SlideShare une entreprise Scribd logo

Android sandbox

Télécharger en tant que PPTX, PDF
Anusha Chavan
Anusha Chavan
Technologie
1  sur  18
Presented by ANUSHA TUKE
Contents  Introduction  Android  Sandbox  Static software analysis vs. sandboxing  Android application sandbox  System call diagrams  Static &dynamic analysis of AASandbox.  Experiments  Conclusion  References. 2
Introduction • Emerging trend : Smart phones - computational power , sensors & communication • Threat :Malware attacks • Anti virus: block virus, worms & Trojan horses. • Behavioural detection: signatures. • Generate signatures: Analysis of significant & meaningful patterns • Sandbox: execution of suspicious binaries in an isolated environment. E.g CWSandbox . 3
ANDROID  An operating system for mobile device  Based on the Linux kernel  Developed by Google and later the Open Handset Alliance (OHA).  Allows writing managed code in the Java language 4
What is Sandbox?  a sandbox is a "sealed" container, which allows un- trusted programs to have executed within the sandbox. 5
Static Software Analysis vs. Sandboxing Static analysis Sandboxing  Forensic techniques:  Applications are run in an isolated  decompilation,decryption,patter environment(sandbox). n matching.  Policy to stop system to prevent  Filtering binaries by malicious potential damage. patterns, called signatures.  Monitoring & recording system.  Fast & relatively simple.  User space sandbox.  Code pattern has to be known in  Kernal space sandbox. advance. 6
Android Application Sandbox for suspicious software detection  Located in kernal space since access to critical part of OS is realized.  System call hijacking  Monitor system & library calls.  Android uses a modified Linux basis to host a Java-based middleware running the user applications.  Calls are monitored on lowest level possible. 7
Read() system call from user space. 8
Hijacked read() system call. 9
Features  Loadable kernal module(LKM) is placed in Android emulator environment.  LKM intended to hijack all available system calls.  Two step analysis of android applications  Kernal space sandbox.  Fast static pre-check  Aasandbox takes android application archive which is packaged in *.apk file as input.  Java virtual machine-Dalvik. 10
Static analysis of AASandbox  APK scanned for special patterns eg. Runtime.Exec()  Decompression- zip file.  AndroidManifest.xml- descriptions, security permissions.  Classes.dex- complete bytecode.  Res/- layout, language etc.  Decompilation  Classes.dex-bytecode which is converted to Baksmali-human readable format, easily parsable pseudocode.  Pattern search:  Java native interface,System.getRuntime().exec(..),ser vices & IPC provision,android permission. 11
Dynamic analysis of Android applications.  App installed in android emulator.  User inputs –”Android Monkey” tool generates pseudo random streams of user events. Prepare & start Install Install APK & Obtain emulator AASandbox start monkey system call logs • Mobile device • LKM(policy) emulator • ADB • Process killed • Inserted by • 500 generated • AVD closed • AVD (android ADB(android virtual events. device)configuratio debugging bridge). n 12
Experiments as examples  Ex application- self written fork bomb it uses Runtime.Exec() to start external binary program.  App is started & analysis is done.  Static analysis –REPORTS/ForkBomb.apk/  Subdirectories like unzipped/ & disasm/  The log file output after static analysis. 13
Dynamic analysis of code  Dynmic analysis  Android emulator starts installed via adb install ForkBomb.apk  Android monkey is started via adb shell monkey –p $ACTIVITY –vv – throttle 1000 500.  Output of emulator will be logged into LOGS/ForksBomb.apk-s2.log as shown format 14
Experimental analysis  Information is now possible to create a system call histogram as shown  Analysis is done through the official android market representing the Upto 150 applictions.. top 150 popular application.  Current status, malware characteristics & behaviour known from other platform ,e.g. Symbian OS are analysed in sandbox. 15
Conclusion  Android emulator can be used to run android applications in isolated environment.  The pre-check functionality that analyses indicate usage of malicious pattern in source code.  In dynamic analysis, system calls are traced & corresponding reports are logged. 16
REFERENCES  [1] M. Becher, F. Freiling, and B. Leider. On the effort to create smartphone worms in windows mobile. In Information Assurance and Security Workshop, 2007. IAW ’07. IEEESMC, pages 199–206, 20-22 June 2007.  [2] Bundesamt f¨ur Sicherheit in der Informationstechnik. Mobile endger¨ate und mobile applikationen: Sicherheitsgef¨ahrdungen und schutzmassnahmen, 2006.  [3] W. Enck, M. Ongtang, and P. McDaniel. Understanding android security. IEEE Security and Privacy, 7(1):50–57, 2009.  [4] S. Forrest, S. Hofmeyr, and A. Somayaji. The evolution of system-call monitoring. In ACSAC ’08: Proceedings of the 2008 Annual Computer Security Applications Conference,pages 418–430. IEEE Computer Society, 2008.  [5] A. Rubini. Kernel system calls. http://www.ar.linux.it/docs/ksys/ksys.html. [Online; accessed 01-March-2010]. 17
Android sandbox

Recommandé

Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityIshan Girdhar
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
 
Security Testing Mobile Applications
Security Testing Mobile ApplicationsSecurity Testing Mobile Applications
Security Testing Mobile ApplicationsDenim Group
 
Mobile security
Mobile securityMobile security
Mobile securityNaveen Kumar
 
Mobile Malware
Mobile MalwareMobile Malware
Mobile MalwareMartin Holovský
 
Android Secure Coding
Android Secure CodingAndroid Secure Coding
Android Secure CodingJPCERT Coordination Center
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android SecurityMarakana Inc.
 
Sandboxing
SandboxingSandboxing
SandboxingLan & Wan Solutions
 

Recommandé

Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityIshan Girdhar
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
 
Security Testing Mobile Applications
Security Testing Mobile ApplicationsSecurity Testing Mobile Applications
Security Testing Mobile ApplicationsDenim Group
 
Mobile security
Mobile securityMobile security
Mobile securityNaveen Kumar
 
Mobile Malware
Mobile MalwareMobile Malware
Mobile MalwareMartin Holovský
 
Android Secure Coding
Android Secure CodingAndroid Secure Coding
Android Secure CodingJPCERT Coordination Center
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android SecurityMarakana Inc.
 
Sandboxing
SandboxingSandboxing
SandboxingLan & Wan Solutions
 
Topics in network security
Topics in network securityTopics in network security
Topics in network securityNasir Bhutta
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux SecurityRizky Ariestiyansyah
 
Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
Cyber Security # Lec 4
Cyber Security # Lec 4 Cyber Security # Lec 4
Cyber Security # Lec 4 Kabul Education University
 
Firewall
Firewall Firewall
Firewall Amuthavalli Nachiyar
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection toolsvishalgohel12195
 
Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.VodqaBLR
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )Kashyap Mandaliya
 
DVWA(Damn Vulnerabilities Web Application)
DVWA(Damn Vulnerabilities Web Application)DVWA(Damn Vulnerabilities Web Application)
DVWA(Damn Vulnerabilities Web Application)Soham Kansodaria
 
Cyber Security - Unit - 2 - Network Defense tools Firewalls and Packet Filters
Cyber Security - Unit - 2 - Network Defense tools Firewalls and Packet FiltersCyber Security - Unit - 2 - Network Defense tools Firewalls and Packet Filters
Cyber Security - Unit - 2 - Network Defense tools Firewalls and Packet FiltersGyanmanjari Institute Of Technology
 
Android security
Android securityAndroid security
Android securityMidhun P Gopi
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device SecurityQuick Heal Technologies Ltd.
 
Web Hacking
Web HackingWeb Hacking
Web HackingInformation Technology
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
Secure Computer Forensics and its tools
Secure Computer Forensics and its toolsSecure Computer Forensics and its tools
Secure Computer Forensics and its toolsKathirvel Ayyaswamy
 
Cybersecurity - Mobile Application Security
Cybersecurity - Mobile Application SecurityCybersecurity - Mobile Application Security
Cybersecurity - Mobile Application SecurityEryk Budi Pratama
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
Mobile Hacking
Mobile HackingMobile Hacking
Mobile HackingNovizul Evendi
 
Android pentesting the hackers-meetup
Android pentesting the hackers-meetupAndroid pentesting the hackers-meetup
Android pentesting the hackers-meetupkunwaratul hax0r
 
Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionTandhy Simanjuntak
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 

Contenu connexe

Tendances

Topics in network security
Topics in network securityTopics in network security
Topics in network securityNasir Bhutta
 
Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection toolsvishalgohel12195
 
Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.VodqaBLR
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )Kashyap Mandaliya
 
DVWA(Damn Vulnerabilities Web Application)
DVWA(Damn Vulnerabilities Web Application)DVWA(Damn Vulnerabilities Web Application)
DVWA(Damn Vulnerabilities Web Application)Soham Kansodaria
 
Cyber Security - Unit - 2 - Network Defense tools Firewalls and Packet Filters
Cyber Security - Unit - 2 - Network Defense tools Firewalls and Packet FiltersCyber Security - Unit - 2 - Network Defense tools Firewalls and Packet Filters
Cyber Security - Unit - 2 - Network Defense tools Firewalls and Packet FiltersGyanmanjari Institute Of Technology
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
Secure Computer Forensics and its tools
Secure Computer Forensics and its toolsSecure Computer Forensics and its tools
Secure Computer Forensics and its toolsKathirvel Ayyaswamy
 
Cybersecurity - Mobile Application Security
Cybersecurity - Mobile Application SecurityCybersecurity - Mobile Application Security
Cybersecurity - Mobile Application SecurityEryk Budi Pratama
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
Android pentesting the hackers-meetup
Android pentesting the hackers-meetupAndroid pentesting the hackers-meetup
Android pentesting the hackers-meetupkunwaratul hax0r
 

Tendances (20)

Topics in network security
Topics in network securityTopics in network security
Topics in network security
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux Security
 
Android Security
Android SecurityAndroid Security
Android Security
 
Cyber Security # Lec 4
Cyber Security # Lec 4 Cyber Security # Lec 4
Cyber Security # Lec 4
 
Firewall
Firewall Firewall
Firewall
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection tools
 
Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
 
DVWA(Damn Vulnerabilities Web Application)
DVWA(Damn Vulnerabilities Web Application)DVWA(Damn Vulnerabilities Web Application)
DVWA(Damn Vulnerabilities Web Application)
 
Cyber Security - Unit - 2 - Network Defense tools Firewalls and Packet Filters
Cyber Security - Unit - 2 - Network Defense tools Firewalls and Packet FiltersCyber Security - Unit - 2 - Network Defense tools Firewalls and Packet Filters
Cyber Security - Unit - 2 - Network Defense tools Firewalls and Packet Filters
 
Android security
Android securityAndroid security
Android security
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device Security
 
Web Hacking
Web HackingWeb Hacking
Web Hacking
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
 
Secure Computer Forensics and its tools
Secure Computer Forensics and its toolsSecure Computer Forensics and its tools
Secure Computer Forensics and its tools
 
Cybersecurity - Mobile Application Security
Cybersecurity - Mobile Application SecurityCybersecurity - Mobile Application Security
Cybersecurity - Mobile Application Security
 
Web application security
Web application securityWeb application security
Web application security
 
Mobile Hacking
Mobile HackingMobile Hacking
Mobile Hacking
 
Android pentesting the hackers-meetup
Android pentesting the hackers-meetupAndroid pentesting the hackers-meetup
Android pentesting the hackers-meetup
 

En vedette

Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionTandhy Simanjuntak
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on androidRavishankar Kumar
 
Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Jen Andre
 
Android secure offline storage - CC Mobile
Android secure offline storage - CC MobileAndroid secure offline storage - CC Mobile
Android secure offline storage - CC MobileJWORKS powered by Ordina
 
Security threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsSecurity threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsHariharan Ganesan
 
Android security
Android securityAndroid security
Android securityMobile Rtpl
 
Testing Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionTesting Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionJose Manuel Ortega Candel
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and SecurityKelwin Yang
 
White Paper - Android Security
White Paper - Android SecurityWhite Paper - Android Security
White Paper - Android Securityryanfarmer
 
Breaking Through: Gaining Access to Legacy I/O Devices with Android
Breaking Through: Gaining Access to Legacy I/O Devices with AndroidBreaking Through: Gaining Access to Legacy I/O Devices with Android
Breaking Through: Gaining Access to Legacy I/O Devices with AndroidVIA Embedded
 
Security Application for Smart Phones and other Mobile Devices
Security Application for Smart Phones and other Mobile DevicesSecurity Application for Smart Phones and other Mobile Devices
Security Application for Smart Phones and other Mobile DevicesŃirjhor Ánjum
 
Finding Triggered Malice in Android Apps
Finding Triggered Malice in Android AppsFinding Triggered Malice in Android Apps
Finding Triggered Malice in Android AppsPriyanka Aash
 
[15.10.07] 슈퍼컴퓨터를 이용한 안드로이드 어플리케이션의 정적 분석
[15.10.07] 슈퍼컴퓨터를 이용한 안드로이드 어플리케이션의 정적 분석[15.10.07] 슈퍼컴퓨터를 이용한 안드로이드 어플리케이션의 정적 분석
[15.10.07] 슈퍼컴퓨터를 이용한 안드로이드 어플리케이션의 정적 분석Hyeonmin Park
 
Hooking101 - Deeper on iOS Island
Hooking101 - Deeper on iOS IslandHooking101 - Deeper on iOS Island
Hooking101 - Deeper on iOS IslandAckcent
 
OWF12/PAUG Conf Days Android system development, maxime ripard, free electrons
OWF12/PAUG Conf Days Android system development, maxime ripard, free electronsOWF12/PAUG Conf Days Android system development, maxime ripard, free electrons
OWF12/PAUG Conf Days Android system development, maxime ripard, free electronsParis Open Source Summit
 
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi ChapterAndroid "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi ChapterAbhinav Mishra
 

En vedette (20)

Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solution
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on android
 
Android Security
Android SecurityAndroid Security
Android Security
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'
 
Android secure offline storage - CC Mobile
Android secure offline storage - CC MobileAndroid secure offline storage - CC Mobile
Android secure offline storage - CC Mobile
 
Android ppt
Android ppt Android ppt
Android ppt
 
Security threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsSecurity threats in Android OS + App Permissions
Security threats in Android OS + App Permissions
 
Android security
Android securityAndroid security
Android security
 
Testing Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionTesting Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam edition
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and Security
 
White Paper - Android Security
White Paper - Android SecurityWhite Paper - Android Security
White Paper - Android Security
 
Breaking Through: Gaining Access to Legacy I/O Devices with Android
Breaking Through: Gaining Access to Legacy I/O Devices with AndroidBreaking Through: Gaining Access to Legacy I/O Devices with Android
Breaking Through: Gaining Access to Legacy I/O Devices with Android
 
Security Application for Smart Phones and other Mobile Devices
Security Application for Smart Phones and other Mobile DevicesSecurity Application for Smart Phones and other Mobile Devices
Security Application for Smart Phones and other Mobile Devices
 
Finding Triggered Malice in Android Apps
Finding Triggered Malice in Android AppsFinding Triggered Malice in Android Apps
Finding Triggered Malice in Android Apps
 
[15.10.07] 슈퍼컴퓨터를 이용한 안드로이드 어플리케이션의 정적 분석
[15.10.07] 슈퍼컴퓨터를 이용한 안드로이드 어플리케이션의 정적 분석[15.10.07] 슈퍼컴퓨터를 이용한 안드로이드 어플리케이션의 정적 분석
[15.10.07] 슈퍼컴퓨터를 이용한 안드로이드 어플리케이션의 정적 분석
 
Hooking101 - Deeper on iOS Island
Hooking101 - Deeper on iOS IslandHooking101 - Deeper on iOS Island
Hooking101 - Deeper on iOS Island
 
OWF12/PAUG Conf Days Android system development, maxime ripard, free electrons
OWF12/PAUG Conf Days Android system development, maxime ripard, free electronsOWF12/PAUG Conf Days Android system development, maxime ripard, free electrons
OWF12/PAUG Conf Days Android system development, maxime ripard, free electrons
 
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi ChapterAndroid "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
 
Mobile Apps Security Testing -3
Mobile Apps Security Testing -3Mobile Apps Security Testing -3
Mobile Apps Security Testing -3
 

Similaire à Android sandbox

Mobile application security
Mobile application securityMobile application security
Mobile application securityShubhneet Goel
 
Reading Group Presentation: Why Eve and Mallory Love Android
Reading Group Presentation: Why Eve and Mallory Love AndroidReading Group Presentation: Why Eve and Mallory Love Android
Reading Group Presentation: Why Eve and Mallory Love AndroidMichael Rushanan
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Dasnullowaspmumbai
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentestingMinali Arora
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2Mohammed Adam
 
Getting started with android
Getting started with androidGetting started with android
Getting started with androidVandana Verma
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applicationsjasonhaddix
 
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingNull Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingRomansh Yadav
 
Inspection of Windows Phone applications
Inspection of Windows Phone applicationsInspection of Windows Phone applications
Inspection of Windows Phone applicationsAndrey Chasovskikh
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Stephan Chenette
 
Hacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraHacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraOWASP Delhi
 
Q4.11: Porting Android to new Platforms
Q4.11: Porting Android to new PlatformsQ4.11: Porting Android to new Platforms
Q4.11: Porting Android to new PlatformsLinaro
 
Advanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to androidAdvanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to androidCysinfo Cyber Security Community
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012 hakersinfo
 
Outsmarting smartphones
Outsmarting smartphonesOutsmarting smartphones
Outsmarting smartphonesSensePost
 
Android vs ios System Architecture in OS perspective
Android vs ios System Architecture in OS perspectiveAndroid vs ios System Architecture in OS perspective
Android vs ios System Architecture in OS perspectiveRaj Pratim Bhattacharya
 
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Ajin Abraham
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Androidsecurityxploded
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaYogesh Ojha
 

Similaire à Android sandbox (20)

Mobile application security
Mobile application securityMobile application security
Mobile application security
 
Andriod Pentesting and Malware Analysis
Andriod Pentesting and Malware AnalysisAndriod Pentesting and Malware Analysis
Andriod Pentesting and Malware Analysis
 
Reading Group Presentation: Why Eve and Mallory Love Android
Reading Group Presentation: Why Eve and Mallory Love AndroidReading Group Presentation: Why Eve and Mallory Love Android
Reading Group Presentation: Why Eve and Mallory Love Android
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentesting
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2
 
Getting started with android
Getting started with androidGetting started with android
Getting started with android
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applications
 
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingNull Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
 
Inspection of Windows Phone applications
Inspection of Windows Phone applicationsInspection of Windows Phone applications
Inspection of Windows Phone applications
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013
 
Hacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraHacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh Mishra
 
Q4.11: Porting Android to new Platforms
Q4.11: Porting Android to new PlatformsQ4.11: Porting Android to new Platforms
Q4.11: Porting Android to new Platforms
 
Advanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to androidAdvanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to android
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012
 
Outsmarting smartphones
Outsmarting smartphonesOutsmarting smartphones
Outsmarting smartphones
 
Android vs ios System Architecture in OS perspective
Android vs ios System Architecture in OS perspectiveAndroid vs ios System Architecture in OS perspective
Android vs ios System Architecture in OS perspective
 
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Android
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
 

Plus de Anusha Chavan

Leadership & Management the chanakya way
Leadership & Management the chanakya wayLeadership & Management the chanakya way
Leadership & Management the chanakya wayAnusha Chavan
 
CORPORATE LEADERSHIP Roles & Responsibilities.
CORPORATE LEADERSHIP Roles & Responsibilities.CORPORATE LEADERSHIP Roles & Responsibilities.
CORPORATE LEADERSHIP Roles & Responsibilities.Anusha Chavan
 
MARKETING (Thorns to competition)
MARKETING (Thorns to competition)MARKETING (Thorns to competition)
MARKETING (Thorns to competition)Anusha Chavan
 
Swot analysis of INDIAN ECONOMY
Swot analysis of INDIAN ECONOMYSwot analysis of INDIAN ECONOMY
Swot analysis of INDIAN ECONOMYAnusha Chavan
 
Power and politics- ANUSHA TUKE
Power and politics- ANUSHA TUKEPower and politics- ANUSHA TUKE
Power and politics- ANUSHA TUKEAnusha Chavan
 
Ensuring data security in cloud computing. - Anusha Tuke
Ensuring data security in cloud computing. - Anusha TukeEnsuring data security in cloud computing. - Anusha Tuke
Ensuring data security in cloud computing. - Anusha TukeAnusha Chavan
 

Plus de Anusha Chavan (7)

Leadership & Management the chanakya way
Leadership & Management the chanakya wayLeadership & Management the chanakya way
Leadership & Management the chanakya way
 
CORPORATE LEADERSHIP Roles & Responsibilities.
CORPORATE LEADERSHIP Roles & Responsibilities.CORPORATE LEADERSHIP Roles & Responsibilities.
CORPORATE LEADERSHIP Roles & Responsibilities.
 
MARKETING (Thorns to competition)
MARKETING (Thorns to competition)MARKETING (Thorns to competition)
MARKETING (Thorns to competition)
 
Swot analysis of INDIAN ECONOMY
Swot analysis of INDIAN ECONOMYSwot analysis of INDIAN ECONOMY
Swot analysis of INDIAN ECONOMY
 
Power and politics- ANUSHA TUKE
Power and politics- ANUSHA TUKEPower and politics- ANUSHA TUKE
Power and politics- ANUSHA TUKE
 
Ensuring data security in cloud computing. - Anusha Tuke
Ensuring data security in cloud computing. - Anusha TukeEnsuring data security in cloud computing. - Anusha Tuke
Ensuring data security in cloud computing. - Anusha Tuke
 
CSAL
CSAL CSAL
CSAL
 

Dernier

Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Dernier (20)

Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Android sandbox

  • 2. Contents  Introduction  Android  Sandbox  Static software analysis vs. sandboxing  Android application sandbox  System call diagrams  Static &dynamic analysis of AASandbox.  Experiments  Conclusion  References. 2
  • 3. Introduction • Emerging trend : Smart phones - computational power , sensors & communication • Threat :Malware attacks • Anti virus: block virus, worms & Trojan horses. • Behavioural detection: signatures. • Generate signatures: Analysis of significant & meaningful patterns • Sandbox: execution of suspicious binaries in an isolated environment. E.g CWSandbox . 3
  • 4. ANDROID  An operating system for mobile device  Based on the Linux kernel  Developed by Google and later the Open Handset Alliance (OHA).  Allows writing managed code in the Java language 4
  • 5. What is Sandbox?  a sandbox is a "sealed" container, which allows un- trusted programs to have executed within the sandbox. 5
  • 6. Static Software Analysis vs. Sandboxing Static analysis Sandboxing  Forensic techniques:  Applications are run in an isolated  decompilation,decryption,patter environment(sandbox). n matching.  Policy to stop system to prevent  Filtering binaries by malicious potential damage. patterns, called signatures.  Monitoring & recording system.  Fast & relatively simple.  User space sandbox.  Code pattern has to be known in  Kernal space sandbox. advance. 6
  • 7. Android Application Sandbox for suspicious software detection  Located in kernal space since access to critical part of OS is realized.  System call hijacking  Monitor system & library calls.  Android uses a modified Linux basis to host a Java-based middleware running the user applications.  Calls are monitored on lowest level possible. 7
  • 8. Read() system call from user space. 8
  • 10. Features  Loadable kernal module(LKM) is placed in Android emulator environment.  LKM intended to hijack all available system calls.  Two step analysis of android applications  Kernal space sandbox.  Fast static pre-check  Aasandbox takes android application archive which is packaged in *.apk file as input.  Java virtual machine-Dalvik. 10
  • 11. Static analysis of AASandbox  APK scanned for special patterns eg. Runtime.Exec()  Decompression- zip file.  AndroidManifest.xml- descriptions, security permissions.  Classes.dex- complete bytecode.  Res/- layout, language etc.  Decompilation  Classes.dex-bytecode which is converted to Baksmali-human readable format, easily parsable pseudocode.  Pattern search:  Java native interface,System.getRuntime().exec(..),ser vices & IPC provision,android permission. 11
  • 12. Dynamic analysis of Android applications.  App installed in android emulator.  User inputs –”Android Monkey” tool generates pseudo random streams of user events. Prepare & start Install Install APK & Obtain emulator AASandbox start monkey system call logs • Mobile device • LKM(policy) emulator • ADB • Process killed • Inserted by • 500 generated • AVD closed • AVD (android ADB(android virtual events. device)configuratio debugging bridge). n 12
  • 13. Experiments as examples  Ex application- self written fork bomb it uses Runtime.Exec() to start external binary program.  App is started & analysis is done.  Static analysis –REPORTS/ForkBomb.apk/  Subdirectories like unzipped/ & disasm/  The log file output after static analysis. 13
  • 14. Dynamic analysis of code  Dynmic analysis  Android emulator starts installed via adb install ForkBomb.apk  Android monkey is started via adb shell monkey –p $ACTIVITY –vv – throttle 1000 500.  Output of emulator will be logged into LOGS/ForksBomb.apk-s2.log as shown format 14
  • 15. Experimental analysis  Information is now possible to create a system call histogram as shown  Analysis is done through the official android market representing the Upto 150 applictions.. top 150 popular application.  Current status, malware characteristics & behaviour known from other platform ,e.g. Symbian OS are analysed in sandbox. 15
  • 16. Conclusion  Android emulator can be used to run android applications in isolated environment.  The pre-check functionality that analyses indicate usage of malicious pattern in source code.  In dynamic analysis, system calls are traced & corresponding reports are logged. 16
  • 17. REFERENCES  [1] M. Becher, F. Freiling, and B. Leider. On the effort to create smartphone worms in windows mobile. In Information Assurance and Security Workshop, 2007. IAW ’07. IEEESMC, pages 199–206, 20-22 June 2007.  [2] Bundesamt f¨ur Sicherheit in der Informationstechnik. Mobile endger¨ate und mobile applikationen: Sicherheitsgef¨ahrdungen und schutzmassnahmen, 2006.  [3] W. Enck, M. Ongtang, and P. McDaniel. Understanding android security. IEEE Security and Privacy, 7(1):50–57, 2009.  [4] S. Forrest, S. Hofmeyr, and A. Somayaji. The evolution of system-call monitoring. In ACSAC ’08: Proceedings of the 2008 Annual Computer Security Applications Conference,pages 418–430. IEEE Computer Society, 2008.  [5] A. Rubini. Kernel system calls. http://www.ar.linux.it/docs/ksys/ksys.html. [Online; accessed 01-March-2010]. 17