014 edition
Why do mobile projects (still) fail - September 2014 editionWhy do mobile projects (still) fail - September 2014 edition
Why do mobile projects (still) fail - September 2014 editionIndiginox
 
Just4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsJust4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsMagno Logan
 
Global Azure Bootcamp - ML.NET for developers
Global Azure Bootcamp - ML.NET for developersGlobal Azure Bootcamp - ML.NET for developers
Global Azure Bootcamp - ML.NET for developersChris Melinn
 
Collapsed
CollapsedCollapsed
Collapsedstowlson
 
Online File Formats.pptx
Online File Formats.pptxOnline File Formats.pptx
Online File Formats.pptxCliffordBorromeo
 
Material design in android L developer Preview
Material design in android L developer PreviewMaterial design in android L developer Preview
Material design in android L developer Previewpcnmtutorials
 
Build your mobile app from a to z presentation
Build your mobile app from a to z presentationBuild your mobile app from a to z presentation
Build your mobile app from a to z presentationSeyedmostafa Safavi
 
1 (1)
1 (1)1 (1)
1 (1)Shankarlal61
 
Android malware analysis
Android malware analysisAndroid malware analysis
Android malware analysisJason Ross
 
Datamingse
DatamingseDatamingse
DatamingseRyan Wang
 
Dato Keynote
Dato KeynoteDato Keynote
Dato KeynoteTuri, Inc.
 
2014 Picking a Platform by Anand Kulkarni
2014 Picking a Platform by Anand Kulkarni2014 Picking a Platform by Anand Kulkarni
2014 Picking a Platform by Anand KulkarniEuropean Innovation Academy
 
RootandLeaves.pptx
RootandLeaves.pptxRootandLeaves.pptx
RootandLeaves.pptxRoot and Leaves
 

Contenu connexe

Similaire à REUdupresentation

Image Processing and Computer Vision in iOS
Image Processing and Computer Vision in iOSImage Processing and Computer Vision in iOS
Image Processing and Computer Vision in iOSOge Marques
 
Face Recognition System for Door Unlocking
Face Recognition System for Door UnlockingFace Recognition System for Door Unlocking
Face Recognition System for Door UnlockingHassan Tariq
 
Social Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadSocial Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadTom Eston
 
Capstone presentation
Capstone presentationCapstone presentation
Capstone presentationJohnStendardo
 
Why do mobile projects (still) fail - September 2014 edition
Why do mobile projects (still) fail - September 2014 editionWhy do mobile projects (still) fail - September 2014 edition
Why do mobile projects (still) fail - September 2014 editionIndiginox
 
Just4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsJust4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsMagno Logan
 
Global Azure Bootcamp - ML.NET for developers
Global Azure Bootcamp - ML.NET for developersGlobal Azure Bootcamp - ML.NET for developers
Global Azure Bootcamp - ML.NET for developersChris Melinn
 
Material design in android L developer Preview
Material design in android L developer PreviewMaterial design in android L developer Preview
Material design in android L developer Previewpcnmtutorials
 
Build your mobile app from a to z presentation
Build your mobile app from a to z presentationBuild your mobile app from a to z presentation
Build your mobile app from a to z presentationSeyedmostafa Safavi
 
Android malware analysis
Android malware analysisAndroid malware analysis
Android malware analysisJason Ross
 

Similaire à REUdupresentation (20)

Image Processing and Computer Vision in iOS
Image Processing and Computer Vision in iOSImage Processing and Computer Vision in iOS
Image Processing and Computer Vision in iOS
 
Final year ppt
Final year pptFinal year ppt
Final year ppt
 
Buddy navigator
Buddy navigatorBuddy navigator
Buddy navigator
 
Software Design
Software DesignSoftware Design
Software Design
 
Face Recognition System for Door Unlocking
Face Recognition System for Door UnlockingFace Recognition System for Door Unlocking
Face Recognition System for Door Unlocking
 
Social Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadSocial Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile Dead
 
Capstone presentation
Capstone presentationCapstone presentation
Capstone presentation
 
Why do mobile projects (still) fail - September 2014 edition
Why do mobile projects (still) fail - September 2014 editionWhy do mobile projects (still) fail - September 2014 edition
Why do mobile projects (still) fail - September 2014 edition
 
Just4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsJust4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applications
 
Global Azure Bootcamp - ML.NET for developers
Global Azure Bootcamp - ML.NET for developersGlobal Azure Bootcamp - ML.NET for developers
Global Azure Bootcamp - ML.NET for developers
 
Collapsed
CollapsedCollapsed
Collapsed
 
Online File Formats.pptx
Online File Formats.pptxOnline File Formats.pptx
Online File Formats.pptx
 
Material design in android L developer Preview
Material design in android L developer PreviewMaterial design in android L developer Preview
Material design in android L developer Preview
 
Build your mobile app from a to z presentation
Build your mobile app from a to z presentationBuild your mobile app from a to z presentation
Build your mobile app from a to z presentation
 
1 (1)
1 (1)1 (1)
1 (1)
 
Android malware analysis
Android malware analysisAndroid malware analysis
Android malware analysis
 
Datamingse
DatamingseDatamingse
Datamingse
 
Dato Keynote
Dato KeynoteDato Keynote
Dato Keynote
 
2014 Picking a Platform by Anand Kulkarni
2014 Picking a Platform by Anand Kulkarni2014 Picking a Platform by Anand Kulkarni
2014 Picking a Platform by Anand Kulkarni
 
RootandLeaves.pptx
RootandLeaves.pptxRootandLeaves.pptx
RootandLeaves.pptx
 

REUdupresentation

  • 1. Hanging Attribute References REU: Yousra’s Research Team Sakthi Sankarraman Martin Pan Shengmin Huang Wei Yang Zhihe Jing
  • 2. What is a HARE Problem… Translate Email 你好 Translate Email 你好 Send Email 你好 Email App Email App • A HARE is when pre-installed apps are referring to a resource that might not be present on a customized image. • This creates opportunities for an attacker to squat the resource. • We want to understand the security issues. Google Translate App Malicious App Database
  • 3. Investigation of Hare… • Image Repository • Collect as many vendor images of the android operating system • Image Handling • Decompile the images and framework code • Automating Image Comparison • Find the differences between the images • Understand the differences • Google makes the Android Operating System image • Vendors: Samsung, LG, HTC, Huwaei, etc. manufacture the phones • They change the image based on phone’s features and customize it. • Customization causes apps to be changed or removed. Framework code is altered. • Once the code is altered it provides vulnerabilities for malicious actions. Root Cause HARE…
  • 4. What we learned… • We learned how to decompile an image. • Once we decompiled it we began to understand the image’s structure. • We then learned how to parse the android manifest file by decompiling the apps. • We viewed the build properties to understand the type of phone and its build properties • We learned the difference between declared permissions vs used permissions. • Find all resources that are referred by the system apps but do not exist on the phone • We built a tool to show the differences between two images. (A base image from AOSP and a customized image)
  • 5. • Compared the samsung image to an AOSP image. • Could easily see differences Comparing Images… • Showed us insight in how Samsung changes the image. • Different customizations • Picture on the right shows the differences between vendors • Some have more methods • Some have less methods
  • 6. Summer learning… • We did a lot of general learning • Intents • Difference between explicit and implicit • Experienced brainstorming sessions with Phd students • Getting a Phd require a lot of perseverance and hard work • Classes are not as difficult as Research • Research is much more exciting • Learned a lot from other projects • Learned about the Data Residue attack form Xiao’s project • Learned a lot from the BigPhone project. • Sometimes its difficult to justify an idea • Learned about Static Analysis • Learned how to use the Flowdroid tool • Understood its benefits • Performed SEED Labs
  • 7. What we thought… • Research is a pretty exciting and it was really fun to be involved • Possibly having the opportunity to address an idea from the Android class and then evolving it into a research program for the summer • Begin working with the Phd mentor earlier in the summer. Get to know them a little better.